Latest Blog Posts
Your Weekend Security Challenge: Password-Style
April 12, 2013 Added by:Le Grecs
Password managers will automatically fill in usernames and passwords as your target surfs around the web doing their usual things. I’ve found they just love this convenience and it serves as a great motivator for them to continue using it.
Comments (0)
Securing SCADA Systems - Why Choose Compensating Controls?
April 12, 2013 Added by:Eric Byres
This week, Eric looks at the pros and cons of using compensating controls as an alternative to patching, and discuss the requirements for success.
Comments (0)
Attack Vector Undefined: Dismantling ‘Defense in Depth’ through Power Grid.
April 12, 2013 Added by:Mikko Jakonen
Well, before COTS (Commercial Off The Shelve) came popular in military and other organizations thinking their security, this could have been avoided. Nowadays, very difficult. Even in trailers. You still need only one computer making possible to interact with others – in many different NETs existing :)
Comments (0)
Digital Natives, Digital Savages, and Immigration
April 12, 2013 Added by:Jack Daniel
It has been a while since I’ve written about “Digital Natives”, but Krypt3ia’s recent post Digital Natives, Digital Immigrants, Exo-Nationals and The Digital Lord of The Flies has me thinking about it again.
Comments (0)
Momma Said “Risk is Like a Box of Chocolates…”
April 10, 2013 Added by:Tripwire Inc
In the movie Forrest Gump, the main character comments, “life is like a box of chocolates – you never know what you’re gonna get.” I think the same can be said for risk.
Comments (1)
2013 SXSWi Security Trends in Technology
April 10, 2013 Added by:Robert Siciliano
At the SXSWi conference this year, mobile was a big deal—which meant mobile applications and their security are high on developers’ radars.
Comments (0)
Applied Cyber Security and the Smart Grid: Implementing Security Controls into the Modern Power Infrastructure
April 09, 2013 Added by:Ben Rothke
In Applied Cyber Security and the Smart Grid: Implementing Security Controls into the Modern Power Infrastructure, authors Eric Knapp and Raj Samani provide and excellent overview on what the smart grid is and how it can be secured.
Comments (1)
Security Awareness: To Train or Not to Train?
April 08, 2013 Added by:Le Grecs
It's up for each organization to monitor their threats and weaknesses and use the appropriate set of controls to minimize their risk to an acceptable level. Perhaps security awareness is part of that ... perhaps it is not.
Comments (0)
Enter the CISO: Torchbearer of Security and Risk Management
April 06, 2013 Added by:Anthony M. Freed
In a convergence culture, accountability for risk is accepted across the organization, and when that happens, risk management becomes a priority to the business, informing strategy and objectives. By helping identify and mitigate risk across finance, operations and IT, the CISO puts security in context of what could affect profit.
Comments (0)
Making Patching Work for SCADA and Industrial Control System Security
April 05, 2013 Added by:Eric Byres
Applying patches is a critical part of good security. According to US-CERT, about 95% of all network intrusions could have been avoided by keeping systems up to date with appropriate patches. What I am against is patching as a knee-jerk reaction to security vulnerabilities. You can’t expect your control system to operate reliably if you don’t have a controlled process for patching.
Comments (0)
Protect Data Not Devices?
April 05, 2013 Added by:Simon Moffatt
As the devices becomes smarter, greater emphasis is placed on the data and services those devices access. Smartphones today come with a healthy array of encryption features, remote backup, remote data syncing for things like contacts, pictures and music, as well device syncing software like Dropbox. How much data is actually specifically related to the device?
Comments (0)
Debunking Myths: Penetration Testing is a Waste of Time
April 04, 2013 Added by:Rohit Sethi
Before you perform your next security verification activity, make sure you have software security requirements to measure against and that you define which requirements are in-scope for the verification.
Comments (0)
New California "Right to Know" Act Would Let Consumers Find Out Who Has Their Personal Data -- And Get a Copy of It
April 03, 2013 Added by:Electronic Frontier Foundation
A new proposal in California, supported by a diverse coalition including EFF and the ACLU of Northern California, is fighting to bring transparency and access to the seedy underbelly of digital data exchanges.
Comments (0)
ICS-CERT Alerts of Mitsubishi MX SCADA Vulnerability
April 03, 2013 Added by:Steve Ragan
ICS-CERT has issued a warning this week after vulnerability details concerning Mitsubishi’s MX Component started to gain attention online.
Comments (0)
MongoDB Remote Command Execution Vulnerability: Nightmare or Eye-Opener?
April 03, 2013 Added by:Rohit Sethi
The March 24th public disclosure of a MongoDB zero-day vulnerability (CVE-2013-1892) has been raising eyebrows and initiating discussion among IT security and developers alike. Here’s why we think it stands out...
Comments (0)
Deconstructing Defensible - Defensible is not the Same as Secure
April 02, 2013 Added by:Rafal Los
This post and the few that follow will go through the five basic ideas behind defensibility and why defensible is a state we should be striving for as enterprise security professionals.