2008 is quickly evaporating and 2009 is on the horizon. The first few days of the new year always feel fresh, like a newly washed blackboard, ready for new thoughts and ideas. This is an excellent time to plan how you want to secure your organization’s most precious and sensitive data. Here are a few [...]
I have been playing with various plugins lately for HoneyPoint. In this case, I wanted to show the output of two plugins I am playing with currently. The first one is the TweetCLI plugin that I have written about before. In this example, I am going to show an event that has come in and [...]
Previously, I wrote about the supposed lack of SSL/HTTPS support in the Twitter API. However, thanks to Tony for pointing me in the right direction. I DID find support for HTTPS in the API and I have since updated my own tool (released by me as freeware and not associated with MSI) to use it. [...]
Now is the time when many folks open their hearts and their wallets to help others. At MSI, I am proud to say that we do this all year. This year alone we have worked on gathering and donating old cell phones for the Central Ohio Choices program, made donations to the One Laptop Per [...]
Just a little Holiday reminder. As we get nearer to popular Holiday’s we normally see an increase in malware attacks. Remember not to open any “e-cards” or other assorted potentially malicious email from random addresses, and closely examine any that appear to come from a trusted source, such as a co-worker.
For those of you interested in security, black listing or HoneyPoint stuff, check this out. I used the TweetCLI tool I blogged about earlier to write a HoneyPoint Security Server plugin. The plugin fires for each event and tweets the attacker IP and source port that the deployed HoneyPoints covered by this console saw. There [...]
In the US several “secondary financial services” exist. They range from check cashing/money transfer to short-term lenders and various other financial services. Many of these organizations also offer additional services like payroll check loans, check “floats”, tax preparation and a variety of services. In many cases these organizations aim their marketing for immigrant workers, people [...]
For those of you who have embraced the web movement that has become known as Twitter, be aware that the widely used Twitter API employs only web-based Basic Authentication. The credentials (login and password) are sent to the web API with only a simple HTTP POST and are unencrypted. I could not locate a means [...]
Over the last several months we have worked a ton of incidents where compromise of systems and networks was accomplished via Internet exposed terminal servers, VNC and other remote access applications. Often, these same administration-friendly tools are used in internal compromises as well. While there is certainly a value in terminal server and VNC, they [...]
We have been getting so much great feedback and positive response to our HoneyPoint products that Mary Rose, our marketing person, crafted this logo and is putting together a small campaign based on the idea. We are continuing to work on new capabilities and uses for HoneyPoint. We have several new tricks up our sleeve [...]