Monthly Archives: Sep 2017

UPDATE: Hacking Puerto Rico Disaster Relief

Since the first Red Lion Puerto Rico post, lots of things have happened!

  • Hackers for Charity has a direct donation page – Hit the button that says “Support the Puerto Rico Disaster Relief Effort”.
  • The towns we are directly supporting are Carlos Perez home town of Toa Alta and Jose Quinones Borrero’s town of Catano & Bayamon.
  • And most importantly, every piece of gear, every experience, every misstep, every tip and trick and hack we figure out painfully along the way, is being written up as a recipe, so we have a repeatable cookbook for disasters. And the Information Technology Disaster Relief Center is working with us to use our cookbook, get volunteers from the hacking community, and help Puerto Rico! Sign up now at ITDRC.org!

Recap!

read more

Hackers aren’t all bad… $15k for Puerto Rico Recovery

Janice Paulson, my wife, and I attend quite a few hacker conventions every year. We run BSidesDE, are semi-officially listed on the organizer’s council for BSidesDC, attend BSidesLV and Defcon, work Derbycon and Shmoocon, and probably go to another 2-3 conferences a year, besides these.

And at Derbycon, in Louisville, KY, I met up with some friends of mine. Ok, about 2500 friends of mine. Derbycon is a hacker conference, run by Dave Kennedy, Erin Kennedy, Martin Bos, etc etc. TrustedSec employees and friends put a lot of effort into the conference. Part of that conference is a 2 day training time, where high quality paid training is performed. One of the trainers, Carlos Perez, is a master of post-exploitation, and his training is highly valued. Jose L. Quinones Borrero, the primary organizer of BSidesPR in Puerto Rico, is also at Derbycon.

Carlos and Jose are both Puerto Rican natives and fantastic guys. Both of their wives told them to come to the conference, and to have a good time. They’ve weathered hurricanes before, and it wouldn’t be too bad. They were wrong.

read more

Assessing Big Picture Risk Through the Lens of the Equifax Breach

Authored by: Joshua Marpet – COO, Red Lion & Janice Paulson – Data Scientist, Red Lion

Disclaimer

Red Lion has no intimate knowledge of why or how the Equifax breach occurred. Red Lion was not involved in the security planning, implementation, or strategy for Equifax, nor have we been consulted for the incident response, crisis communications, or any aspect of Equifax’s security, compliance, security testing, etc.

Your Personal Data and Privacy

Equifax holds information about the bulk of all Americans who participate in common banking and credit transactions. They gather this information from your credit applications such as mortgage paperwork, car loans, and credit cards. They buy information about your address, family members, and other personal information from various sources, and re-sell, along with their assessment of your credit worthiness to banks and other lending institutions.

You consent to this every time you participate in the banking or credit lending system.

read more