Entries by Chelsea Allen

Liability Roulette

When a judge last week dismissed Target’s attempt to dismiss a lawsuit about their 2013 breach, it set a very important precedent on data breaches – Target was shown to be responsible, at least in part, for the damage that was caused by the breach. According to the decision,  “Target’s actions and inactions – disabling […]

Leveraging InfoSec

High school physics is a lot of fun for many different reasons: experiments, math (or is that just me?), and falling things in the name of science. It’s good that I liked physics, because I’m reminded of it on a consistent basis. Though not immediately obvious, basic physics terms are used constantly in real life. One […]

Let’s Encrypt: Fast Track to Safer Internet?

The Electronic Frontier Foundation (EFF) has recently taken the wraps off of a bold new project, “Let’s Encrypt”, which aims to help administrators move their web servers over to HTTPS as quickly and as easily as possible. What today takes even an accomplished administrator the better part of an hour to configure could soon be […]

SINET 16 (Awards and Innovation)

We at Pwnie are beyond proud and excited to announce that we have been selected as one of this year’s SINET 16 Innovators. SINET, according to its site, selects these companies as the “best-of-class security companies that are addressing industry and government’s most pressing needs and requirements.” SINET stands for “Security Innovation Network,” an incredible […]

Compliance 101

Here at Pwnie we have recently become very interested in compliance, and there is a lot to be interested in – compliance is important, often complicated, and vital to enterprises across the world. Our friends over at IT Governance wrote a recent blog on the highlights of PCI DSS 3.0, and as they rightly point […]

Howdy to the InfoSec Ranger

Pwnie Express is proud to say “howdy” to the new InfoSec Ranger, the one and only Jayson Street! For those of you who don’t know, Jayson has been an InfoSec professional and a well-known speaker at conferences around the world, as well as the author of books like “Dissecting the Hack.” In addition to his expertise, Jayson […]

Bypassing HSTS SSL with the Mana Toolkit

Anyone who’s attempted to use Moxie Marlinspike’s SSLstrip against recent browsers has no doubt run into HTTP Strict Transport Security (HSTS), a mechanism by which a website is able to inform the browser if it’s supposed to be secured with SSL. This fixes the key problem with previous SSL implementations (and what made SSLstrip possible); […]

PCI-DSS 3.0 and Education

PCI-DSS (Payment Card Industry Data Security Standard) is considered one of the “standards” for security within the business world. The requirements outlined by the standard encourage security staff to evaluate their own systems properly, and the implications of not passing help to encourage potentially unwilling executives to invest in security. Because of this, the regulatory […]

WPS Cracking with Reaver

We’ve previously covered how ineffectual WEP encryption is for securing a wireless network, showing that the Pwn Plug R3 can easily break into a WEP network in less than one minute. But considering how old WEP is, that shouldn’t really come as much of a surprise. Most networks will now be running the much more […]

The Pwnie Reviewer: Cybersecurity in the Public Eye

Now that Staples was hit, it seems that it’s official: breaches are becoming common, they’re being reported on, and there’s public interest. For once, though, the regular news media is lagging behind the rest of the entertainment industry: cybersecurity and data privacy have been cool in Hollywood for a long time. Spy movies and cop […]