Sean Cassidy, in a recent blog post explained the workings of LostPass, a phishing framework specifically targeting the popular password manager LastPass. In it, he perfectly articulated an idea that has been bouncing around my mind for a couple of months: The standard refrain is that we need better user training. That is simply not good enough. I couldn’t agree more with this statement. We can train them about best practices and cyber threats until we cannot talk, but they will still mess up and the bad guys will still find a way!
This article was originally posted on nullsecure.org and has been republished with permission. I’ve been pretty busy lately with updating Tango to version 2.0 and working on threatnote, but, another project I started on recently was something @egd_io and I are calling Gavel. Gavel is a set of Maltego transforms that query traffic records in each state. This project started out really ambitiously and we wanted to cover all 50 states, however, we ran into several problems.