Console infosec links December 31, 2014

Grinches steal Christmas for Xbox Live, Playstation Network users - Eric Bangeman - ars technica

Hacker group Lizard Squad took credit for the DDoS attack via Twitter, promising to back off once they get a sufficient number of retweets. "Get this tweet 2,000RTS and make sure to follow @iBeZo if you want us NOT to hit XBOX and PSN #offline for the rest of the night! RT," the group tweeted Christmas night.

Darkode - Ode to LizardSquad (The Rise and Fall of a Private Community) - MalwareTech

With darkode as a cybercrime hotspot, it's not really a huge surprise that people working in the security industry gained interest in getting access. Researchers such as Xylitol and Brian Krebs dedicated a big part of their blogs to having the inside scoop on darkode, and although admins were very proactive in seeking out and banning security researchers; there was always another hacker to pay off or account to hijack, resulting in numerous threads hating on researcher and Brian Krebs becoming a meme. 

Who's in the Lizard Squad? - Brian Krebs - Krebs on Security

The core members of a group calling itself “Lizard Squad” — which took responsibility for attacking Sony’s Playstation and Microsoft‘s Xbox networks and knocking them offline for Christmas Day — want very much to be recognized for their actions. So, here’s a closer look at two young men who appear to be anxious to let the world know they are closely connected to the attacks.

InfoSec links June 25, 2014

Getting Wrapped Around the CISO Reporting Structure Axle - Rafal Los - Following the Wh1t3 Rabbit

CISO's and where they report seem to be up for debate within the infosec community. Should they report to the Chief Information Officer (CIO) or the Chief Executive Officer (CEO). Under a CIO a CISO would have to go through someone who may not share their same concerns to get to the CEO. Under a CEO the CISO doesn't have those concerns but has to be able to express security issues and concerns in terms that a CEO can understand and probably needs a better overall understanding of the business. So where should the CISO report? That depends according to the article and I would agree. As with any security measures, what's right for one organization may not be right for another.

15 Ways to Download a File - Ryan Gandrud - The NetSPI Blog

Ever wonder how you get stuff installed on your computer that you didn't know about and probably don't want. Well here's 15 ways that can happen.

How Not To Respond To A DDoS Attack - Kelly Jackson Higgins - Dark Reading

Distributed denial-of-service (DDoS) are one of the most public attacks out there. The term might not be as well known among the general public but the attack is and attackers are continuing to come up with new ways of executing the attack regularly.  DDoS is here to stay and this article has some pretty good tips on how to handle and, more importantly, how to be prepared for such an attack.