Power and Entertainment: What Motivates a Young Hacker?

When the hacking group Lulz Security, more commonly known as LulzSec, hacked the website of PBS Newshour earlier this year, people took notice. But with seemingly no monetary gain, many wondered what their motivation could possibly be. So when LulzSec revealed that they were in it for the laughs (or lulz, in computer slang) people began to really scratch their heads. Though taking down the websites of multimillion dollar … Read More »

---

The Simplicity of a Phishing Scam

While I’ve written many blog entries on Phishing (perhaps enough already) – I ran across an email phishing scam so simple and elegant I just couldn’t help but share. In a rare confessional mood, I will admit my admiration for this particular scam stems from the fact that, when I first read the baiting email (below), I silently swore at my own stupidity for sending out the huge vacation … Read More »

---

Famous Script Kiddies

Sometimes hackers are well-educated geeks with a specific expertise and a point to prove; other times… they’re not. Script kiddies are typically young hackers who rely chiefly on pre-made exploit programs or files to conduct their hacking. Often regarded in hacker circles as people who don’t actually take the time to learn how the programs they use work, these young hackers are also sometimes known as cyberpunks. However, regardless … Read More »

---

SQL Injection 101 – A Simple Example

When it comes to your website there are a number of different areas that can be exploited. Sometimes these areas are hidden, other times the aspects of your website that are putting you at risk are in plain sight. Consider a simple search bar located anywhere on your website. A legitimate use of this search control allows a user to submit a word or a phrase that is used … Read More »

---

Office Stranger Danger – Preventing Opportunities for Social Engineering

As I discussed in my last post, social engineering is the act of enticing people to bypass computer security by performing actions or divulging confidential information. Unfortunately the largest threat to the security of our businesses typically comes from within – naïve employees who inadvertently give up important security information to sly con artists. While educating your employees about phishing and other potential social engineering scams is an important … Read More »

---

Office Stranger Danger – Avoiding Social Engineering at Work

Two great stories in Social Engineering history: 1.  In November 2010, Andy Surface sent an email to Conde Nast (the company the publishes Vogue and the New Yorker) requesting $8 million dollars — from a fake company whose name sounded like the media giant’s printing company. Conde Nast paid the invoice. 2.  In a recent information security survey, 90% of office workers gave researchers what they claimed was their … Read More »

---

Famous Hackers: Shimomura v. Mitnick

Hacking group LulzSec, made headlines last month when it hacked a number of high-profile websites including, PBS’ NewsHour, Sony and Nintendo. LulzSec didn’t just hack— they were also quite public about their escapades, calling out well-known and self-proclaimed “hacktivist” group Anonymous. While LulzSec’s jabs at Anonymous might seem uncharacteristic of a group with such sophisticated skills, these two groups aren’t the first hackers to have a disagreement. Kevin Mitnick … Read More »

---

When Network Security Is Not Enough

I assume there are a few technology arenas more confusing that security (though, probably not many). Even when I have lunch with my small business counterparts and we talk security, I find a lot of misconceptions about what web security is all about. Most people will focus on perimeter security and think that they have it all covered. Many people view the hardware side of their data center as … Read More »