GitHub DDoS Attack Meaning

https://status.github.com/messages The status messages from the weekend state the problems GitHub had. We discussed a feint DDoS attack last week on blogpost: http://oversitesentry.com/ddos-not-only-for-disruption/   There are cases of DDoS that PCI compliance asks you to place the risk in a low category: Risk  level: Severity is low for Denial-of-service attack, abnormal termination   So the low risks are … Read more

Windows2003 Servers Will Not be Patched After Jul

Support for  http://www.microsoft.com/en-us/server-cloud/products/windows-server-2003/ Microsoft Windows Server 2003 patches will not be created anymore after July of this year. So what if it will take more than April, May, and June to Migrate all of your windows 2003 servers? Sometimes a migration takes a lot longer than 3 months. If you are not thinking about the … Read more

33% of “Top” Websites Compromised

http://www.infosecurity-magazine.com/news/one-in-every-3-top-websites-are/ What it means is Forbes.com  has been used for a zero-day malware dissemination. The reason hackers are using top websites is that they are classified as “safe” sites in  sitecheck.sucuri.net for example. But a major site would be expected to have no malware. this is what is called a watering hole attack. Wikipedia explains in this … Read more

DDoS not only for disruption

DDoS(distributed Denial of System) means that a number of machines  on the Internet are attacking one of your machines, It starts with several machines(“Masters”) being controlled by the “Attacker”, then the “slaves” attack your machine. With this definition of DDoS normally The actual attack into your machine usually just floods the victim machine with nonsensical … Read more

Risk Management Framework

If you had to start over how would you do it? The NIST (National Institute Science Technology) document is a good place to start  http://csrc.nist.gov/publications/nistpubs/800-37-rev1/sp800-37-rev1-final.pdf Publication 800-37 Guide for Applying the Risk Management Framework to Federal Information Systems the document outlines how to set up a Risk Management Framework including partnerships with third party providers, … Read more