OpenCanary and the Mirai Password List
Fighting the Tyranny of the Default (login) As the OpenCanary in the Cloud continues to sit with its ports open, waiting for connection attempts, it’s clear to see that a large amount of credentials are…
OpenCanary: One week in Splunk
The OpenCanary has been feeding Splunk via WebHook for over a week now and the statistics are becoming clear. More ports, more protocols means more interest from entities scanning the Internet and attempting to get…
A breakdown of a Homegate scam
Property scams and fake adverts are a nuisance on Homegate; learn how to spot a fake advert, avoid being scammed and leverage Homegate to your advantage.
Improving OpenCanary Logging
The Loggly solution I’ve been using is basic and limited, basically being able to give an overview of the previous 7 days of events. It presently shows 213’000 events with a drill-down to 110’000 login…
The Dummies Guide to the CISSP
How to prepare and pass the CISSP exam
The Domain Registration Renewal Scam
One of the domains we own and use received the following notification – actually through the Contact Us form on the website, CAPTCHA and all. The formatting is down to how the online form is…
Enhancing the OpenCanary: Samba writes and malware submissions
After finding that someone, somewhere was dumping malware .exe files into my OpenCanary, I had a long thing about what I should do with the honeypot given this happened. My initial thinking was that the…
OpenCanary in the Cloud: Unintended Consequences
My OpenCanary in the Cloud was not logging SMB requests properly and I finally made time to look and understand the problem. Naturally, I wanted to test the share and look at the logs when…
Stupid Password Requirements
Or lack thereof Some recent experience has resulted in the creation of some accounts on certain SaaS HR recruiting platforms, namely Successfactors and Taleo. As a long-time user of password manager solutions (presently Bitwarden), I…
Best Browser Configuration
Introduction For any user, there are functional requirements of a browser as well as certain privacy and tracking requirements (certainly for the “Haves” accessing the Internet!!). Some functionality can be added as Extensions or Add-ons…
The Canary in the Cloud
OpenCanary 2.0 in Oracle Cloud continues to flourish. The main reporting mechanism is a webhook into Loggly from SolarWinds and it gives an overview of the connection attempts to the Canary along with the ports,…
The LastPass Hack
Background LastPass revealed in December 2022 and in August 2022 that they had been hacked. The two incidents are absolutely related as the criminals who lifted the LastPass customer vaults in December got the secrets…