Tagged: intelligence

SB15-145: Vulnerability Summary for the Week of May 18, 2015 0

SB15-145: Vulnerability Summary for the Week of May 18, 2015

Original release date: May 25, 2015 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD , which contains historical vulnerability information

More on the NSA’s Capabilities 0

More on the NSA’s Capabilities

Ross Anderson summarizes a meeting in Princeton where Edward Snowden was “present.” Third, the leaks give us a clear view of an intelligence analyst’s workflow. She will mainly look in Xkeyscore which is the Google of 5eyes comint; it’s a federated system hoovering up masses of stuff not just from 5eyes own assets but from other countries where the NSA cooperates or pays for access. Data are “ingested” into a vast rolling buffer; an analyst can run a federated search, using a selector (such as an IP address) or fingerprint (something that can be matched against the traffic)

Repurposing Logs, (Tue, Mar 24th) 0

Repurposing Logs, (Tue, Mar 24th)

Keeping an eye on your logs is critical (really, its number 14 on the SANS critical list of controls: https://www.sans.org/critical-security-controls/control/14 .) Earlier Rob VandenBrink shared some techniques to find nuggets hiding in your logs ( https://isc.sans.edu/forums/diary/Syslog+Skeet+Shooting+Targetting+Real+Problems+in+Event+Logs/19449/ .) Today Im going to share some tricks to squeeze every last bit out of your logs through repurposing logs. I mean repurposing log files, not this: https://www.pinterest.com/dawnreneedavis/repurposed-logs/ . Logs are given their original purpose when programs determine when and how theyre going to record a log entry.