We recently presented at the DeviceTalks conference in Boston Ma about the vulnerabilities that affect hospitals and medical devices (insulin pumps, pacemakers, etc.). The goal of our presentation wasn’t to instill fear but sometimes fear is a reasonable byproduct of the truth. The truth is that of all the networks that we test, hospital networks…
Detailshttps://gizmodo.com/snake-oil-salesmen-plague-the-security-industry-but-no-1822590687 Adriel Desautels was suddenly in a serious mess, and it was entirely his fault. Sitting in his college dorm room back in the mid-1990s, Desautels let his curiosity run rampant. He had a hunch that his school’s network was woefully insecure, so he took it upon himself to test it and find out. “My…
DetailsThis is a retro post about a penetration test that we delivered to a client back in 2008. During the test we leveraged personal data found on Facebook to construct and execute a surgical attack against an energy company (critical infrastructure). The attack was a big success and enabled our team to take full control…
DetailsDear Kris Kobach, We recently read an article published by Gizmodo about the security of the network that will be hosting Cross Check. In that article we noticed that you said “They didn’t succeed in hacking it.” referring to the Arkansas state network. First, to address your point, no we did not succeed in hacking…
DetailsBefore we begin, let us preface this by saying that this is not an opinion piece. This article is the product of our own experience combined with breach related data from various sources collected over the past decade. While we too like the idea of detailed vulnerability disclosure from a “feel good” perspective the reality of it is…
DetailsWithout taking proper precautions, your computer is a veritable smörgåsbord for hackers. Hackers have developed an array of techniques to infiltrate your system, extract your data, install self-serving software, and otherwise wreak havoc on your system. Every network in the world is vulnerable to hacking attempts; it’s simply a matter of which systems the hackers…
DetailsThe CIA leaks are making huge waves across the world. In a nutshell, the documents claim to reveal some of the hacking capabilities that the CIA has. Many privacy advocates believe that exposure of secrets like these is a net benefit for citizens because it provides transparency in government action. The media also likes leaks…
DetailsMost popular email programs like Microsoft Outlook, Apple Mail, Thunderbird, etc. have a convenient feature that enables them to remember the email addresses of people that have been emailed. Without this feature people would need to recall email addresses from memory or copy and paste from an address book. This same feature enables hackers to…
DetailsEarlier this morning one of our more savvy customers received an email from [email protected] The email contained a “New Message Received” notification allegedly sourced from CEO Tom Morgan. Contained in the email was a link that read, “Click here to sign in and read your messages”. Fortunately we had already provided training to this particular…
DetailsWe recently completed the delivery of a Realistic Threat PCI focused Penetration Test for a large retail company. As is always the case, we don’t share customer identifiable information, so specific details about this engagement have been altered to protect the innocent. For the sake of this article we’ll call the customer Acme Corporation. When…
Details
