Monday, March 31, 2014

Crypto Currency: One of the Problems With Digital Dollars



I was at a family gathering recently and over heard a discussion about Bitcoin and a few common misconceptions were brought up. Rather than drag a family party down into the finer points of crypto currency, I decided to address a few of them here. First let's hit the issue with our current currency.


Wednesday, March 26, 2014

IPS/IDS Brief Explanation

Another summary I did for management:

IPS (Intrusion Prevention System) and IDS (Intrustion Detection System) both use technology that watches internet traffic and looks for attacks or intrusions using signatures and does some action based on any signatures the traffic matches. An IPS has the ability to block traffic that it considers suspicious, while an IDS only has traffic mirrored to it and cannot prevent any traffic from reaching it's destination.

Tuesday, March 25, 2014

SIEM Simplified

This was originally an email I sent to a member of my company's management team to give them an introduction to the basic SIEM concepts:

SIEM is really the business of looking for anomalies in data. Let's say we track your computer's login activity for a month and you log on to your computer daily at 8 am and 12:30 pm (when you arrive for the day and when you get back from lunch). Then suddenly and without warning we see your ID active at 3 am. That's an interesting anomaly.

Wednesday, March 19, 2014

Java vs. Javascript


I've heard a couple of people confuse Java and Javascript lately on the internet, and as a part of the internet, I feel the need to do my part to set the record straight, not from a technical perspective, but hopefully in a way that's a little easier to remember. Here we go:

Java is the Watchmen, Javascript is the Avengers.

Friday, March 14, 2014

Another Day, Another DDoS Method


DDoS is in the news again with a novel new method of creating high volume attacks, this time Wordpress is the source and target of this attack using a ping back feature.

Wednesday, March 12, 2014

Dissecting a Cyber Security Warning



My wife and I were watching the 700 club show recently and they did a piece about cyber security. The article and video can be found here.

The guest on the show describes a number of cyber threats

Tuesday, March 11, 2014

Groovy: Know Thine File I/O

Groovy is the topic of the day! And specifically groovy file IO.

As a disclaimer, I'm lazy with my file IO. As lazy as I can be. Which is why I love left shift

Monday, March 10, 2014

Friday, March 7, 2014

DDoS Target: Unknown



A lot of media attention has been given to the unrest in Ukraine and Russia. With so much media focus, it's not surprising that terms like Cyber Security and Cyber Warfare will come up a lot. But there are often gaps in the information presented.

Thursday, March 6, 2014

DDoS Before Politics: Ukraine

Cross disciplinary discussion is always fun, right? My sister is an interpretor in Russia and follows the politics of the region much more closely than I do. She recently forwarded me this article which I found very interesting (ignore the technical mistakes in the article). I sent her a link to the Digital Attack Map and she pointed out that a number of key political events in recent history were preceded a day or two by a DDoS attack.

Now that's an interesting proposition. Let's take a closer look. For sources, I'm using the digital attack map and this article by the BBC

There were two DDoS attacks hitting Ukraine from unknown sources on December 7th.


IBM and Prism?

Since Edward Snowden did his stuff a lot of companies have revealed having worked with or cooperated with the NSA at some level. Microsoft, Google, Facebook, Yahoo, and several others are on that list. In their defense, several of these companies have started to push back and make government request for information public. But what about the companies who haven't taken that action or have chosen to say less?