Is risk management working for us?

As we are devising new strategies and techniques so our businesses are not in the news, our business is not worth the time of the hackers etc. I want to ask the question is risk management as a methodology really serving us well? Sure we justify and enumerate how much money to spend on security … Read more

What would it take for a more secure world?

Have you had an inkling that cyber security is getting worse?   remember this post from Black Hat2014 where I posted about a dilemma of management?  It is as if this problem is so pervasive we can’t do anything about this. There seem to be more cyber breaches not less, we now expect to get hacked. … Read more

12 mil SOHO routers vulnerable

Checkpoint found a “Misfortune Cookie” vulnerability in various gateway devices for the home.   This is the paper about how to protect one’s device: http://mis.fortunecook.ie/misfortune-cookie-tr069-protection-whitepaper.pdf thsi is especially disconcerting: Any user traffic destined for banking or financial sites was redirected to malicious servers under the attackers control or redirected through SSL proxies where the security of … Read more

Point of Sale Honeywell buffer overflow attack

Honeywell Point Of Sale(POS) systems – like the Dolphin Scanners: The components of Honeywell’s software (OLE for Retail POS systems to be exact) seem to be susceptible to buffer overflow attacks. Threatpost blogpost Relevant paragraph: “The Honeywell OPOS Suite provides a standard programming interface that allows POS hardware to be easily integrated into retail POS … Read more