Home/Josh Jones

About Josh Jones

This author has not yet filled in any details.
So far Josh Jones has created 8 blog entries.

Attackers and Cyber Criminals Win If…

In the wake of the tragic terrorist attacks in France, political figures and intelligence officials are renewing the call for back doors and the ability to decrypt encrypted communications. The argument has been made that bad actors are “go dark” and intelligence agencies are unable to detect threats via digital communications. If you think the good guys will win, if given this ability, you are mistaken.

Circumventing security by installing back doors and providing decryption capabilities will make all of us less secure and not more. If we allow one entity/organization access to our devices via a backdoor or give them the ability to listen in on encrypted (secure) communications, who’s to say this capability won’t be exploited by bad actors.


Cisco FirePOWER v6.0 has been released

Cisco has just released FirePOWER v6.0 and it has several new features that have been long awaited.

Three key features include:

On-box SSL Decryption: The ASA firewall now has the ability to perform SSL decryption. By some estimates, at the end of 2016, roughly two-thirds of all Internet traffic will be encrypted. It is no surprise that attackers will continue to leverage SSL-based attacks because it is more difficult to detect. Security solutions must have the ability to look inside SSL-encrypted traffic to combat against attacks that leverage SSL encryption.

Integration with Cisco ISE: This is a big step in the right direction for Cisco to tie in multiple security solutions. This will extend the capabilities of ISE and allow better policy enforcement. PxGrid capabilities

Privacy is Dead

Privacy is long past dead. You don’t have to look any further than Google, Facebook, Twitter and other popular social networking platforms. It’s our human nature to want to be trusting. It’s also human nature to want to feel accepted. Based on these two human tendencies, privacy concerns will continue to fall on deaf ears.

Over the past couple of years, I have conducted many of my own social experiments by leveraging social media and other online platforms. I could share the mounds of data that I discovered, but I don’t want to bore the average reader. Instead, I will just simply leave it at this; privacy is a thing of the past.

Now that big data and analytics is here, consumers

Penetration Testing Lab Setup and Overview

If you are new to penetration testing or just starting out, you will want to read through this information and watch the included video. In order to become a better penetration tester, you need a lot of practice. In order to practice and hone your skills, you need to build a penetration testing lab first. Thanks to virtualization software, you can build a very simple lab and begin testing the concepts that you are learning about. Once you learn the basic concepts, you can add more complexity to your penetration testing lab. As you start out though, you will want to keep your lab setup fairly simple.

The first thing you will need is virtualization software:

  • Virtualbox (Windows/Mac/Linux)
  • VMware Workstation (Windows)

Cyber Security: The Ugly Truth

Let’s discuss the ugly truth of cyber security. Right now, many business leaders and our government view cyber security as an inconvenience rather than a necessity. In order for leaders in the public and private sector to view cyber security as a necessity, a devastating or drastic cyber security event has to occur first. In other words, a cyber security event must be severe enough to cause actual harm to human life before we will truly and fully embrace the widespread adoption of cyber security.

It’s our human nature to see how far we can push the envelope. This is no different in business or in government. The leadership in the public and private sector must find an acceptable level risk.

Virtual Sandbox Overview

If you are looking to get started with ethical hacking and penetration testing, you need to have a lab. You have several choices when it comes to setting up a lab. My personal favorite method of setting up a lab is using virtualization software. I personally run VMware Workstation on my Windows 10 PC and VMware Fusion for my Macbook Pro laptop. Both of these options are not free however. If you are in search of a free alternative, you may want to explore using VirtualBox.

In this short demo video, I provide an overview on how you can set up a virtual sandbox lab using VirtualBox. Here is the overview video for your viewing pleasure!

Call to Action for Security in 2015

2014 proved to be a very challenging year for many corporations from a security perspective. Look no further than some of the entities listed below that made a wave in the news headlines.

  • P.F. Chang – 33 restaurants compromised
  • Sally Beauty – 25,000 payment cards compromised
  • Michaels Stores – Roughly 3 million debit and credit cards were compromised
  • Goodwill Industries – Nearly 330 locations and some 868,000 cards compromised
  • Jimmy John’s – 216 stores throughout the nation, compromised
  • Neiman Marcus – An estimated 350,000 payment cards compromised
  • The Home Depot – A whopping 56 million cards were compromised
  • Target Corporation – A jaw-dropping number, an estimated 70 million cards were compromised
  • JPMorgan Chase – An estimated 76 million small businesses

BEWARE: ISP Tech’s using your Internet

I was out in public the other day and I overheard something that was quite concerning. There were two guys talking to each other who both work for a ISP (Internet Service Provider). They were discussing back and forth about how easy it is to download “questionable” stuff from the Internet by using customer’s wireless networks. By questionable stuff, I am talking about porn, illegal music and movies.

They said that all they have to do is go into any neighborhood that is serviced by the same ISP, and simply park their service vehicle on a street and open up their laptop. From there, they are able to connect to any number of wireless networks.

The ISP technicians are able to connect