Showing 14 results for: 2012 ×Global Security Report ×

Hey, I just met you, and this is crazy, but here's my hashes, so hack me maybe?

Those familiar with password cracking know that KoreLogic's rule set for John the Ripper has become the de facto standard for password cracking.However, as with anything technology related, the rules are slightly starting to show their age, specifically with rules designed to take into account years. So, I decided to take on the task of making a few modifications to the rule set, this includes updating them to take into account the current and prior year, but also reworking some of the rules to eliminate some redundancy.

Exploiting Users By Non-technical Means; or, "S*** Users Do"

Numerous technical articles emerge each day about the latest vulnerabilities, flaws, exploits, and whatnot. That's great and all (who hasn't simultaneously groaned and cheered when they find an MS08-067 exploitable machine on a pentest, 4+ years after the vulnerability was...

Five E-Commerce Security Myths (Part 1)

Compromises of e-commerce websites are increasingly common. In our 2012 Global Security Report we reported that 20% of our incident response investigations related to e-commerce sites. This was up from 9% the year before. In my part of the world...

Five E-Commerce Security Myths (Part 2)

In part 1 of this series I gave an introduction into how most merchants accept payments and how most bad guys steal this data. In this post, I'm going to delve into the misconceptions about e-commerce security that we hear...

Update from Trustwave SpiderLabs EMEA, London

It was a hectic week in London. In case you hadn't heard its was InfoSec europe week, but we were also busy with the SC Awards dinner (where PenTest Manager won the innovation award), Bsides London, 44 café, speaking at...

#TWContest: The correct data aggregation technique is...

On Tuesday we posted our fifth question of the Trustwave 2012 Global Security Report Twitter Contest. The question was… "Jeopardy Style: This data aggregation attack technique obtains data while it is being processed or access by a system or application....

#TWContest: The top "origin" of attack is...

On Monday we posted our fourth question of the Trustwave 2012 Global Security Report Twitter Contest. The question was… "What was the top "origin" of attack as seen through Trustwave SpiderLabs investigations in 2011?" The answer is... "Unknown" or "Unknown...

#TWContest: The 7th most popular password is...

On Friday we posted our third question of the Trustwave 2012 Global Security Report Twitter Contest. The question was… "What was the 7th most popular password found during a Business Password Analysis of over 2M hashes by Trustwave SpiderLabs?" The...

#TWContest: The industry that ranked third is...

On Thursday we posted our second question of the Trustwave 2012 Global Security Report Twitter Contest. The question was… "Which industry ranked third in total number of breaches investigated by Trustwave SpiderLabs in 2011?" The answer is... "Hospitality" and was...