How To Stay Secure in Insecure World

I want to highlight 2 current articles: http://www.infosecurity-magazine.com/news/pawn-storm-serves-malware-via-fake/ and http://googleonlinesecurity.blogspot.com/2015/07/new-research-comparing-how-security.html   It is best to use good passwords, 2factor authentication, and patch your systems   The first article points to how a fake website was set up and delivers a zero-day java exploit attack onto unsuspecting users as they come in the website, and you … Read more

Stop Attacking Me – Don’t exploit My Code Bro

The Oracle CSO (Chief “Security” Officer) statements show a misunderstanding of IT security principles. IT-Security BlogNotions post is appropriate: That is why I came up with “Don’t Expose My Code Bro” I am afraid that a lot of Executives do not understand security principles within the IT industry. Let me help you understand a bit … Read more

DefCon Talk Your: Domain is Compromised “Now What”?

  Grant Bugher with perimetergrid.com had a talk on the DEFCON101 track.  “Obtaining and Detecting Domain Persistence” As the slide above states, it is not about _how_ to hack a domain. But assuming someone has – now what? 1st Process start command line logging  and PowerShell logging enabled on all systems. 2nd SysMon(Sysinternals Monitoring Service) … Read more