Alienor, Author at Plixer

10 Bad Password Habits and Why We Do Them Anyway

10.28.16 - Alienor

Bad password habits are far more common than we’d like to admit. Last year, for instance, I bought a used electronic device. But to my dismay, the seller had not taken her 4-digit pass code off one of the crucial functions. Likely, she had originally put up the pass code because she was storing payment information on the device. I tried to contact the seller, but heard nothing. So, I sat down and steeled myself to try every one of the 10,000 possible combinations until I found the one that unlocked that function. But to my surprise (and delight), I got in on my first try.

What was the pass code?

1-2-3-4.

Security Operations

DNS Poisoning and How to Fix It

09.30.16 - Alienor

To understand DNS poisoning, think of a road trip gone wrong.

I don’t know about you, but I refuse to pay $90 to update my GPS map, even though this gets me into sticky situations sometimes. Once, I was trying to get to Portsmouth, for example, and the GPS told me to take a certain exit. But what the GPS didn’t realize, due to its outdated information, was that the exit was wrong. I ended up infuriated, driving much farther than Portsmouth.

Something similar can actually happen on your network. You’re trying to access a certain website, but your ISP’s DNS cache sends you somewhere else entirely—even to a malicious site.

BYOD

Detecting a Jailbroken iPhone with Wireless Monitoring

08.30.16 - Alienor

This month, Citizen Lab uncovered some incredibly sophisticated malware that takes advantage of three previously unknown vulnerabilities, now known as Trident, in Apple iOS. The malware, which is worth as much as one million dollars, essentially jailbreaks the affected iPhone and allows the culprits to steal all of the user’s information. It intercepts every call and text message, captures emails, contacts, data from Facebook, Skype, WhatsApp—everything you would use for communicating. The malware is activated by simply clicking on a link that the hackers send you. Now, when people carrying infected iPhones bring them to work and connect to the corporate network, it becomes clear that we need a way of detecting a jailbroken iPhone.

Security Operations

How to Recognize a Voice Phishing Attempt

07.28.16 - Alienor

Not all phishing attempts come in through your email. Has someone ever called you to offer you a free vacation, or to ask you to participate in a survey, and then asked you for sensitive information? They were attempting voice phishing, sometimes called “vishing.”

General

How Fast Do PoS Attacks Happen?

06.03.16 - Alienor

Earlier this week, one of our customer service managers shared a video that captures three men placing a card skimmer on a store machine. All they had to do was distract the cashier for a few seconds–bam, PoS attacks. The machine looks exactly the same even when the skimmer is placed on top, so it is unlikely for anybody to notice the change just by looking at it.

General

Does the FBI iPhone Hack Fall Under Ethical Hacking?

04.29.16 - Alienor

The Federal Bureau of Investigation recently cracked a locked iPhone in order to procure evidence against one of the San Bernardino shooters. Now, the FBI is refusing to inform Apple how it accomplished this. In this post, I’d like to discuss the implications of the tension between the FBI and Apple, as well as whether the FBI iPhone hack falls under ethical hacking.

General

Why Is My Computer Connecting to Akamai Technologies?

03.29.16 - Alienor

Once in a while, I perform a cleanup of my personal computer that involves removing unnecessary and unwanted applications. It’s a huge headache, because I have to read dozens of names I don’t recognize and somehow distinguish between the crucial processes and the ones I can throw out. I’ve seen many people going through a similar confusion because they find out that their computer is constantly connecting to Akamai Technologies—a name not everyone is familiar with.

Configuration

VMware DFW IPFIX Support

02.23.16 - Alienor

The VMware DFW (Distributed Firewall) is part of the NSX feature set and provides a way to manage which connections are permitted or denied within a VMware Software-Defined Data Center (SDDC). The DFW is capable of even more, however, when configured to export IPFIX to a flow collector, like Scrutinizer, for analysis.

Big Data

Big Data and NetFlow

01.28.16 - Alienor

Big data is popping up in all things IT these days. It impacts a good percentage of business applications across all verticals from government to healthcare to media, and no surprise, it can have a significant impact on network performance as well. More and more companies are collecting huge volumes of data—terabytes or even petabytes—from their network every day, and these volumes are expected to continue to increase. IT teams need to figure out not only how to store big data, but how to recall and analyze it so that it can be put to good use. Read more

General

VTech Breach, Hacking Barbies, and Internet of Things Security

12.15.15 - Alienor

Late last month on Black Friday, Hong Kong-based toymaker VTech suffered a data breach. Sure, we can just dump it into the ever-expanding list of hacked retailers–except this time, the hacker was able to obtain data of over 200,000 children.