Archive for 'Blog'

HeartBleed SSL 0-Day

A potentially serious 0-day attack has been disclosed affecting many websites employing OpenSSL (versions 1.0.1f, 1.0.1e, 1.0.1d, 1.0.1c, 1.0.1b, 1.0.1a, 1.0.1 and 1.0.2-beta) for their HTTPS implementations.  The heartbleed vulnerability CVE-2014-0160, allows an attacker to query up to 64kB of data from the server’s volatile memory.  The information could include sensitive data, encryption keys, anything that your applications have placed in memory.  Disclosure of this data to an attacker may not be detectable by the victim.

This is a confirmed ...

Continue Reading →

Vulnerability – Information Disclosure

First off I want to wish a happy new year to all of our visitors to our blog, as well as clients and friends of the Parameter Security family.

Over the New Year holiday our hackers discovered an information disclosure vulnerability on that will disclose a users username.  In order to gain the username you will need to have knowledge of the user’s email address.


At the login enter the known email address.  Enter something into ...

Continue Reading →

Sony Security Breach

Written by Ben Miller, CEH

Sony announced, Wednesday April 20, they were aware of their network services being down.  Little did they know this would turn into one of the largest data breach fiascos in history.  On May 14, Sony began bringing their network back online for customers in North America.  News stories have been concerned all along with the amount of credit card numbers stolen but, there is more at stake than just credit card numbers.

On April 26, Sony released ...

Continue Reading →

How Can You Protect Against Future Epsilon-Like Breaches?

Written by Renee Chronister, CEO

Everywhere you turn you hear of more victims affected by the Epsilon breach. Best Buy, Target, 1-800-FLOWERS and the list continues to grow. While Epsilon claims only names and email addresses were accessed, not financial information or anything profoundly compromising, you still can be victimized with the data that was leaked.

How? Well, names and email addresses offer hackers a nucleus from which to launch targeted phishing attacks. Those with malicious intent now have names and active ...

Continue Reading →

Healthcare & Security: A Hacker’s Perspective

by Renee Chronister, CEO, Parameter Security

WikiLeaks. WikiLeaks. Everywhere I turn I hear about WikiLeaks followed by “What does that mean for healthcare?” Well…it means absolutely nothing for healthcare. I know you’re scratching your head right now going “huh?” Here’s why: healthcare has already outpaced other verticals when it comes to data security breaches, including government, by as much as threefold in 2010 alone according to a recent report issued by Identity Theft Resource Center. So to put it bluntly, healthcare ...

Continue Reading →

Best Offensive Security Tools Survey 2010

Like many security professionals out there, the Ethical Hackers at Parameter Security have on many occasions found our selves browsing Fyodor’s Security Tools list (  The last list came in 2006, and since then a lot has change in the Info Sec world of tools.  We at Parameter have decided to continue the tradition and create a new survey for 2010.

Please help us by filling out the following questions.

Please Note:

  1. This is for Offensive, ...
Continue Reading →

Inside the Mind of a Hacker

Earlier this week I hosted a webinar entitled “Inside the Mind of a Hacker”.  During this hour long broadcast we discussed; How a Hacker thinks, What are a Hackers goal, and the tools of a Hacker.  We concluded the Webinar with a demo of a Trojan. 

The webinar can be found on Parameter’s website or by Click Here.

Continue Reading →

Hacktivists change the Global Warming Debate

Unless you have been living under a rock during the past 20 years you know that Man made Global Warming has been a very hot topic (no pun intended 🙂 ).  Recently it seemed that the Pro-Global Warming team had been making the most ground.  As the inventor of the Internet Al Gore put it “The debate is over”..  Is it???

It appears that a group of Hacktivist may have pulled some skeletons out of the closet, ...

Continue Reading →

Protecting from Identity Theft? A good Start

I apologize for delays in new post, business has been well keeping me busy.  2010 I hope to update more regularly.  Until here is an article I wrote for security magazine in 2008.  I hope you enjoy.

Protecting from Identity Theft? A Good Start

by Dave Chronister
April 1, 2008

Technology’s ever-growing importance is a mixed blessing.

On one hand, it keeps me employed, but many times I will find myself talking about “new threats” that aren’t really new, ...

Continue Reading →

Social Security number code cracked, study claims

Published: July 6, 2009

WASHINGTON (AP) — For all the concern about identity theft, researchers say there’s a surprisingly easy way for the technology-savvy to figure out the precious nine digits of Americans’ Social Security numbers.

“It’s good that we found it before the bad guys,” Alessandro Acquisti of Carnegie-Mellon University in Pittsburgh said of the method for predicting the numbers.

Acquisti ...

Continue Reading →
Page 1 of 4 1234