Blog Posts Tagged with "Brent Huston"

E313765e3bec84b2852c1c758f7244b6

Apple’s PC Free Feature: Insecure, But Maybe That’s Good

March 02, 2012 Added by:Brent Huston

During the WWDC keynote, Brent Huston spent considerable time discussing the lack of built-in security for the iOS. Each unique identifier on numerous devices would allow possibly unwanted users to see information they shouldn’t see. In some cases, not such a bad idea...

Comments  (0)

E313765e3bec84b2852c1c758f7244b6

Stealth Code for New Mutation of PHP Bot Infector

February 21, 2012 Added by:Brent Huston

I found a new mutation of a PHP bot infector, with zero percent detection by AV software. When I decoded the PHP backdoor I got 17 AV hits on it. This leads to the question about evasion techniques and how effective anti-virus applications are at doing code de-obfuscation...

Comments  (0)

E313765e3bec84b2852c1c758f7244b6

Smart Grid Raises the Bar for Disaster Recovery

February 13, 2012 Added by:Brent Huston

Many of the organizations we have talked to simply have not begun the process of adjusting their risk assessments, disaster plans and the like for these types of operational requirements, even as smart grid devices begin to proliferate across the US and global infrastructures...

Comments  (0)

E313765e3bec84b2852c1c758f7244b6

Focusing on Input Validation

February 11, 2012 Added by:Brent Huston

Input validation is the single best defense against injection and XSS vulnerabilities. Done right, proper input validation techniques can make web-applications invulnerable to such attacks. Done wrongly, they are little more than a false sense of security...

Comments  (0)

E313765e3bec84b2852c1c758f7244b6

System Compromise: What the Heck is a FeeLCoMz String?

February 03, 2012 Added by:Brent Huston

If you find those strings, they usually indicate other PHP scanners, worms or attack tools have compromised the system. Now, if you don’t find those, it does NOT mean the system is safe, the list of all of those relevant strings would be too large and dynamic to manage...

Comments  (0)

E313765e3bec84b2852c1c758f7244b6

Snort and SCADA Protocol Checks

January 25, 2012 Added by:Brent Huston

There are a wide variety of open source tools that can be leveraged around Snort, making it a powerful approach to visibility. Having people in the industry who know how the systems Snort work allows for better development of signatures for nefarious issues...

Comments  (0)

E313765e3bec84b2852c1c758f7244b6

How To Choose A Security Vendor

January 16, 2012 Added by:Brent Huston

Variations exist in depth, skill level, scope, reporting capability, experience, etc. Selecting security testing vendors based upon price is a bad idea. Matching specific experience, reporting styles and technical capabilities to your environment is a better solution...

Comments  (0)