Just for fun I wanted to make the headline to be “Make Software Secure Again” But when was software secure? Never, as we assumed it was secure but actually SW was never tested and security problems started as people hacked software and thus it was never secure we were just ignorant or naive in the … Read more
Compliance standards have similar goals (PCI – HIPAA – SOX – e-discovery) and the question is what should your password policy be to fulfill compliance and your own security risk profile. images from PCI standards doc, Adobe images site(HIPAA), Forbes (SOX), and aos.com (ediscovery) How many characters? Should there be special characters besides alphanumeric? Capital … Read more
BlackHat¹ videos are up now… Specifically HEIST video² – Http Encrypted Information can be Stolen through TCP windows By Tom Van Goethem & Mathy Vanhoef Belgian researchers The technical video about how a browser session can attack a server which attempts to prevent an attack using a token. The aspects of the encryption defense (CSRF token) … Read more
Did you want to set up your own Intrusion Analysis department? Or at least give a framework for creating a method to understand a breach. Then read this document at threatconnect.com¹ by Sergio Caltagirone, Andrew Pendergast, and Christopher Betz. This document goes into the details of what the attacker/adversary can do to your infrastructure and … Read more
Here is the “moneyquote”: Once it is scanned, you assign a name and connect to the camera. A very simple and elegant setup solution to get up and running quickly. Unfortunately for Zmodo and the purchasers of this camera this came out today(was 05/2016– then updated 08/2016): CERT² – Computer Emergency Response Team Vulnerability Note … Read more
