Improving Your Password Habits With Passphrases

posted on May 29, 2015 by Chris Bonk

Preceding my work at Security Compass, the pursuit of my Masters of Computer Science led me to conduct research on user authentication, passwords and, more specifically, the study of human selection of long text-based passphrases. The research was done under the supervision of Dr. Julie Thorpe at the University of Ontario, Institute of Technology (UOIT)….

Dynamic DDoS Defense

posted on May 19, 2015 by Michael Bennett

Figure 1: SDN blocking a malicious attack Intro Let’s face it, DDoS attacks are growing both in size and complexity. Botnets used to launch DDoS attacks can contain anywhere from hundreds of thousands to millions of bots and as long as malware is prevalent across the Internet those numbers will continue to grow. Not to…

Breaking into the Industry: Information Security

posted on May 11, 2015 by Pratik Amin

Information Security is hiring. It’s not only major security companies looking for talented and experienced people but large organizations are starting to build out their own internal security teams. This is causing a major talent gap in the industry, everybody is competing for the same small group of people and the demand is much higher…

Making Smart Locks Smarter

posted on May 5, 2015 by stephen

Introduction: During a recent Security Compass ‘Hack Week’ we decided to take a look at smart locks in an attempt to assess the current state of Smart Lock Security.  For our project we decided to take a look at the August Smart Lock. The August Smart Lock is an electronic locking mechanism that can be…

Reblog: (ISC)2 CSSLP and Security Compass Training

posted on May 5, 2015 by Isabel Choi

Source: Simoneonsecurity Author: Simone Curzi – The author of this Blog, Simone Curzi, has been a Senior Consultant and Delivery Architect in Microsoft Consulting Services (MCS) Italy for more than 6 years and has spent a total of 15 year as a Consultant in MCS. Now he is a Senior Premier Field Engineer, specifically on Security topics…

Cyber-Flood Friday

posted on May 1, 2015 by Yousif Hussain

Welcome back to Cyber-Flood Friday! In this edition we discuss more about DDoS and the costs associated with attacks, and the trends within recent attacks. I also discuss the unfortunate growth sector of information-security, and how hackers are creating market demand for attack defenses. The articles mentioned shed light on recent news within Information Security,…

Bad Sudo

posted on May 1, 2015 by stephen

Sudo allows admins to give users permissions to perform actions as other users, primarily the root user. Normally when you give a user sudo you limit the commands that they can run as to not give any user full control over your system. If you use any of the default examples for sudo that can…

Battle School: RSA 2015

posted on Apr 29, 2015 by Christine MacDonald

You will never influence the world by trying to be like it. The core of our culture is to be different – to be memorable, whether its during a team outing or customer engagements. This was no different for us at RSA. Background Story: About a year ago @mrvaughan approached me with a hybrid CTF booth…

Cyber-Flood Friday

posted on Apr 17, 2015 by Yousif Hussain

Welcome back to Cyber-Flood Friday. Last week I didn’t post a blog, as we decided to change it up and give you a blog with the latest security news every other week. This way we can get you the most accurate and interesting news out there! This week I discuss a lot of DDoS news…

Cyber-Flood Friday

posted on Apr 3, 2015 by Yousif Hussain

Welcome back to Cyber-Flood Friday. This week I discuss a major DDoS attack against GitHub an American coding website. The DDoS attacks that were being launched against this site occurred for days, and surely GitHub took every necessary step to mitigate each evolving attack. I also talk about a vulnerability note, that could get organizations…