Physical security is king
I have been in IT and security for over 16 years now, and in all that time I have been almost exclusively a PC user. I have done serious work on a Mac only about 2 or three times in my career, and all of those were trying to figure...
Bot herders using Twitter for command and control
I wrote about my worries on the future of social networking earlier this week. My point was that I was concerned because of the botnet resources some organizations had and how they could take down sites like Twitter and Facebook...
Heartland CEO gets a smackdown after his CSO interview
If you are reading this, you probably know about Heartland Payment Systems and the credit card system breach they suffered in late '08 - early '09. There a lot of details to be found, so I won't rehash it all. So let's just focus...
Social Networking and cyber attacks - is this our future?
Though I gave up my Facebook account a while ago (just seemed to conflict with my job as a security professional), I am an avid user of Twitter (@m1a1vet). So when I was trying to throw out some tweets last week and TweetDeck showed...
SSH password attacks on the rise
Looks like SSH brute force password attacks are on the rise, and they seem to be pretty successful. This is according to Daniel Wesemann over at SANS Internet Storm Center, who reported it last Friday. And Daniel wants to make sure...
Employee responsibility at conferences
In a recent article about security conferences over at Security Catalyst, Andrew Hay spoke of how sending employees to security conferences can be very valuable to the employer. He pointed out that the "field of security is a...
RSA Conference scholarship opportunity
Here's something for those security professionals out there who have attended the RSA Conference in the past and who have lost their job recently. RSA Conference just announced a special scholarship program specifically for...
Minimize disgruntled workers through furloughs
Are you a business owner hit by the recession that is considering layoffs but has worries about disgruntled workers? Do you need to save some money but don't want to lose intellectual property to your ex-employees? If so, maybe you...
Swiping your own card in Nashville
A Nashville, TN, restaurateur is offering his clients the opportunity to swipe their own credit cards when they dine in his establishment to guard against employees skimming credit cards when they take them back to the kiosk to...
Mule skinners need background checks
Don't know what a mule skinner is? Officially, it is any worker who drives mules. But the mule skinners in this case are "seasonal workers who dress in colonial garb at a historical park in Easton, Pa." who use mules to pull boats...
New Excel 0-day being exploited
Symantec is reporting that there is an exploit in the wild for an Excel 2007 and Excel 2007 SP1 zero-day remote code execution vulnerability (other versions may be affected as well). There's not a lot of publicly available...
Reported federal cyberattacks increasing
It looks like cyberattacks against federal networks are increasing. This comes from an article in USA Today stating that in 2008 there was a 40% increase of reported cyberattacks against U.S. Government computer networks, with many...
The process for scoping internal PCI pen tests
I wanted to lay out the typical process that I go through when meeting with a client who needs a penetration test for PCI compliance. I think this will be helpful for those of you involved in these types of engagements.You have a...
Low tech hack reveals Facebook / ConnectU settlement details
Some of you probably know that there has been a court battle going on for some time between Facebook and ConnectU. They reached a settlement for it back in Feb of 2008, but according to Wikipedia, ConnectU "attempted unsuccessfully...
Trojans from windshield fliers
This has been floating around since Feb 3rd, but I really thought it was worth pointing out this story because it shows just how smart some bad guys can be, even if the malware they are using sucks. The story started at the SANS ISC...
Less is more
If you don't read xkcd comics, then you are missing out. The latest one is absolutely hilarious. Take a look:There is not much to add to this comic. The real temptation here is to just stop writing and let this comic speak for...
Default passwords on road signs in Austin
I lamented a while back on my personal blog about default passwords. It was inspired by a client who had us doing a security assessment. We found a default password on the device that aggregated all of their Internet connections...
A 14-year-old social engineers the police
From Fox News in Chicago:A 14-year-old boy was charged with false impersonation of a police officer after entering a South Side police station in full uniform Saturday and reporting for duty.No biggie, right? The police laughed in...
Let the Windows 7 bashing begin
Please do me a favor and read this entire post before you comment-flame me. Now on with the show!Yes, I admit it. I enjoy controversy. And whenever the great evil empire called Microsoft (yes, that is sarcasm) does anything,...
To Twitter - tighten up NOW
My Granny used to tell me that bad things always happen in threes. So that is my warning to Twitter. First there was the phishing scam. Now some 18-year-old hacker is getting into your admin tools via a dictionary attack and...
Top Blog Posts
