SEcurity Content COmmunity
SEcurity Content COmmunity (SECCO), a place to share and comment on: IT security – related topics.
SECCO is the interactive section of the CIA³ site (pronounced: CIA cubed). CIA³ is a more modern version of the more classical security concepts known as the CIA triad. CIA³ does however cover: Confidentiality, Integrity, Availability, Accountability, and Assurance.
Recently my Twitter account was hacked. That teaches me to use simple passwords. This account was quite old and unused for a while. When i started to use it again it got a bit more visibility and was take over. I got it recovered quite quickly, but cleaning-up takes a while. Just a few minor …
Continue reading “Two factor authentication & how to check unusual twitter activity?”
Simple chart with classification of different InfoSec threats. Misdirection: Spoofing, Pharming, XSS, poisoning (arp,dns) Social trust: Phishing, Social engineering, Social network attacks, Vulnerability: SQl inject, code injection, path traversal, buffer overflow, Snooping: Replay attacks, Sniffing, Keylogging, Session Hijacking, TEMPEST Password attacks: Dictionary, Brute force, Rainbow(hash) tables, Shoulder surfing Escalation: Authentication Bypass, Pivoting, Heuristic commits Malware: …
During the validation of control activities you should attempt to make security easier on users and more difficult for attackers. Activities to verify may include (not limited to): Prevention (2FA, least privilege, reduce deniability, …) Delay (strong encryption, layering, …) Detect (monitor, detect change, audit, automate, …) Compliance (implementation of corporate policy and standards, including configuration …