Windows2003 Servers Will Not be Patched After Jul

Support for  http://www.microsoft.com/en-us/server-cloud/products/windows-server-2003/ Microsoft Windows Server 2003 patches will not be created anymore after July of this year. So what if it will take more than April, May, and June to Migrate all of your windows 2003 servers? Sometimes a migration takes a lot longer than 3 months. If you are not thinking about the … Read more

33% of “Top” Websites Compromised

http://www.infosecurity-magazine.com/news/one-in-every-3-top-websites-are/ What it means is Forbes.com  has been used for a zero-day malware dissemination. The reason hackers are using top websites is that they are classified as “safe” sites in  sitecheck.sucuri.net for example. But a major site would be expected to have no malware. this is what is called a watering hole attack. Wikipedia explains in this … Read more

DDoS not only for disruption

DDoS(distributed Denial of System) means that a number of machines  on the Internet are attacking one of your machines, It starts with several machines(“Masters”) being controlled by the “Attacker”, then the “slaves” attack your machine. With this definition of DDoS normally The actual attack into your machine usually just floods the victim machine with nonsensical … Read more

Risk Management Framework

If you had to start over how would you do it? The NIST (National Institute Science Technology) document is a good place to start  http://csrc.nist.gov/publications/nistpubs/800-37-rev1/sp800-37-rev1-final.pdf Publication 800-37 Guide for Applying the Risk Management Framework to Federal Information Systems the document outlines how to set up a Risk Management Framework including partnerships with third party providers, … Read more

Patching Software “Security” Dilemma

We have a dilemma when deciding how and when to patch the software we depend on. Not all vulnerability patches are built to fix the problems they were set to resolve without causing any other problem.  Picture is from #TheHackerNews How do we resolve this while also realizing that the window to patch our software … Read more