Do you know where your certificates are?
So what’s next in the growing black hat toolkit? According to some researchers, it is theft of certificates. And this is not just theory, as demonstrated with the recent Adobe PDF zero-day exploit....
View ArticleBad software can be tortuous… in a very bad way
It isn’t any surprise that Iranians and other people using the Internet in information-restricted countries need a way to “break out.” It is also no surprise that someone would try to build a software...
View ArticleIf you build it, they will crack it…
By this time, we should all get it… If you build an electronic device, someone will figure out how to crack it. The other important principle we should all understand by now is if you don’t ensure...
View ArticleEmergency patch for ASP.NET vulnerability
According to H Security, this ASP.NET vulnerability should be patched as soon as possible. The patch, MS10-070, is available from Microsoft as of 2/28/2010. The vulnerability can be remotely exploited...
View ArticleA Different Kind of Whitelist?
During my years as a security director, one of the weekly challenges I faced was how to tell my peers in engineering that we have more items to add to the growing list of blocked domains or IP...
View ArticleWhat about Us?
Here we go again… The last time this came up, no one could respond to security researchers who asked if this also means banning testing of anything that resembles a tool that can be used to attack a...
View ArticleGovernment Dysfunction Strikes Another Blow for Insecurity
For many years, even before the Internet, changing default access codes, passwords, and other vendor assigned information was considered a basic no-brainer. And I understand normal people (non-IT) not...
View ArticleGive business continuity a chance…
Business continuity is the practice of understanding critical business processes and ensuring their availability. Disaster recovery is a component of business continuity. Understanding business...
View ArticleAre You Ready for the Rise of Non-IT Devices
Security managers and their organizations are just starting to understand what it takes to keep traditional network-attached devices secure. Servers, desktops, laptops, switches, routers, and even...
View ArticleReady for the Hordes? You’d Better Be…
The battle rages as users fight to get their smartphones connected to your network. As many have written, it is futile to fight against the hordes beating on your door. So whether the user currently...
View ArticleSecurity None-sense
I’m sitting in my mother’s hospital room. It is in a new, modern, well thought-out addition to the Toledo Hospital. There is even high-speed Internet access via Wi-Fi. However, the hospital’s IT...
View ArticleSAS 70 replacement: SSAE 16
I’ve never been a big fan of SAS 70, even though it seemed to many like a great way for an organization to tell the board and its auditors that it practiced due diligence. You know, ” hey look, I got...
View ArticleAndroid security…?
A recent blog, Frequency X Blog, examines the latest Android malware, DroidDream. The hole that allowed this is as big as they get. Filed under: Application Security, Certificates, Cybercrime, Data...
View ArticleThe Kinect Hack Compendium
See The Kinect Hack Compendium! – Yahoo! News. Maybe this is a reason for Microsoft to try some approach to open-source for these products. The base technology seems capable of so much more… Filed...
View ArticleWordPress DDoS Attacks Mostly Came from China News
China, LEAVE MY BLOG ALONE… From WordPress DDoS Attacks Mostly Came from China News: “WordPress.com was hit with another wave of attacks today (the fourth in two days) that caused issues again,” he...
View ArticleIt isn’t just computer theft…
URL: http://idtheft.about.com/od/identitytheft101/a/Mail_The… Computer data loss accounts for only part of what feeds identity thieves… How secure is your snail-mail? See this Amp at...
View ArticleIt’s All about TRUST…
Consumers and the press like to bash vendors and online social networks for lacking perfect privacy, but there is no such thing. Rather, this is the victim’s argument for getting pwned… Whenever we...
View ArticleShould you run away from Dropbox?
For a long time, I’ve recommended Dropbox to colleagues, friends, and family. However, recent revelations and events made me look for a more secure and less risky solution. First we learn that any...
View ArticleLion eats a Trojan…
If you’re a Mac user, you’ve probably grown complacent about security from time to time. However, criminals are starting to go after you… me included. In a recent CSO online article, George Hulme...
View ArticleCloud Security Standards Excuse
I keep reading articles about how the lack of cloud security standards keeps companies away from cloud services. Isn’t this just an excuse? We have security standards for our own organizations… or we...
View Article
More Pages to Explore .....