OneDrive to Rule Them All


Big news from Redmond on Windows Live OneDrive (formally known as SkyDrive, Windows Live SkyDrive and Windows Live Folders).

Only four months after bumping OneDrive capacity for Office 365 customers to 1 TB and improving/adding encrytion, Microsoft announced that it’s removing the cap entirely and making OneDrive unlimited.

For those of you who do not know –  OneDrive (and all its previous names) is a file hosting service that allows users to upload and sync files to a cloud storage and then access them from a Web browser or their local device.

While I think this is a great thing (if you are tech savvy and understand working with “The Cloud”), I still can envision people trying to access their data, screaming –

“Myyyyyy Preciousssssssssssssss!”



Improvement On A Classic–Kali Linux


During a  recent conversation on Network Securtiy,  I was reminded me of a tool I had recommended to  my good friend Rophic a few years ago.

Not to get into specifics, but he required some network detection and password reverse engineering for an “Issue” he was having, and I  just happened to know of an application suite that fit his needs – called BackTrack.  

BackTrack was a Linux distribution containing a plethora of tools focused security, with an aim towards aimed at digital forensics and penetration testing.  Based on Ubuntu, you could download a self-servicing ISO to a CD, reboot your computer and Voila – you instantly had an incredible resource at your fingertips.  We used it extensively with Data/Network Hardening when I was with JES, and as I seem to recall – Rophic had great success with this utility with his particular problem as well.

So – inspired by my aforementioned conversation, I went out to see how things have changed….and boy have they.

In March of 2013, BackTrack was rebranded and rebuilt by the Offensive Security team, releases under the name of Kali Linux.

This Debian-derived distro, continues in the forensics and penetration testing theme – including such known applications as  nmap (a port scanner), Wireshark (a packet analyzer), John the Ripper (a password cracker), and Aircrack-ng (a software suite for penetration-testing wireless LANs).   This is by no means an exhaustive list – and it appears they are continually updating and improving the release.

One improvement I like is the various images available.  Not only do you have the x86 Frameworks both 32 and 64bit), but there is a specific ARM download for Chromebook and an image so you can run on Raspberry Pi.  This later release is what I am currently playing with on an  earlier purchase, and so far – I am impressed.

Finally – for those true geeks out there, Kali is offers online training that emphasizes hands-on lab work on Penetration testing.  This culminates in OSCP Certification, where you are immersed in an unknown (virtual) network and required to complete exploitation goals and demonstrate competency in the vertical.  

There is so much to like with the direction Kali is taking the product – and they have come a long way.  Me personally, I am just (re) scratching the surface myself – so stay tuned as I delve into individual tools and document my experiences. 

Enjoy – and Happy (Ethical) Hacking.

Two Factor Authentication


I saw the below info-graphic, and found it a good “Overview” of Two-Factor Authentication (TFA) – even though it has its flaws (Symantec is not the only solution.

Take it with a grain of salt – but still a pretty good helicopter view.