Lance James Great in Theory In November of 1979, Adi Shamir published the paper “How to Share a Secret” where he came up with a mathematical method for dividing data (D) into n pieces in such a way that that D is easily reconstructed from any k pieces, and yet even complete knowledge of k-1 […]
Read More How to Share a Secret… SecretlyMark Rasch Early in the morning of July 31, 2020, Hillsborough County, Florida law enforcement officials arrested 17 year old Graham Clark as being at least one of the participants in the massive scheme to “hack” the identities of certain celebrity users of the Twitter social media platform. The arrest, and leveling of 30 felony […]
Read More Three Arrests Made In Massive Twitter Scheme Hack: Investigative InsightsThe recent hack of Twitter demonstrates how the hacking community targets high-profile users on high-profile networks not only for fraud, but also for attacks on their privacy and attacks aimed at “piggybacking” off their identity and celebrity. While the identity of the hackers is still under active investigation, there are a few things we know (and more that we suspect) about how and why the hack occurred. And part of the problem is COVID-19…
Read More How the Coronavirus Enabled the Twitter Hack (*and others too)By Lance James The last few weeks, I’ve been spending my days helping victims recover from ransomware attacks. When doing this, restoration is the number one priority, and the motto becomes “as fast as you can“. There have been some challenges along the way, and some “shocking” reveals when working with criminal software when expecting […]
Read More When Ransomware Decryptors Don’t WorkCats on Keyboards – 221B-01 Unit 221B is a remote business, and working from home is commonplace. Of course, a WFH environment changes the security paradigm, and one has to be vigilant against cats walking all over the keyboard while at work. The following are common use cases where this security advisory would apply: user […]
Read More WFH Security AdvisoryIn a panic, it’s easy to just want to pay and get it over, but there are more consequences than you may think. Paying the ransom should always be the last option.
Read More Should I Pay or Should I No? How To Respond to RansomwareBy Allison Nixon Fraudsters who operate shops in criminal marketplaces are constantly massaging their marketing pitches to assure prospective customers (and lurking law enforcement) that their service is legal. It’s become clear recently that some infosec professionals can’t seem to identify these services as bad, so these marketing efforts may have succeeded for one audience. […]
Read More Black Market White Washing: Why You Shouldn’t Take Legal Advice From CriminalsBy Mark D. Rasch and Allison Nixon In the Simpsons episode, “Bart vs. Lisa vs. the Third Grade,” the siblings are both abandoned while on a school trip despite the fact that Mrs. Crabapple, the teacher, had deployed a mechanism to ensure that all people on the bus were accounted for. As she explains, “Ah, […]
Read More Zero Factor AuthenticationBy Mark Rasch For more than 40 years, information security professionals have argued for stronger authentication (and access control) protocols. For most, this has meant some form of multi-factor authentication (MFA). Some combination of something you ARE (biometric), something you HAVE (token or device) and something you KNOW (password, passphrase, PIN). Certainly, a combination of […]
Read More AI Biometric SpoofingThere is no excerpt because this is a protected post.
Read More Protected: 0XDEAD ZEPPELIN