KnowBe4 Security Awareness Training Blog

Malware Used To Wipe Sony's Drives Was Quick And Dirty

Posted by Stu Sjouwerman on Dec 22, 2014 9:44:20 AM

north_korea_border_now-640x446It's still not clear (and it may never be discovered) how the Democratic People's Republic of (North) Korea (DPRK) hackers came in, perhaps they used all available threat vectors since Sony's security was so lax: mis-configured servers, software vulnerabilities and social engineering spear-phishing emails to employees. 
But CERT said: "Cyber threat actors are using an SMB worm to conduct cyber exploitation activities. This tool contains five components – a listening implant, lightweight backdoor, proxy tool, destructive hard drive tool, and destructive target cleaning tool."
Quick And Dirty
However, an analysis by security researchers at Cisco of a malware sample that matches the MD5 hash signature showed that the code was full of bugs and anything but sophisticated. They compared it to the software equivalent of a crude pipe bomb.
Put next to other state-sponsored malware, "It's a night-and-day difference in quality," said Craig Williams, senior technical leader for Cisco’s Security Group, in an interview with Ars Technica, "The code is simplistic, not very complex, and not very obfuscated."
Heck, it does not take a lot to wipe a disk. Remember the old "Format C:\" command? Here are the CERT details. Alert (TA14-353A) Targeted Destructive Malware:
To start with, at least you can do something about social engineering right away. The brand new, updated Kevin Mitnick Security Awareness Training 2015. Find out how affordable this is for your organization:

Staples: 6-Month Malware Breach, 1.16 Million Cards

Posted by Stu Sjouwerman on Dec 20, 2014 11:36:00 AM

staples-285x180Office supply chain Staples Inc. today finally acknowledged that a malware intrusion by hackers this year at some of its stores resulted in a credit card breach. The company now says some 119 stores were impacted between April and September 2014, and that as many as 1.16 million customer credit and debit cards may have been stolen as a result.

KrebsOnSecurity first reported the suspected breach on Oct. 20, 2014, after hearing from multiple banks that had identified a pattern of credit and debit card fraud suggesting that several Staples office supply locations in the Northeastern United States were dealing with a data breach. At the time, Staples would say only that it was investigating “a potential issue” and had contacted law enforcement. 

In a statement issued today, Staples released a list of stores hit with the card-stealing malware, and the stores are not limited to the Northeastern United States. Russian Cybercrime at its best, after Target, Home Depot and JP Margan Chase. That Was Easy! (could not help myself)

Link with PDF of all the affected stores at Brian's site:
http://krebsonsecurity.com/2014/12/staples-6-month-breach-1-16-million-cards/

 

Lessons Learned From The Sony Pictures Hack

Posted by Stu Sjouwerman on Dec 20, 2014 10:37:00 AM

SONY_HACKBruce Schneier reminded me of an old but very relevant concept in IT Security. There are two types of attacks: opportunistic and targeted. And then you can characterize attackers on two axis: skill and focus.

For example, script kiddies using point-and-click hacking tools are low-skill and low-focus. They grab what they can get if the low-hanging fruit is available. On the other side of the spectrum are highly skilled nation-state hackers with a single focus, and Sony is a good example. A large North Korean hacking team went in and shut down Sony Pictures, their job made easy by Sony's third-rate security. As NK specializes in unconventional (asymmetric) warfare, this type of attack may have been a great practice run for them.

In the middle between these two sit the opportunist high-skill, but low-focus attacks that we read about in the paper regularly: Target, Home Depot, JP Morgan Chase and now Staples lost a million cards. I'm getting breach-fatigue, how about you?

So, what are the lessons learned?

1) If you are the target of a high-skilled, high focus attack you can count on them getting inside. You need to focus on defending the crown jewels and make sure they do not get exfiltrated. The fact Sony did not notice terabytes of data leaving the network is an epic fail. Lesson learned: use encryption- and breach detection tools.

2) If you handle a lot of credit cards, Russian cybercrime has you in their crosshairs but so are a million others. If Home Depot would have upgraded their POS systems in time from XP to Win7, they would not have been hacked. However, good security makes their job a lot harder, more expensive and more risky. This type of bad guy is in it for the cash and their time is money -- they will move to a weaker target. Lesson learned: create enough IT security budget to give the InfoSec team the time and tools the implement best practices.

3) The time to start is before the attack and be prepared. Get a professional pentester and see -how- they penetrate your network, the good ones always get in. Remember that IT security is really three things: protection, detection and response. Lesson learned, and I'm quoting Schneier here: "You need prevention to defend against low-focus attacks and to make targeted attacks harder. You need detection to spot the attackers who inevitably get through. And you need response to minimize the damage, restore security and manage the fallout.”

As the Sony attackers came from across the planet, there are only three ways they could have gotten in: 

  • Mis-configured servers that allowed unauthorized access.
  • Software vulnerabilities, either known or unknown zero-days.
  • Social Engineering untrained employees that simply allow the bad guys in by clicking on a spear-phishing link.

At least you can do something about number 3) right away. The brand new, updated Kevin Mitnick Security Awareness Training 2015. Find out how affordable this is for your organization:

 

Malicious links: Spammers change malware delivery tactics

Posted by Stu Sjouwerman on Dec 18, 2014 5:58:56 PM

link_spam_increase


Symantec just put this out and I thought you might be interested. They are seeing a lot of hackers using Upatre and Ponik malware over the last couple of months, delivered by spam email blasts targeted at various organizations. They use social engineering to make users click on links. Since late November, Symantec Security Response has seen a spike in the number of malicious emails using this tactic to install malware. Over the last six months, there were relatively few spam emails containing malicious links. For example, in October, only seven percent of malicious spam emails contained links. That number jumped to 41 percent in November and has continued to climb in early December.  Check out their blog post here

It's a good idea to step users through effective security awareness training so that they do not fall for these types of phishing attacks. Find out how affordable this is for your organization:

 

 

 

I simply could not resist this vanity plate

Posted by Stu Sjouwerman on Dec 18, 2014 5:34:05 PM

Stu_Tesla_KnowBe4_Plate

Hackers Spear-phish ICANN And Compromise DNS Zone System

Posted by Stu Sjouwerman on Dec 18, 2014 3:58:30 AM

ICANN_LOGOIt does not get any worse than this. Or better than this, if you are a criminal hacker. Domain-name management orgainization ICANN announced it has been hacked and its DNS zone administration system has been compromised. DANG.

Attackers sent icann.org employees spear phishing attacks, looking like they came from their own organization. Looks like the staffers clicked on a link in the emails which took them to a bogus login page where they left their credentials. It is unbelievable that this kind of thing could happen at ICANN. They of all people should have sufficient security awareness training so that classic social engineering tricks like this are spotted. 

Using these stolen credentials, the hackers tunneled into ICANN's network and compromised the Centralized Zone Data System (CZDS), their Whois portal and more.  The painful part is the CZDS, because it gives authorized parties access to the zone files of all the generic top level domains. 

The good news: You cannot actually change the zone files from that system, which would be the holy grail and I'm sure that was what the hackers were ultimately after. 

The bad news: The hackers were able to get their hands on everyone that is registered in that system, including all the data of the administrators of all the registries and registrars on the planet. Meaning all these people are now direct spear-phishing targets.

ICANN sent a warning email to all CZDS users saying: "The attacker obtained administrative access to all files in the CZDS including copies of the zone files in the system. The information you provided as a CZDS user might have been downloaded by the attacker. This may have included your name, postal address, email address, fax and telephone numbers, and your username and password."

So, ICANN, would you please implement some effective security awareness training RIGHT NOW PLEASE?

Here is the ICANN official announcement. Here is some more background at The Register. 

 

 

[InfoGraphic] The Most Used InfoSec Words In 2014

Posted by Stu Sjouwerman on Dec 17, 2014 9:32:23 AM

2014_Top_Words

We took almost 25,000 Hackbusters #infosec articles from 100+ feeds in 2014 and tabulated the hot topics. This "word-cloud" infographic is the result!

What's Really The #1 Hot InfoSec Topic?

There is an enormous amount of noise in the security space, so how do  you know what people really talk about and think is the most important  topic? Well, we created the Hackbusters site for that. It grabs feeds from hundreds of security sites, blogs and other sources. 

We track which topics are most liked, shared, retweeted and favored,  and we built an algorithm that bubbles up the -real- hot topics. We  tweet when a #1 hot security topic bubbles up. Follow this new channel called @Hackbusters on Twitter and you will get tweets with the actual  breaking hot security news:
https://twitter.com/hackbusters 

PS: If you want this data via a browser instead of twitter, you can go here:
http://hackbusters.com/breaking

 

 

New Ransomware called KEYHolder from CryptorBit Cybergang

Posted by Stu Sjouwerman on Dec 16, 2014 3:04:08 PM

how_decrypt-gifBleeping Computer had the scoop again: "A new ransomware has been released called KEYHolder that is from the same developers of CryptorBit. Like CryptorBit, this infection encrypts your data files and then demands a ransom of 1.5 bitcoins to get a decryptor for your files.
Unfortunately we have not been able to find an installer of this infection, so it is currently unknown as to how this ransomware infects a computer. The current theory is that the group behind KEYHolder is manually hacking remote desktop and terminal service computers and installing the infection. As we learn more, we will update this topic.
"When KEYHolder is installed it will scan the computer's drives for data files and encrypt them. Once it is done, it will wipe all the restore points and shadow volume copies on the computer so that the victim is unable to use them to restore the original data. 

KEYHolder will also place HOW_DECRYPT.gif and HOW_DECRYPT.HTML ransom notes in every folder that it encrypts a file. The ransom notes contain information on how to access the malware's TOR site, which contains information the current ransom amount, the bitcoin address that the ransom should be sent to, and the ability to check if the payment has been received.

Here is more detail at the BleepingComputer site.

Here is a video holiday wish from all of us here at KnowBe4 !

Posted by Stu Sjouwerman on Dec 16, 2014 9:27:00 AM

CyberheistNews Vol 4 #48 Spike In Hoax News Spreading Malware

Posted by Stu Sjouwerman on Dec 15, 2014 4:46:00 PM

CyberheistNews Vol 4 #48 Dec 16, 2014

Scam Of The Week: Spike In Hoax News Spreading Malware

The year 2014 has seen a boom on hoax news stories, as these are particularly  successful social engineering tactics used by hackers to get people to click on  links, and worse, share the news with their friends and become part of the  infection vector. Many of these hoax stories infect the device with some  kind of malware. It's particularly bad at the moment.

As an illustration how hoax news has boomed, since Facebook's shift into  becoming a major news platform, it attracted so much cybercrime interest  that Facebook decided to cut a deal with ESET to automatically scan  Facebook's user's devices for malware.

Facebook software engineer Chetan Gowda stated: "If the device you’re  using to access our services is behaving suspiciously and shows signs  of a possible infection, a message will appear offering you an  anti-malware scan for your device." 

It's obvious that not getting infected in the first place is by far the  best way to deal with this, so I suggest you send this to your friends,  family and employees. Feel free to edit any way you like, mentioning  the KnowBe4 Blog would be nice but is not needed.

"At the moment, there is a spike in hoax news stories that spread  malware and infect your phone and computer. The bad guys use all the  tricks in their black book to get you to click on and share hoax  stories with your friends. This happens on Facebook, popular websites,  they are sent straight to your inbox, and even major news outlets are  sharing them unthinkingly. So, be on the lookout for these five hoaxes:

  1. Stories that urge you to share something before you have even read  them. Step away from that keyboard.
  2. Celebrity deaths are increasingly being used to shock people into  clicking on links and making a zombie out of their PC or lock their  smartphone with ransomware. Recent example: Will Smith.
  3. Very violent video news reports that draw your attention with  "Warning: Graphic Content" and lurid titles like "Giant snake swallows  zookeeper". Don't touch 'em.
  4. Outrageous stories about Facebook itself, like it will start charging  for the service, it sells your personal information, a way to show you  who looked at your page, or other claims that might upset you and  click on a link.
  5. And last, especially in this season of charity, heart-rending reports  about dying girls that beg you for "likes" so they can obtain drugs or  hospital treatment. Think Before You Click!

Cybercrime is moving into mobile malware with astonishing speed so be  especially careful clicking/tapping on suspicious things on your  smartphone. Anything you received but did not ask for, watch out  because your phone may get locked with mobile ransomware. 

To train employees to be on the lookout for social engineering attacks  year-round, use effective security awareness training. Find out how  affordable this is for your organization:
  http://info.knowbe4.com/kmsat_get_a_quote_now

Breaking News - 2 New Ransomware Strains

#1 OphionLocker

The first one is a new strain of ransomware named OphionLocker. It encrypts your  data using strong open source Crypto++ Elliptical Curve Cryptography and then  ransoms the files for about 1 Bitcoin. The infection vector is limited to hacked  websites, utilizing exploit kits that hack into unpatched computers. The ransom  amount varies between countries where the victim is located, with the U.S. having  the highest rates.

A new wrinkle is that when a workstation is infected with OphionLocker, it will  generate a unique hardware ID based on the serial number of the first hard drive,  the motherboard's serial number, and other information. It will then contact the  malware's Control & Command server via TOR site and check if this particular  hardware ID has been encrypted already. When you go to the ransomware site, it  will prompt you to enter your hardware id. Once entered it will display the amount  of ransom you are required to pay and provide a Bitcoin address that you should  send the payment to.

The good news: This ransomware does not (yet) securely delete your files or remove  the shadow volume copies. Therefore it is possible to recover your files using a  file recovery tool or a program like Shadow Explorer. For more information on  how to do this, please see this section in the CryptoLocker guide over at  BleepingComputer.
  http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information#shadow

#2 TorrentLocker

The cybercrime gang behind TorrentLocker, a fast-growing strain of ransomware has  earned $40 million between March and December 2014. Researchers from IT security  company ESET have tracked the Bitcoin wallet that received the ransom payments,  and since March a whopping 82,000 Bitcoins have been paid to that wallet.

TorrentLocker was first uncovered in August by iSight Partners and was seen to  be using phishing attacks targeting the UK and Australia, but has since expanded  its reach to target more countries including Italy, Czech Republic, Germany,  and Turkey. It looks this is another eastern European cyber gang that is getting  ready for their assault on the U.S. 

From ESET's main office in Bratislava, malware researcher Robert Lipovsky said  that the TorrentLocker was sophisticated with the cryptography aspect of the  malware "done quite well", using AES with 256-bit keys, and those keys are  stored on a remote sever meaning there is no way of decrypting the victim' s files like CryptoWall. ESET plans to publish an extensive report on the  development of TorrentLocker next week.

The message is patch your systems diligently, be religious about Backup/Restore and step your users through effective security awareness training to make sure  they don't fall for social engineering tricks.

Ransomware on National Public Radio: To Pay Or Not To Pay?

This is an excellent item to send to your management, it will get them some exposure to the recent ransomware explosion and make the threat real to them.

Aarti Shahani, the tech reporter of National Public Radio created a  compelling story about the scourge of ransomware that is taking over  America. The title of the story is: "Ransomware: When Hackers Lock  Your Files, To Pay Or Not To Pay?"

She started out with: "A lot of computer viruses hide inside your system.  Hackers stealing your data go out of their way to operate quietly,  stealthily, under the radar.

"But there's another kind of attack that makes itself known — on purpose.  It sneaks into your network and takes your files, holding them for  ransom. It's called ransomware, and, according to cybersecurity  experts, this kind of attack is getting more sophisticated.

Stick 'Em Up

"Eric Young, who manages the computer network for a small business in  Hermitage, Tenn., got a call from work. It was a Monday morning and,  he says, it was "a very bad way to start the week."

"Somebody in the office opened an email that looked legit. "It has the  exact background of like PayPal," Young recalls, "and it says, somebody  paid you money."

"The employee clicked the link, and out popped a red alert that took  up most of the screen. It was a threat: Pay ransom to an anonymous  hacker, or all the files in the company network will be encrypted —  locked up with a digital key that's so strong, no one can open them  ever again."

I was also interviewed for this story and KnowBe4 is mentioned in both  the article and the radio interview, about how we help organizations  to pay ransom that have been infected and have no or failed backups. 

Again, this is a great story to forward to management, either the website  or the radio interview. It makes the problem of ransomware very real!  Here is the link:
http://www.npr.org/blogs/alltechconsidered/2014/12/08/366849122/ransomware-when-hackers-lock-your-files-to-pay-or-not-to-pay?

Quotes of the Week:

"The secret of genius is to carry the spirit of the child into old age,  which means never losing your enthusiasm." - Aldous Huxley, Novelist

"Too often we underestimate the power of a touch, a smile, a kind word,  a listening ear, an honest compliment, or the smallest act of caring,  all of which have the potential to turn a life around." - Leo Buscaglia, Author

Thanks for reading CyberheistNews! But if you want to unsubscribe, you can do that right here [UNSUBSCRIBE]

Warm Regards, Stu Sjouwerman  |   Email me: feedback@knowbe4.com

What's Really The #1 Hot InfoSec Topic?

There is an enormous amount of noise in the security space, so how do  you know what people really talk about and think is the most important  topic? Well, we created the Hackbusters site for that. Hackbusters grabs  feeds from hundreds of security sites, blogs and other sources. 

We track which topics are most liked, shared, retweeted and favored,  and we built an algorithm that bubbles up the -real- hot topics. We  tweet when a #1 hot security topic bubbles up. Follow this new channel called @Hackbusters on Twitter and you will get tweets with the actual  breaking hot security news:
https://twitter.com/hackbusters 

PS: If you want this data via a browser instead of twitter, you can go here:
http://hackbusters.com/breaking

Ransomware Beats APT In Terms Of Severe Impact

MalwareBytes Research showed that in the year 2014, 82% of companies were  attacked online. Their research also showed that browser vulnerabilities  will be the biggest challenge going forward in 2015. 

But the most salient point that came out of this research was that the  threat from ransomware to the enterprise environment was shown to weigh  heavily on the minds of those whose businesses were infected.

Despite being the least prevalent specific threat in terms of overall  numbers, Infosec pros who did experience ransomware rated it as most  severe in terms of impact, beating even APTs.

In addition, the survey outlines growing concerns around traditional  security suites. An overwhelming majority of respondents, 84%, agreed  that traditional anti-virus has become less effective in the face of  modern threats. This has seemingly forced those in charge of security  budgets to consider a layered approach, with 78% of businesses questioned  planning to deploy multiple endpoint solutions by the end of 2015.

“It’s sobering to see such a large number of companies suffering from  attacks,” said Marcin Kleczynski, CEO of Malwarebytes. “The growing  concerns over browser vulnerabilities are a particularly notable trend,  speaking volumes about their effectiveness as an attack method. Given  the ever-advancing threat landscape, it should be obvious by now that  an endpoint security strategy built around a single traditional  anti-virus solution isn’t enough.” 

It is clear that antivirus can't keep up anymore. It's time for  additional layers at the endpoint. Obviously MalwareBytes is a good  idea, but you should also think about whitelisting technology that  only allows known-good code to run. Full article at DarkReading:
http://www.darkreading.com/endpoint/82--of-companies-attacked-online-in-2014-malwarebytes-research/d/d-id/1318004

Phishing Quiz: Can You Spot A Scam? Don't Be So Sure

CBSNews wrote: "Phishing emails have gotten so convincing that even  the experts can be taken in by a well-crafted fake. That's what executives  at Intel Security discovered when they circulated a version of their  Email Phishing Quiz to 100 attendees at the RSA Internet security  conference earlier this year.

"The quiz displayed 10 real emails collected by analysts at McAfee Labs --  some of which were legitimate correspondences from major companies, and  some of which were phishing emails that look amazingly believable --  and asked, real or ruse?

"Even if you're a security professional, it's hard to just look at these  emails and say whether they're phishing or not. Every single one looks  like a good email," said Gary Davis, vice president of global consumer  marketing (a.k.a. Chief Consumer Security Evangelist) for McAfee, which  is part of Intel Security.

On average, industry insiders were only able to pick out two-thirds of  the fakes. A slim six percent of quiz-takers got all the questions right,  and 17 percent got half or more wrong. Remember, this is their job. Would you fare any better? Take the quiz in the article to find out, I only found out at the end you can hover over the links to see where they go to, so I only got 80% right. You will probably do better!
http://www.cbsnews.com/news/mcafee-intel-security-phishing-quiz-can-you-spot-a-scam-dont-be-so-sure/

eWeek Alerts IT Pros About Self-Replicating Ransomware

Wayne Rash at eWeek picked up on the news and explained to his readers that this is a nasty new hybrid ransomware strain that needs to be  protected against rather sooner than later. He has a few good hints and tips regarding this and it's a recommended story to read and forward to your friends:
http://www.eweek.com/security/new-self-replicating-ransomware-poses-threat-to-corporate-networks.html

More About The Sony Hack, And They Were Not The First

Famous IT columnist Robert X. Cringely at BetaNews wrote: "Sony was  hacked because some president or vice-president or division head or  maybe an honest-to-God movie star didn’t want something stupid like  network security to interfere with their [..] workplace obsession.  Security at Sony Pictures wasn’t breached, it was abandoned, and  this recent hack is the perfectly logical result.

"I used to run IT for Sony Pictures Digital Entertainment", confirmed  a guy named Lionel Felix in a recent blog comment, "and (I) know that  there were a number of simple vectors for this kind of attack there.  They ran IT there like a big small office with lots of very  high-maintenance execs who refused to follow any security protocols.  I’m surprised it took this long for this to happen". More:
http://betanews.com/2014/12/10/executive-ego-and-the-sony-pictures-network-hack/

More astounding is the news that last February, Iranians hacked into  the Sands Casino after the CEO Sheldon Adelson said Iran needed to be  nuked, and the Iranians hackers destroyed thousands of machines.

"What I would do," Adelson said during a panel, rather than negotiating,  "would be to say, ‘Do you see that desert over there? I want to show  you something.’ You pick up your cell phone and you call somewhere  in Nebraska and you say ‘OK let it go.’…Then you say, ‘See? The next  one is in the middle of Tehran."

This statement given by Adelson circulated on all over the Internet  and reached Iran’s Supreme Leader Ayatollah Ali Khameeni, who responded  two weeks later and said that the American government should "slap these  prating people in the mouth and crush their mouths."

The cyber attack occurred 10 months ago but the details of damages  were not publicized until Bloomberg Businessweek exposed it in a  story last Thursday. Hackers crippled thousands of servers and  workstations across the network of the giant Las Vegas Sands Casino by wiping them with highly destructive malware. Ouch. Here is the story:
http://www.businessweek.com/articles/2014-12-11/iranian-hackers-hit-sheldon-adelsons-sands-casino-in-las-vegas

PCI Compliance - What's "Significant Change" And "Periodic" Mean?

No words or phrases in the PCI standard elicit more comments and  questions than “significant change”, “periodic” and “periodically”.

So what do these mean?  Whatever you want to define them to mean as  it is up to each organization to come up with formal definitions.  Those definitions should be based on your organization’s risk assessment.

Very similar to NIST wording of 'organizationally defined frequency' peoples mindset has to change from implementing a checklist of things  to implementing reasonable and expected controls to protect sensitive  information. Here are some suggestions as to appropriate definitions...
http://www.infosecisland.com/blogview/24129-Significant-Change-And-Periodic.html

Report Says Business Lags In Security Awareness Training

Shirley Siluk at CIO Today wrote: "If 2014 could be described as  the 'Year of the Breach,' it's also the year in which companies of  all sizes need to realize that IT security is a "full-on business  imperative." 

That's the key lesson for business leaders offered in Trustwave's  just-released 2014 State of Risk report. Despite the many recent  high-profile data breaches, including Sony Pictures Entertainment,  Home Depot and Target, a large part of organizations aren't as  careful as they could be when it comes to protecting financial and  payment data, intellectual property and network access, according  to the report, released by cybersecurity firm Trustwave. 

Many are also lagging in security awareness training, incident response  procedures and patch management. Trustwave surveyed 476 IT and security  professionals --most of them in the U.S., the U.K. and the United Arab  Emirates -- from July 2013 to November 2014. More:
http://www.cio-today.com/article/index.php?story_id=021000C6SI5F

Experts: The Human Factor Key Challenge To Information Security

The lack of awareness and understanding of risks is one of the biggest  challenges to information security, according to a panel of experts.

Research showed that 93% of data security breaches between April and  June 2014 were due to human error, attendees of the inaugural (ISC)2  EMEA Security Congress in London were told.

"Nearly half of those incidents involved data being emailed to the wrong  recipient,” said Ray Stanton, security adviser and executive VP of  professional services at BT.

No matter how good the IT security team and the technology is, security  will remain weak if information security professionals fail to influence  people in the business to get the basics right, said Stanton.

Information security awareness training should be a mandatory part of  induction training for everyone who joins an organization, said former  UK home secretary David Blunkett. More:
http://www.computerweekly.com/news/2240236390/The-human-factor-a-key-challenge-to-information-security-say-experts

Need a 1:28 min adrenaline shot? Watch this full screen, HD with sound up. Professional skier Cody Townsend descends 2,000 feet through a vertical  chute in Alaska’s Tordrillo mountain range:
http://www.flixxy.com/worlds-narrowest-ski-descent.htm?utm_source=4

A Eurofighter Typhoon being filmed as close as it gets from the open  hatch of a Lockheed C-130 Hercules four-engine turboprop transport plane:
http://www.flixxy.com/close-encounter-with-a-eurofighter-typhoon.htm?utm_source=4

Sos Petrosyan is a lucky guy - his wife Victoria can change into 16 different  'haute couture' dresses in two minutes:
http://www.flixxy.com/high-speed-costume-change-guinness-world-record-winners.htm?utm_source=4

More magic: A magician who got stopped for speeding performs such an  amazing trick that the policeman forgets to write him a speeding ticket:
http://www.flixxy.com/amazing-magic-trick-gets-magician-out-of-a-speeding-ticket.htm?utm_source=4

An amazing Christmas light show at the Storm family home in Austin,  Texas with over 25,000 lights blinking to the tune of 'Let It Go.':
http://www.flixxy.com/frozen-christmas-lights-let-it-go-2014.htm?utm_source=4

The US Embassy Warsaw (Poland) celebrates the holidays with a lip dub of  Mariah Carey’s "All I Want For Christmas Is You." Cute:
  http://www.flixxy.com/us-embassy-warsaw-all-i-want-for-christmas-is-you-lip-dub.htm?utm_source=4

Unsuspecting shoppers got a big surprise while enjoying their lunch. Over 100  singers took part in this awesome Christmas improv. Bravo for an inspired  performance. Händel would be pleased:
http://www.flixxy.com/christmas-improv-hallelujah-chorus.htm?utm_source=4

An ingenious driver from Belovo, Russia, takes care of a flat  tire by simply replacing it with a sled:
http://www.flixxy.com/russian-driver-fixes-flat-tire-with-a-sled.htm?utm_source=4

In a galaxy far, far away, Han Solo (Taran Killam), Princess Leia (Bobby Moynihan)  and Luke Skywalker (James Franco) face a new foe - Old age:
http://www.flixxy.com/snl-star-wars-teaser-trailer-parody.htm?utm_source=4

National Geographic combined 38 triggers and 71 moving pieces such as a Volkswagen  Beetle, globes, tires and bowling pins into a 4-ton scientific contraption. FUN:
http://www.flixxy.com/national-geographics-rube-goldberg-machine.htm?utm_source=4

Here is a fun new way to sell your house.... I guess. :-D
http://youtu.be/D2QOtnLdnLQ

A new planned for 2016, 1,000 mph car tests its rocket engine. Whoa!
http://arstechnica.com/cars/2014/12/1000-mph-car-tests-its-rocket-engine/

Subscribe to Our Newsletter!

Subscribe to Blog

Follow Me