zafirt

Federal Laws May Affect Cybersecurity Legal

by

Security Magazine has the story: http://www.securitymagazine.com/articles/86057-understanding-the-new-federal-cyber-laws The CEA(Cybersecurity Enhancement Act 2014) is the most significant of the December bills both in breadth and likely in significance. Where NIST(National Institute of Standards and Technology) has setup a Cybersecurity framework which is very flexible for companies to follow.  NIST Feb 12,2014 Cybersecurity Framework document. The interesting paragraph … Read more

Vulnerabilities Can Be Exploited

by

(Sunday reflections and current news) Specifically the Seagate NAS  Business Storage Line Today’s Internet Storm Center has the story. This is the method the attackers can use to hack the devices(From ISC): “It appears to be trivial to exploit the devices and a metasploit module and an exploit are publicly available.” PII(Personally Identified Information) was bought … Read more

Exploit Home Routers Then Pharm DNS servers

by

Yes another slightly new style of attack: http://www.networkworld.com/article/2889933/hackers-exploit-router-flaws-in-unusual-pharming-attack.html There are a couple of slightly new twists in this hacker style attack. Proofpoint found the attack (as a spam protection company they see all kinds of emails)  https://www.proofpoint.com/us/threat-insight/post/Phish-Pharm Here is definition of pharming: “Attackers use poisoned DNS servers to redirect address requests, usually for online banking … Read more

How do we improve Security?

by

We need a Renaissance of focus on Security. I’m a Systems Engineer (http://www.fixvirus.com/about-us-full-story/) and teacher of Security Architecture (SEC020 at Professional Education Technology & Leadership Center at Washington university in Saint Louis) So of course like a dentist looking at teeth (they can’t help it) I look at computers from a systems point of view. Which … Read more

PCI Compliance Also on Cloud?

by

What about “PCI Compliance on Cloud?”   There _is_ a document by the Payment Card Industry (PCI) SSC(Security Standards Council) website https://www.pcisecuritystandards.org/pdfs/PCI_DSS_v2_Cloud_Guidelines.pdf Notice this is a v2(Feb 2013) document of the DSS (Data Security Standard), and we know that the latest DSS document is v3 (Nov 2013), but we can figure out a few things … Read more