March 2009
25 posts
Is Comcast Pulling Wool →
Reports of data breaches aren’t uncommon. And explanations are typically slow in coming, but most large organizations fall on the proverbial sword and admit their security controls played a role in…
PCI DSS Compliance Made Easier, but Upside Down →
Most companies required to jump on the PCI DSS wagon are SMBs. So implementing security controls to protect cardholder information is not an easy task. And the difficulties begin when business owners…
Maybe we should use the threat of space aliens... →
Now security researchers and vendors are using the threat of cyber-warfare to push vulnerability mitigation. Maybe we should try space aliens next.
Risk Mitigation Drives Breach Prevention Costs →
Remember the objective of breach risk mitigation is to increase the effort necessary to successfully breach a network, system, etc. beyond the value gained by a successful attack. Most…
New Centralized Storage for SMBs →
Keeping all your sensitive information in a centralized location helps with security. However, SMBs with large storage needs (or home users with way too much audio-video gear) may find the new D-Link…
The DoS Still Does Not Get It →
The DoD not only doesn’t protect national defense secrets like they’re, well, national defense secrets. It simply doesn’t follow basic security practices.
Penetration tools continue to improve, how about... →
Developers of tools used to penetrate networks seem to have unlimited resources to draw upon as they continue to improve ways to crack through your network and device defenses. Your defense should…
5 tags
“Juniper is set to launch software to allows security products from competing...”
– Juniper offers multi-vendor threat management, Tim Greene, Network World, 9 March 2009
Cyber profiling benefits and pitfalls →
Cyber profiling provides deeper insights into a prospective candidate character. It can also send the wrong message.
Vet employees, vet employees, vet employees →
Placing new employees in positions of trust requires establishing how far new people can actually be trusted. This seems like common sense, but a recent incident demonstrates just how little some…
Windows Mobile Protection on a Smart Card →
Smartcard protection on an SD card, easy and pain free.
“A senior Democratic lawmaker said on Thursday he would push to pass legislation...”
– Online Gambling Ban May Get Nixed, Reuters
Cyber-terrorism: Private organizations have... →
Reports of corporate and government database breaches aren’t new. Neither are reports of Chinese and Russian efforts to find ways of compromising the national infrastructure, and therefore the…
5 tags
AV software doesn't protect against bots... duh!
I’ve written several times about the need for extrusion detection systems to track bots on networks. At home, personal frewalls configured to block unwanted outgoing traffic are usually sufficient. And the large number of articles, blog posts, tweets, etc. about the global botnet problem should make any security manager anxious. However, a security company claims 3 to 5 percent of company...
“For the first time, scientists have successfully teleported information between...”
– Long-distance Teleportation Between Atoms
Windows 7: Mobile Data Protection with Bitlocker... →
Still looking for an easy, affordable solution for encrypting USB storage? Working on a limited budge while trying to figure out how to force encryption of mobile data? Your problems may be over if…
3 tags
4 tags
Forensics: Reassembling fragmented digital images
A new, inexpensive product can piece together deleted or fragmented digital images.
Unleash Retriever to track down and protect... →
Retriever is an easy to use, inexpensive solution to locate, lock, and report lost or stolen personal or SMB laptops. However, it may not be for everyone.
3 tags
New release of free HIDS
Need a host intrusion detection system? OSSEC might be for you, especially if budget is a problem.
OSSEC is a scalable, multi-platform, open source Host-based Intrusion Detection System (HIDS). It has a powerful correlation and analysis engine, integrating log analysis, file integrity checking, Windows registry monitoring, centralized policy enforcement, rootkit detection, real-time alerting...
Computer Ethics
Interesting computer ethics site with a free online computer ethics manual.