I've been here....work has kept me super busy...pretty sure there is a post in 2012 that says about the same. :-/
I attempted to recruit some smart people to make some posts and they did so thanks to all the guest bloggers this year.
so what's been up?
well I've taken on two hobbies that don't directly tie into this blog. One, Christmas lights, like the obnoxious programmables RGB color ones. Facebook friends have been kept abreast of the situation. Two, stock trading...which i found out a fair number of hackers are into...which is cool. The stock stuff came about from reading the Rich Dad Poor Dad book and trying to figure out a way not to have to work until i die. See that post for a tiny bit more explanation.
I've been told by a few people that readers would probably find the xmas light stuff interesting as it does involve cat-5 cables and packets over Ethernet frames. So I'll start knowledge dumping in Jan on that topic.
anyway. Tech stuff....whats up?
Shitty passwords are whats up this year (totally new issue right??!!!). I didn't go back and count but a large majority of the tests I performed or assisted with this year where there was some sort of single factor login portal (SSLVPN, Citrix, OWA, etc) fell over to one of the following:
Lares continues to break into hard to break into places using Red Teaming.
I also gave a talk at a credit union conference a few months ago where i tried to sum up how organizations are getting owned. TLDR; its all stuff we know about, but it takes work to fix, so not that many organizations do it.
I've been kind of a deadbeat on talking in 2013 but i have a few ideas on some talks for 2014, ideally blog posts either here or the Lares blog will help me work those ideas into posts and eventually into a slide deck(s).