The Oracle CSO (Chief “Security” Officer) statements show a misunderstanding of IT security principles. IT-Security BlogNotions post is appropriate: That is why I came up with “Don’t Expose My Code Bro” I am afraid that a lot of Executives do not understand security principles within the IT industry. Let me help you understand a bit … Read more
Threatpost has the story: https://threatpost.com/court-rules-ftc-has-authority-to-punish-wyndham-over-breaches/114390 From the court brief http://www2.ca3.uscourts.gov/opinarch/143514p.pdf are some interesting snippets: Let’s list the cybersecurity problems that Wyndham had: Stored CC data (which is a violation of PCI standard) Passwords were simple (Example: “micros” in a Micros computer default pw) Did not use firewalls between their corporate network, property management system, … Read more
We have to continue “learning” from high profile hacks. As you may have read in the news a “dating” site that attracts extra marital hookups has been hacked by some hackers. The after action report in detail has not been released so nothing really to learn from the hacking itself. Except the usual – I … Read more
Check out this computer joke section: http://www.surfersam.com/friends/funny-computer-jokes.htm Surfer Sam has several interesting computer jokes (my opinion of course) Artificial Intelligence usually beats real stupidity. I always love the old computer quotes: “I think there is a world market for maybe five computers. — Thomas Watson, chairman of IBM, 1943 The drinking song … Read more
The talk on pdf form at Defcon media servers: Inter-VM data exfiltration – The art of cache timing covert channel on x86 multi-core By Etienne Martineau a kernel developer. So how can you steal data from one instance while being on another in the same hypervisor machine – you see the … Read more