Surveillance of the Internet Backbone

Vice has an article about how data brokers sell access to the Internet backbone. This is netflow data. It’s useful for cybersecurity forensics, but can also be used for things like tracing VPN activity.

At a high level, netflow data creates a picture of traffic flow and volume across a network. It can show which server communicated with another, information that may ordinarily only be available to the server owner or the ISP carrying the traffic. Crucially, this data can be used for, among other things, tracking traffic through virtual private networks, which are used to mask where someone is connecting to a server from, and by extension, their approximate physical location…

Continue reading Surveillance of the Internet Backbone

ThreatList: Human-Mimicking Bots Spike, Targeting e-Commerce and Travel

Overall bot activity on the web has soared, with a 26 percent growth rate — attacks on applications, APIs and mobile sites are all on the rise. Continue reading ThreatList: Human-Mimicking Bots Spike, Targeting e-Commerce and Travel

TLS Fingerprinting: Rethinking Encrypted Traffic Analysis Strategies

 There seems to be some confusion about the appropriate way to use TLS fingerprinting in an environment. Anytime an SSL library, a library that uses any of those libraries, an OS or the application itself is updated or changed, there’s a good possibil… Continue reading TLS Fingerprinting: Rethinking Encrypted Traffic Analysis Strategies

Bluetooth Flaws Could Allow Global Tracking of Apple, Windows 10 Devices

Identifying tokens and random addresses, meant to create anonymity, do not change in sync on some devices — opening an attack vector. Continue reading Bluetooth Flaws Could Allow Global Tracking of Apple, Windows 10 Devices