Hacker tools-o-trade
Computer hacking, as well as other IT jobs, can be a structured, documented and repetable proccess to find security holes in company infraestruture.
As easy as 1, 2, exploit.
Protecting and securing our systems can be an exhaustive and long term duty when we are dealing with the complexity of network infraestructure today.
The importance of using the correct platform for your applications
Trojan infected ATMs were discovered on Eastern Europe this year, first in Russia and later this month same problems were spotted in other cities.

BlackHat Without The Drama
Well another BlackHat is in the books and another round of vulnerabilities have been disclosed and bantered about.
Crowdsourcing Payment Security
In my inaugural post to this blog, I wrote about many of the religious wars that break out today regarding payment security and specifically PCI.
OpenID Publishes Security Best Practices
A set of security best practices were recently published via wiki for users, providers, and relying parties of OpenID.

Talk The Walk
Language is arguably the most powerful creation of the human species, the most successful mechanism to encode and transmit information across geographical, cultural and temporal boundaries. The humankind’s ability to create and use a system of symbols has been subject of the study, commentary and vivid debate for centuries. This blog post is about language. What is the language of information security and how do we use it? How do infosec professionals talk their walk?
The Future of Risk
What may 2030 look like to a CISO/CSO or the regular information security practitioner? What will be the prevalent form of Information Security Risk Management? Although I can’t provide definitive answers I feel confident enough to share some thoughts and predictions knowing that it is unlikely that I’ll be made accountable for them in 20 years. Nonetheless, this may be a useful exercise to foster longer term strategic thinking about the infosecurity community, the market and the evolution of threats and risk.
June’s Patching Inferno
The month is over, patching is past and we are not saved. June 2009 may have been one of the busiest months of the year for information security officers with patch and vulnerability management oversight

Building A Culture of Preparedness
How much is your organization doing to prepare personnel for emergencies?
Why Don't You Take Care of That?
I’ll begin my blog here on CSO with this quick introduction and then I’ll dive in. My background has encompassed more than 25 years in information systems and security. Wait, are you reading the right blog, here?

Pt. 1 of an Interview with Edward Schwartz - The Truth about Regulatory Compliance
This is the first part of my podcast interview with Edward Schwartz, CSO of NetWitness. In this installment, Mr. Schwartz comments on regulatory compliance as a driver for security spending. He shines a light on how myopic focus on complaince can be dangerous to the organization.
SecurityBINGE - InfoSec from the Hacker's Perspective
SecurityBinge – a team composed of Chris Martin aka pr34ch, Tim Elrod aka ri0t, and Stefan Morris aka Janus – are forging a video podcast show addressing information security from the hackers’ perspective. SecurityBinge, according to its founders, “will have a community-driven focus in the delivery of its high quality video productions.”
Security and the Tao of the Organization
According to Sun Tzu, the Tao is the Way – the context that defines how actions are perceived and valued. In a business context, corporate values and culture define the Tao. The success of any strategy depends on how it is supported by the Tao.

Stop Repeating the Same Mistakes
Even if a solution seemed like a good idea a few years ago, that is no reason to perpetuate something which is now known to be a security vulnerability.
Playing Catch-up, Again
Controlling endpoint applications (installation, patching, hardening, etc.) is a difficult but necessary component of safeguarding your data and your network.
Learning from the Attack on the Apache Software Foundation
Even if we don't use Linux, there are lessons to learn from what happened to Apache.

Cable Modem Hacker Busted by Feds
An expert on cable modem hacking has been arrested by federal authorities on computer intrusion charges.
Alleged Sarah Palin hacker, Kernell to wait another six months for trial
David Kernell's trial has been pushed back six months as the judge considers motions in the case.
German man arrested for alleged extortion of Facebook clone
A German man has reportedly been arrested after crawling several popular German social-networking sites for data and then allegedly trying to extort $120,000 from the sites' operators.

Mujahid's Guide to InfoSec and a Bin Laden Rehash in Pashto
Reruns hit Jihad video circuit Two thumbs down for Mujahid's Guide to Information Security - donations please...
Data Loss Prevention – What the DLP Companies Don't Tell You
Compliance, Privacy, IT and Security will need to determine the impact to their controls (or lack thereof) creating a punch list of countermeasures and finding out why the ones they have deployed are not working – and what the impact is to your regulatory, statutory and standards-based compliance programs;
Human Cyber Jihad Virus
From Cyber Jihad to Human and Computer Viruses - It has been a busy week

A Call to Cyber Security Action: Think Globally and Act Locally
I recently visited Africa for the first time, and I was impressed. The South African government invited me to give a keynote speech at GovTech 2009 in Durban on hot cyber security trends within governments around the world. Not only was the conference impressive, I met people of different nationalities before, during and after the conference who convinced me that we have cyber allies in every corner of the globe. Cyber experts: we need to think globally and act locally.
Why Do Disruptive Cyber Attacks Seem to Rise Every August?
Why do disruptive cyber attacks seem to rise every August? I've been asking myself that question for several years now. Could it be the timing of the annual Black Hat convention? Students going back to college? Are the hackers taking July off and coming back refreshed in August? Or am I imagining things? I need your help.
Hacking Power: Feds Promise Smart Grid Security
My first exposure to "back doors" on computers came from watching the movie "War Games." It was 1983, and I was a computer science major at Valparaiso University. I still remember two of the taglines: "The only winning move is not to play." Or, "Is it a game, or is it real?" Get ready for new movies highlighting smart teenagers hacking into your local power grid.