security Archives - Page 2 of 60 - The Silicon Underground

Home » security

What is DDoSing or a DDoS attack?

Dave Farquhar security May 28, 2020May 27, 2020 0 Comment

What is DDoSing? A DDoS attack something every system administrator and security professional needs to be concerned about. You can expect to see this concept on certification tests and get questions about it in job interviews. So let’s look at the concept of DDoS, and why I think this is going to get worse before it gets better.

DDoS stands for Distributed Denial of Service. A DDoS attack is just the process of overwhelming a computer system with more traffic than it can handle, so that it can’t serve its intended purpose.

Pretty print JSON in Python

Dave Farquhar security May 4, 2020May 1, 2020 0 Comment

I do a lot of work pulling data from systems via API, then doing things with parts of that data, whether it means feeding it to another system or creating a report. Some of these data structures are huge and unwieldy. Here’s how to pretty print JSON in Python so you can make sense of those data structures and get on with your code–without using an online pretty print website and potentially exposing sensitive data.

While json.loads is the key to getting your JSON data into a Python data structure, there’s a corresponding json.dumps to print it back out. It doesn’t sound like it would pretty print, but that’s what it does.

Qualys false positives

Dave Farquhar security April 16, 2020May 2, 2020 0 Comment

I’m not sure any three words strike more fear into the hearts and minds of security analysts than the words “Qualys false positives.” Some number of false positives is unavoidable. But the perceived number of false positives is usually an order of magnitude larger than the real number of false positives. Here’s how to estimate how many you should have, how to investigate them, and break the gridlock.

Is Windows 7 safe to use?

Dave Farquhar security, Windows April 14, 2020April 11, 2020 0 Comment

Is Windows 7 safe to use? No. Next question? Alright, I guess I need to explain why, without being so dismissive.

Support for Windows 7 ended in January 2020, which means there have been no new security updates for Windows since. That means Windows 7 isn’t safe to use, even with a firewall and antivirus.

Kevin Mitnick security awareness training – can you trust him?

Dave Farquhar security April 9, 2020April 7, 2020 0 Comment

A former classmate told me his employer is making him take Kevin Mitnick’s security awareness training course. “Is he really the world’s most famous hacker?” he asked me. “And if he is, why should I trust a word he says?”

Those are excellent questions. I happen to have reviewed all of Kevin Mitnick’s various courses for a previous employer, so I’m familiar with them. And I had to take Kevin Mitnick Security Awareness Training this year myself. I don’t agree with the life decisions Kevin Mitnick made that landed him in prison, of course. But overall, I had only very minor objections to his training. Here’s why.

What is a phreaker in hacking or IT terms?

Dave Farquhar Retro Computing, security March 10, 2020March 7, 2020 0 Comment

What is a phreaker in hacking or IT terms? Phreaking is largely obsolete and doesn’t happen much anymore, but it’s an important historical concept in computer security. While phreaking wasn’t the first form of hacking, it’s probably the first example of hacking in a modern sense.

Phreaking was hacking the phone system, usually to make long distance calls for free. Some people phreaked for the thrill of it, but many of them did it because they made more long distance calls than they could afford. Two famous phreakers from the 1970s were Steve Jobs and Steve Wozniak, the co-founders of Apple.

What is infosec?

Dave Farquhar security February 12, 2020February 9, 2020 0 Comment

When I first started interviewing for security jobs, I remember some of the jargon confusing me. “Infosec” was one of those terms. Getting that first job is hard enough without getting your resume binned over not knowing the word infosec. So what is infosec, what does it stand for, and how do you talk intelligently about it?

Is the Honey Chrome extension safe?

Dave Farquhar security January 16, 2020January 13, 2020 0 Comment

Amazon took some people aback when they said Honey, a company recently bought by Paypal, was a security risk. That raised some questions. Is the Honey Chrome extension safe? Is Honey a security issue? Let’s dig into it.

While it may be difficult or impossible to pinpoint any specific security issue in Honey, that doesn’t necessarily give it the green light. Regardless of how secure it may be, Honey definitely has privacy concerns, and that’s why security experts have concern about it.

Why we have a cybersecurity talent shortage

Dave Farquhar security November 18, 2019October 23, 2019 0 Comment

We have a cybersecurity talent shortage. You know it, and I know it. But part of the problem is self-inflicted. We don’t know how to interview.

A common complaint about security professionals is that we’re all smug know-it-alls. We have that reputation because that’s precisely the kind of person our interview process is designed to find. We won’t solve the cybersecurity talent shortage and our people skills problem until we get beyond looking for people who can pass CISSP in a suit.

What is fuzzing?

Dave Farquhar security November 14, 2019October 20, 2019 0 Comment

What is fuzzing? Fuzz testing, or fuzzing, is a concept in computer security. Like the name suggests, it’s the practice of sending messed-up data to a system to see how it behaves. A good computer system should handle fuzzing gracefully. As you might guess, not all do.

When a computer receives data it doesn’t expect, it may malfunction in unpredictable ways. Fuzzing attempts to find those malfunctions.