Once your computers, switches, firewalls and routers are all patched now what? All your devices on the Internet have been tested and configured correctly. And thus they are about as secure as can be. Now what? Assuming the desktop and servers are patched and antivirus software is installed is there anything else to make … Read more
The Security Conversation has to change. Unknowing we(us humans in business and more) create a scenario which prevents us from being more secure Our Psyche seeks risk when confronted with loss decisions but seeks safety when confronted with gain decisions. This has been studied (Previous post as well) and is accurate for 70% of the … Read more
I have been watching the Derbycon videos (put up by IronGeek) and I like Paul Coggin’s comment: Are you worried about Day zero attacks? You have to take care of 80 day first. I have heard Paul’s talks before and this one in Derbycon is a bit different, but the theme is the same – … Read more
Just for fun I wanted to make the headline to be “Make Software Secure Again” But when was software secure? Never, as we assumed it was secure but actually SW was never tested and security problems started as people hacked software and thus it was never secure we were just ignorant or naive in the … Read more
Did you want to set up your own Intrusion Analysis department? Or at least give a framework for creating a method to understand a breach. Then read this document at threatconnect.com¹ by Sergio Caltagirone, Andrew Pendergast, and Christopher Betz. This document goes into the details of what the attacker/adversary can do to your infrastructure and … Read more
