Tuesday, April 25, 2017
Tcpreplay is a free tool that you can use to *drumroll*... replay network traffic. You can ask the Google to find you find sample PCAPs (from CTF competitions, forensics puzzles, etc) and replay them to train/familiarize yourself with what right/wrong looks like in your lab environment. It’s slightly safer than downloading malware for demonstration purposes. https://n0where.net/edit-and-replay-network-traffic-tcpreplay/ If you have a Tech Tip you want to share, send them to email@example.com and we'll get them out next #TechTipTuesday.
Tuesday, April 18, 2017
This is straight out of Wikipedia. https://en.wikipedia.org/wiki/IDN_homograph_attack “The internationalized domain name (IDN) homograph attack is a way a malicious party may deceive computer users about what remote system they are communicating with, by exploiting the fact that many different characters look alike, (i.e., they are homographs, hence the term for the attack). For example, a person frequenting citibank.com may be lured to click a link in which the Latin C is replaced with the Cyrillic С.” This vulnerability coupled with convincing phishing campaign could easily dupe the savviest of users. Bad guys/gals can make it even more convincing by getting valid certificates for their domain. Chrome 59 is patched and Firefox has a workaround by not providing a user friendly way of reading IDNs. https://www.xudongz.com/blog/2017/idn-phishing/ If you have a Tech Tip you want to share, send them to firstname.lastname@example.org and we'll get them out next #TechTipTuesday.
Wednesday, April 12, 2017
If you still have concerns over the new found rights of ISPs to sell or use your private data for their benefit, the Electronic Frontier Foundation (EFF) put together a list of measures you can take to keep your private information… private. https://www.eff.org/deeplinks/2017/04/heres-how-protect-your-privacy-your-internet-service-provider If you have a Tech Tip you want to share, send them to email@example.com and we'll get them out next #TechTipTuesday.
Tuesday, April 4, 2017
Who reads their EULA (end user licensing agreement) or any other privacy notice for services they use their services? Maybe we should before (or in addition to) installing a VPN and user TOR to browse. Your ISP should give you the ability to Opt Out of (Customer Proprietary Network Information) CPNI which they use to market communications-related services. They basically monitor you web traffic to customize what advertisements you receive. I’m not saying you shouldn’t share your information. I think you should just be aware of what you are implicitly agreeing to. https://www.usatoday.com/story/tech/columnist/2017/04/02/take-these-5-steps-help-protect-your-privacy-online/99953034/ If you have a Tech Tip you want to share, send them to firstname.lastname@example.org and we'll get them out next #TechTipTuesday.