Latest Blog Posts
February 03, 2014 Added by:Brent Huston
When serious problems strike the complacent and unprepared, the result is inevitably shock followed by panic. And hindsight teaches us that decisions made during such agitated states are almost always the wrong ones. This is true on the institutional level as well.
February 03, 2014 Added by:Rob Fuller
There are some great discussions on the NoVA Hackers mailing list. One such discussion was about what the best way to do dns hostname brute forcing was and which tool is better than another. For me, I just use the command line and then parse the results (or just ask the deepmagic.com database ;–)
February 03, 2014 Added by:Rebecca Herold
Every business, of any size, in any location, that uses mobile computing devices during the course of business (and you would be hard-pressed to name any that truly do not) need to have mobile computing device information security and privacy policies and procedures in place.
February 03, 2014 Added by:Dave Shackleford
There’s an amazing number of awesome search facilities that can be useful when doing OSINT and recon work for pen testing. I’ll list a lot of different sites that I have discovered and use regularly for both.
January 31, 2014 Added by:Vince Kornacki
Nest Labs currently offers two lines of smart home devices: thermostats and smoke / carbon monoxide detectors. Nest devices include super cool self-learning capabilities and convenient remote administration facilities through a web interface and mobile applications. But what about security?
January 30, 2014 Added by:Joe Franscella
The Security Blogger Network (SBN), the largest collection of information-security-focused blogs and podcasts in the world, has announced the SBN Social Security Awards 2014 finalists.
January 29, 2014 Added by:Krishna Raja
Discovering vulnerabilities is often the main objective of security teams within large organizations. This is achieved through initiatives such as penetration testing and source code review. But as we know, this is only the first step towards a secure organization.
January 29, 2014 Added by:Michael Sabo
The PCI’s 12 mandatory requirements are designed to protect cardholder data from the threat of fraud or theft. Requirement 11.3 gets to the heart of the pen test, and it was revised in PCI-DSS version 3.0.
January 28, 2014 Added by:Nima Dezhkam
Despite SAMM’s comprehensive guidelines around establishing an organization-wide security program and integrating security into in-house software development life-cycle, it does not elaborate as much on third-party vendor security and outsourced software development.
January 28, 2014 Added by:Patrick Oliver Graf
The convergent trends of BYOD, the consumerization of IT and mobility are causing rapid shifts in employees’ expectations for their work environment. Employees are driving the change by working remotely and on their own devices resulting in the workplace itself becoming increasingly flexible.
January 27, 2014 Added by:Electronic Frontier Foundation
Some people have condemned last week’s court decision to reject the bulk of the Federal Communications Commission’s (FCC) Open Internet Order as a threat to Internet innovation and openness. Others hailed it as a victory against dangerous government regulation of the Internet. Paradoxically, there is a lot of truth to both of these claims.
January 27, 2014 Added by:Anthony M. Freed
The attackers used a spear-phishing email designed to look like it was sent by the country’s Shin Bet secret security service which contained a malicious attachment that infected the systems with the Xtreme RAT software, a remote access tool.
January 27, 2014 Added by:Brent Huston
BIA (business impact analysis) is traditionally seen as part of the business continuity process. It helps organizations recognize and prioritize which information, hardware and personnel assets are crucial to the business so that proper planning for contingency situations can be undertaken.
January 27, 2014 Added by:Robb Reck
There is a natural tendency to lump security and compliance together. Intuitively it just makes sense right? The biggest compliance frameworks like PCI, GLBA, SOX and HIPAA are all looking to ensure that our security is up to snuff. In fact, if we do security right, compliance should come naturally, with very little additional technical work.
January 23, 2014 Added by:Robert Shaker
We have already seen attacks from the virtual world affecting the physical world, so, wouldn't it be great if an attacker could shut down our refrigerators or the chillers and freezers in the Supermarkets?