OWASP Ottawa Meet up

I attended my first Ottawa OWASP meeting last night.  Space was limited to 70 participants and I was #20 on the waiting list, so I was fairly surprised to receive an email at 3:00pm that I was confirmed for that evening.  When I arrived at around 5:30pm things were already underway with snacks and pizza. […]

Read More

Monitoring for DNS changes

Often when one is locking down a network, it is easy to forget the keys in the front door lock.  This is what apparently happened to a Brazilian bank which had it’s domain hijacked and customers were redirected to a fake login page where hackers collected account numbers, passwords and pushed malware.  (Threatpost). Where this unnamed […]

Read More

China’s punishing firewall

So we’ve all heard about stateful and stateless firewalls.  China however implements a national reverse firewall.  This means that they are mostly targeting the types of traffic that leaves China, as opposed to being concerned about what comes into China.  There is however an additional feature of the Great Firewall of China (actually called Golden Shield) […]

Read More

Why doesn’t China block VPNs?

China has what I think is the most impressive manual and automatic restriction system in the world.   A complex configuration of firewalls, proxies, poisoned DNS servers (complete with spoofed IPs!) along with a literal army of specialists who configure and feed the beast to block what the Chinese government wants blocked.  It costs billions a […]

Read More