Welcome to Delicate template
Header
Just another WordPress site
Header

Before deciding to participate in your favorite online games, you might be interested to know what the government is potentially cooking up that would potentially allow them to monitor your online gaming activities.Read more

Jason Staggs

Jason Staggs

Jason is True's Security Analyst Intern and is currently a senior at Oklahoma State University. He is pursuing his Bachelors in Information Assurance and Forensics and will be obtaining CNSS 4011-4016 certifications upon graduation in the summer of 2012. Jason plans to pursue his graduate degree in the near future. His information security interests include penetration testing, social engineering and forensics.

More Posts

On Stuxnet Adaptation

March 21st, 2012 | Posted by Andrew Ridings in Malware | Terrorism - (0 Comments)

With the recent focus on Stuxnet due to the CBS 60 Minutes Special: Stuxnet: Computer worm opens new era of warfare and the 60 Minutes Overtime special Stuxnet copycats: Let the hacking begin, aired earlier this month, I was reminded of the extent our nation’s critical infrastructure is at risk from cyber attack.Read more

Andrew Ridings

Andrew Ridings

Andrew Ridings is a Security Analyst at True Digital Security with a passion for penetration testing and social engineering. Andrew received his Bachelors of Science in Information Assurance and Forensics at Oklahoma State University and holds CNSS 4011 certification.

More Posts

On the morning on November 7, while folks in my part of the country (Oklahoma) were still trying to come to grips with being rocked by two damage-causing earthquakes in less than 24 hours (that’s unheard of for OK), a previously unknown software bug in the BGP function of Juniper routers caused a major hiccup in the Internet. Details on what exactly the problem was are very thin, but Juniper acknowledged that “a small percentage of customers” was affected. Unfortunately, that small percentage happened to be companies that run routers in the core of the Internet (like Level 3). The outage was widespread, but short.Read more

Brett Edgar

Brett Edgar

Brett is a Founder and the former Director of Managed Security Services at TRUE. He has been working in the system and network forensics field since graduating from the University of Tulsa with a B.S. Computer Science in 2003. He speaks hexadecimal fluently and is TRUE's resident human Ethernet transceiver. He holds CISSP, CSSLP, and CNSS 4011-4015 certificates, loves MLB and NCAA Football, and when he gets tired of hexadecimal, he goes home to hang out with his wife and kid.

More Posts - Twitter

Reuters is reporting[reuters.com] that Canadian soldiers have been ordered not to post personal information to social networking sites like MySpace[myspace.com] and Facebook[facebook.com]. The apparent motive is safety – “Al Qaeda operatives are monitoring Facebook and other social networking sites.”

Many have heard of the potential effects that sharing the wrong information online can have on our careers and social lives, but few would view death as one of those potential effects.  “This may seem over dramatic … (but) the information can be used to target members for further exploitation. It also opens the door for your families and friends to become potential targets as well.”

Are these soldiers and their families really in danger or is this an exaggeration or a command with a hidden motive?

Dominic Schulte

Dominic Schulte

Dominic Schulte currently serves as the Managing Director of Security Services & Consulting at TRUE, where he is responsible for the execution of a wide range of security and regulatory compliance services. Previously, Dominic worked with the National Security Agency (NSA) as a Global Network Exploitation and Vulnerability Analyst in the National Security Incident and Response Center (NSIRC). He holds CISSP, QSA and CNSS 4011-4015 certifications.

More Posts

The new Boeing 787 Dreamliner has been widely reported as a feat of technological engineering. The plane has three separate networks on-board: an administrative network, a flight control/navigation network, and a passenger network. Everything about this plane seems cool from the Ethernet jacks in the armrest of every seat, to the completely computerized flight controls system, to the ability for the plane to automatically adjust humidity settings based on the number of passengers on-board. There’s just one problem. Reports indicate[foxnews.com] that the three networks (administrative, flight, and passenger) are not completely separated. There is at least the ability for one-way communications from one of the networks to another. But unless this is a connectionless, no guarantee of delivery, UDP-like fire-the-message-and-hope-it-arrives communications protocol, there are obviously two-way connections, even if control information was designed (in software) to be transmitted in only one direction.

So these networks are not air-gapped, the only foolproof way to prevent one network from talking to another. To make matters worse, it seems that the administrative network is accessible via Wi-Fi (for maintenance personnel), particularly while the aircraft is sitting at the gate. So a sufficiently skilled 16-year-old Johnny Q. Hacker could sit comfortably in an airport terminal with his laptop and attempt to hack into a 787′s administrative network.

I hope they are using WPA2 with AES encryption and rolling keys…

Brett Edgar

Brett Edgar

Brett is a Founder and the former Director of Managed Security Services at TRUE. He has been working in the system and network forensics field since graduating from the University of Tulsa with a B.S. Computer Science in 2003. He speaks hexadecimal fluently and is TRUE's resident human Ethernet transceiver. He holds CISSP, CSSLP, and CNSS 4011-4015 certificates, loves MLB and NCAA Football, and when he gets tired of hexadecimal, he goes home to hang out with his wife and kid.

More Posts - Twitter