Some time ago I talked about BitLocker forensics and the decryption of BitLocker encrypted volumes. As a result, I received a few questions and a request regarding TrueCrypt encrypted volumes. Encryption, in general, is quite the challenge…
How to secure your WordPress site
The security of your WordPress installation should be a top priority for every website owner. Websites running WordPress are attacked continuously. If you take your website seriously you need to protect your website against hackers.…
File deletion vs wiping (HDD vs SSD)
As you might know, there is a difference between deleting a file and wiping a file. For the user they seem to have the same outcome, the requested file has been removed. However, when you…
Humble Book Bundle Cybersecurity
Just a heads up, there is a Humble Bundle at this moment full of Wiley books on Cybersecurity. Humble Bundle, Inc. is a digital storefront for video games, which grew out of its original offering…
Recommended password policy
My opinion has always been that unnecessary mandatory password changes are bad. It forces people to choose a new (easy to remember) password. A few days ago The NIST has published the finalized version of…
Extract BitLocker key from RAM dump using Passware
As explained in "Should you pull the plug?" and "BitLocker Forensics" you should always capture the RAM of a live system. If there is a BitLocker volume mounted there is a good chance you will…
WhatsApp leaking data?
Today mulander made a very interesting tweet regarding WhatsApp and the way it's trying to fetch information about a URL you are typing. It seems that while you are typing the WhatsApp client is trying…
Security through obscurity: Default ports
Recently someone asked me the question if he should use alternative ports when connecting his new NAS to the internet. My opinion is that changing default ports for things like FTP and SSH won't actually…
SMB1 should die
Part of the reason why the WanaCry outbreak got so big is that a lot of systems were not running the latest security patches. SMB1 is an old protocol designed in the early 1990's. If the…