http://www.infosecurity-magazine.com/news/one-in-every-3-top-websites-are/ What it means is Forbes.com has been used for a zero-day malware dissemination. The reason hackers are using top websites is that they are classified as “safe” sites in sitecheck.sucuri.net for example. But a major site would be expected to have no malware. this is what is called a watering hole attack. Wikipedia explains in this … Read more
DDoS(distributed Denial of System) means that a number of machines on the Internet are attacking one of your machines, It starts with several machines(“Masters”) being controlled by the “Attacker”, then the “slaves” attack your machine. With this definition of DDoS normally The actual attack into your machine usually just floods the victim machine with nonsensical … Read more
If you had to start over how would you do it? The NIST (National Institute Science Technology) document is a good place to start http://csrc.nist.gov/publications/nistpubs/800-37-rev1/sp800-37-rev1-final.pdf Publication 800-37 Guide for Applying the Risk Management Framework to Federal Information Systems the document outlines how to set up a Risk Management Framework including partnerships with third party providers, … Read more
We have a dilemma when deciding how and when to patch the software we depend on. Not all vulnerability patches are built to fix the problems they were set to resolve without causing any other problem. Picture is from #TheHackerNews How do we resolve this while also realizing that the window to patch our software … Read more
The criminal hacker is out to get you – The auditors want you to have your paperwork in place. What is the real weak point that we need to focus on? http://www.scmagazine.com/compliance-with-requirement-11-in-pci-dss-drops/article/403249/ Security magazine discussed requirement 11 which is the test and validating all wireless access points. One must validate the wireless access point survey … Read more