Security research from the front lines

Ryan Sherstobitoff

Subscribe to Ryan Sherstobitoff: eMailAlertsEmail Alerts
Get Ryan Sherstobitoff via: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn

Top Stories by Ryan Sherstobitoff

There’s no question that advances in server virtualization technology are becoming popular among corporations that want to save money by consolidating resources and improving operational efficiency. Virtualization enables a dramatic increase in cost savings in ongoing maintenance and the cost required to keep physical assets afloat. These benefits are often seen by CIOs and other information technology leaders as adding tremendous value to an existing robust IT infrastructure. Who wouldn’t want to save money by reducing the size and extent of their data center, especially in the manufacturing and financial services industries? However, I’ve noticed an increasing phenomenon: security often takes a backseat when it comes to consolidating servers, applications, or other resources to a virtualized platform. In a traditional sense, server administrators have been taught ... (more)

Even Heroes Need the Right Tools in Their Utility Belts

We at SafeKidZone believe, without a doubt, that the people who make up 911 emergency services are all heroes. It’s not an easy job, but these brave folks are earnest in their willingness to do what is necessary to help save a life. In the case of the Schmitts, in the article, 911 did not make it in time to save their family home from burning to the ground simply because of situational fog: in this case poor cellular coverage which routed their emergency call to an alert center on the other side of the county. Compound that problem with difficulty locating the Schmitts and the o... (more)

SQL Injection Attacks: The Future of Mass Hacking Campaigns

SQL injection attacks are evolving as one of the primary modes of transportation for malicious scripts that hackers insert into legitimate websites. According to recent events, this method is becoming very popular among the hacker elite, especially considering the number of sites they are able to exploit almost overnight. Some of these victim sites include the United Nations and the Department of Homeland Security (DHS).[1] Typically they will use the website as a vehicle for distributing Trojans through encoded JavaScript that a SQL injection inserted into the website. The scar... (more)

Breaching Wireless Networks

Wireless networks and endpoints offer convenience and connectivity, but unless properly secured, they also offer a means of egress into the network. As evidenced by recent headlines surrounding undiscovered data breaches and subsequent public exposure, hackers have begun to turn their eye toward breaching wireless networks and taking advantage of the many weaknesses incumbent. At the same time, we continue to see a trend toward stealing cardholder information from retailers such as TJ Maxx and Hannaford Brothers. According to a recent study conducted by the Verizon Business Risk ... (more)

Hidden Dangers: Crimeware-as-a-Service (CaaS)

As the malware threat landscape continues to evolve, hackers are continuously changing techniques to counteract detection technologies being developed by vendors. By using sophisticated methods to evade current antivirus technologies, hackers are relentless in their pursuit of damaging IT systems and oftentimes gaining access to sensitive information. Several years ago, hackers used polymorphism and metamorphism as tactics to constantly generate new variants of worms. Essentially, through polymorphism, the virus would morph into different variations, successfully bypassing signa... (more)