NOTE: A great deal of this post comes from @jayjacobs as he took a conversation we were having about thoughts on ways to look at the data and just ran like the Flash with it. Did you know that – if you’re a US citizen – you have approximately a 1 in 5 chance of getting the… Continue reading
Post Category → Information Security
VERIS Community :: JSON vs XML
You may not be aware of the fact that the #spiffy Verizon Biz folk have some VERIS open source components, one of which is the XML schema for the “Vocabulary for Event Recording and Incident Sharing”. While most Java-backends will readily slurp up and spit back archaic XML data, the modern web is a JSON… Continue reading
SSH Password Time-series Heatmap In D3
In @jayjacobs’ latest post on SSH honeypot passsword analysis he shows some spiffy visualizations from crunching the data with Tableau. While I’ve joked with him and called them “robocharts”, the reality is that Tableau does let you work on visualizing the answers to questions quickly without having to go into “code mode” (and that doesn’t… Continue reading
Security & Privacy Of Mountain Lion’s Dictation Feature
With Gizmodo doing a post hyping Mountain Lion’s new dictation feature it’s probably a good time to note that folks in regulated environments or who just care about security & privacy a bit more than others should not enable or use this feature for the dictation of sensitive information. From Apple’s own warning on the… Continue reading
Honeypot Analytics : 500 Pretty Passwords
I had a few moments this past weekend to play with an idea for visualizing the passwords used against the honeypot @jayjacobs set up. While it’s not as informative as Jay’s weekend endeavors: I'm messing around with how to visualize 60k passwords, how's this? : http://t.co/ocAjQdxm (cc @hrbrmstr ) — jayjacobs (@jayjacobs) July 7, 2012… Continue reading
2012 WhiteHat Security Website Security Statistics Report Redux
This is an inaugural post for @MetricsHulk, on the condition that there are few – if any – “ALL CAPS” bits. Q3&4 tend to be “report season”, and @MetricsHulk usually has some critiques, praises, opines and suggestions (some smashes, too) to offer as we are inundated with a blitz of infographics. The always #spiffy @WhiteHatSec released their… Continue reading
Honeypot Analytics
For this post (and probably a few subsequent ones), I’m taking the role of ‘Pinky” to @jayjacobs’ ‘Brain’ as I share some of my own analysis on the ssh honeypot passwords that Jay collected (you’ll need to read his VZB post before continuing). There are tons of angles for analysis and I’ve been all over… Continue reading
Breach Reach : Google Insights
UPDATE: I had to remove the Google Insight widgets and replace them with static images. There was inconsistent loading far too often in non-Chrome browsers. Click on the graphs to go to the Google Insights detail pages for more interaction with the data. Information security breaches have been the “new black” in the past eighteen… Continue reading