Crypto waning in an open-source, eco friendly world.

Hello world!

Nothing particularly important to mention today, Google has patched yet another 0-day vulnerability in their Chrome browsers, so updating your browser is an important thing to do. However crypto prices and “hype” will be todays topic, as they are increasingly in decline.

Law enforcement are able to track much of the crypto-currency obtained illegally, due to the fact it runs off what’s known as the blockchain, an example website of this would be etherscan.io, which allows you to to track payments and transfers made over the Ethereum blockchain. This is likely a minor addition to the factors causing the decline, but lots of criminals are finding out that crypto isn’t “untraceable money that doesn’t exist”, certainly diminishing the hype around it.

Secondly the eco-friendly world we live in, Bitcoin mining alone (choosing on what source you pick) undoubtedly uses more electricity than it should. This only makes governments and corporations more likely to crack down on the crypto world in order to preserve their eco-friendly international face.

Nothing more for now, however its probably not long until another company gets phished and hit with ransomware, so stay tuned!

Credential marketplace shut down by FBI.

Hello world!

This news isn’t the newest but occurred within the past fortnight, so you may have already heard. Slilpp marketplace was a significant marketplace where mostly illegally obtained credentials (emails, phone numbers, passwords etc etc.) were sold freely for nearly 10 years.

“Authorities from four countries shut down an online marketplace where vendors sold more than 80 million stolen login credentials to buyers, who frequently used them to make unauthorized transactions, including wire transfers.” the U.S. Justice Department said last Thursday. Banking credentials were being sold for just $71-$500, maybe a worrying factor for many but don’t fret.

Your bank and their fraud department work their absolute hardest to ensure that even if someone gets one thing correct, there is usually others that they don’t know. It can be easy to harvest information from places such as social media, so you shouldn’t make security questions something that either, a lot of people know about you or you post on the internet… If this is true for you, there’s no shame in doing so and the victim blaming mentality is something for another day. Change it as soon as you can and spread the word to your loved ones to keep them safe too, but don’t worry, there’s a huge team of people working to protect you from things like this… 24 hours a day, 365 days a year.

Whilst this won’t have a significant effect on the criminal world, as another marketplace will just capitalize on the demise of this one… And then get shut down itself in the future. There have been arrests made in connection with the operation of this market, which is a great outcome as cyber crime can be difficult to prosecute sometimes, mostly if your attackers reside from certain countries who let cybercriminals run free. *insert shady quote about Russian malware*

Remember kids… You need an accurate inventory of your assets before you can think about protecting them.

Source: https://www.occrp.org/en/daily/14624-marketplace-for-stolen-online-credentials-shut-down

Food for thought #1

Hello world!

Today the UK has seen what can only be described as “downtime” with some factor regarding contactless payments, and the speed at which payments were being processed. Being the Cyber security geek, one would love to speculate of a “cool” but very uncool cyber attack on the UK’s payment systems, I haven’t found any articles or official tweets but noticed today when I went to buy a meal deal and had a brief talk with the security guard about it.

From what I have gathered it bears a similarity to the expected results of denial-of-service attacks, this means that the amount of data being sent is simply too much for the system to handle and would have very severe effects if used on some of our certain security systems such as a NIDS (Network intrusion detection system). The method would likely be a SYN flood, which is a type of denial-of-service attack (One of my best friends informed me that TCP/UDP floods are more frequent in the current landscape.) Anyway, whilst this all sounds super cool (just me?)… My theory is simple, straightforward and doesn’t involve any hackers at all.

It’s been a sunny week in the UK, as we are in the gradual easing of our national lockdown and shops, restaurants, pubs and bars all open again… It seems possible that by some sort of automated (or manual) management system being in place to deal with the amount of traffic that it needed to, but not so much that it was wasting energy and money. This would of likely caused the system to get used to that amount of traffic and recent days have led to a surge in commerce, this being said not every denial-of-service is an attack.

A denial-of-service as I described earlier, means that the system is overwhelmed with more traffic than it is either built to take, is expecting to be sent or any controls done by our friendly network admins. But it doesn’t always mean you’re under attack, and I’m sure that the monitoring systems, packet captures and so on would be interpreted in this way and diagnosed correctly before progressing to the next stage of incident response.

Patch your shit!

Hello World!

Hello World!,

My name is Aaron and ever since I was an eleven year old boy I have dreamt of being what you would call a “hacker”, personally whilst this does ring true; I would much prefer the title of Security Researcher. Over the last couple years or so I have been re-discovering my passion for Information Security and feel that it is really what I want to do with my life. I have the dream of being one of the NCSC leads in 25-35 years and will work hard to make my dream come true.

I want to share important information and keep people updated about things that will affect them, and share my own viewpoints with those interested in what I have to say. If computers aren’t your thing, or you don’t want to learn about them; feel free to find a blog that you can relate to and enjoy to your hearts content.

If you know my type then you’ll know this blog isn’t going to be personal or include details about my life, its purely to inform others about cyber-security and the growing number of threats that everybody faces in our digital world. I will also be sharing my views on tools, education, current events and everything to do with cyber-security, and don’t worry if you’re scared by the idea, I will ensure to explain everything to the best extent I can, in a way everyone can understand. However for the geeks I will get technical when discussing somethings that are relevant, but will provide annotations where possible for others.

I hope that this blog is going to help people learn and become more aware of the challenges we all face, in a world of ever increasing reliance on our computer systems or the growing number of scams and con-artists aiming to take advantage of people at their most vulnerable, there are what you would know as (but I don’t really like this… generalization); white hat hackers, grey hat hackers and red hat hackers that are fighting back against the wrongdoers… And the best way we can all stay secure is through the education of others.