The Breach Trilogy: Assume, Confirm, Discuss

by adam on April 22, 2013

We’ve been hearing for several years that we should assume breach. Many people have taken this to heart (although today’s DBIR still says it’s still months to detect those breaches). I’d like to propose (predict?) that breach as a central (…)

Read the rest of this entry »

The best part of exploit kits

by adam on April 19, 2013

Following up on my post on exploit kit statistics (no data? really folks?), I wanted to share a bit of a head-shaker for a Friday with way too much serious stuff going on. Sometimes, researchers obscure all the information, such (…)

Read the rest of this entry »

Exploit Kit Statistics

by adam on April 11, 2013

On a fairly regular basis, I come across pages like this one from SANS, which contain fascinating information taken from exploit kit control panels: There’s all sorts of interesting numbers in that picture. For example, the success rate for owning (…)

Read the rest of this entry »

Celebrating 5 Years of New School: 40% off!

by adam on April 10, 2013

Thanks to Addison Wesley, who are offering 40% off the book. Apply code NEWSCHOOL40 to get your discounted copy. (You apply the code after proceeding to checkout.)

By looking for evidence first, the Brits do it right

by Russell on April 9, 2013

As it happens, both the US Government and the UK government are leading “cyber security standards framework” initiatives right now. ┬áThe US is using a consensus process to “incorporate existing consensus-based standards to the fullest extent possible”, including “cybersecurity standards, (…)

Read the rest of this entry »

5 Years of New School

by adam on April 8, 2013

Five years ago Friday was the official publication date of The New School of Information Security. I want to take this opportunity to look back a little and look forward to the next few years. Five years ago, fear of (…)

Read the rest of this entry »

Analyzing The Army’s Accidental Test

by adam on April 3, 2013

According to Wired, “Army Practices Poor Data Hygiene on Its New Smartphones, Tablets.” And I think that’s awesome. No, really, not the ironic sort of awesome, but the awesome sort of awesome, because what the Army is doing is a (…)

Read the rest of this entry »

Hacking Humans at BlackHat

by adam on April 1, 2013

Hacking humans is an important step in today’s exploitation chains. From “2011 Recruitment plan.xls” to instant messenger URL delivery at the start of Aurora, the human in the loop is being exploited just as much as the machine. In fact, (…)

Read the rest of this entry »