- Hacker tools-o-trade
Computer hacking, as well as other IT jobs, can be a structured, documented and repetable proccess to find security holes in company infraestruture.
- As easy as 1, 2, exploit.
Protecting and securing our systems can be an exhaustive and long term duty when we are dealing with the complexity of network infraestructure today.
- The importance of using the correct platform for your applications
Trojan infected ATMs were discovered on Eastern Europe this year, first in Russia and later this month same problems were spotted in other cities.
- BlackHat Without The Drama
Well another BlackHat is in the books and another round of vulnerabilities have been disclosed and bantered about.
- Crowdsourcing Payment Security
In my inaugural post to this blog, I wrote about many of the religious wars that break out today regarding payment security and specifically PCI.
- OpenID Publishes Security Best Practices
A set of security best practices were recently published via wiki for users, providers, and relying parties of OpenID.
- Chrome OS Is Coming, And It Is Impressive
By Andrew Jaquith
- The Madoff Scandal Widens To Include IT
By Chris McClean
- The iPhone “Worm” Presents No Risk To Most Users
By Andrew Jaquith
- Talk The Walk
Language is arguably the most powerful creation of the human species, the most successful mechanism to encode and transmit information across geographical, cultural and temporal boundaries. The humankind’s ability to create and use a system of symbols has been subject of the study, commentary and vivid debate for centuries. This blog post is about language. What is the language of information security and how do we use it? How do infosec professionals talk their walk?
- The Future of Risk
What may 2030 look like to a CISO/CSO or the regular information security practitioner? What will be the prevalent form of Information Security Risk Management? Although I can’t provide definitive answers I feel confident enough to share some thoughts and predictions knowing that it is unlikely that I’ll be made accountable for them in 20 years. Nonetheless, this may be a useful exercise to foster longer term strategic thinking about the infosecurity community, the market and the evolution of threats and risk.
- June’s Patching Inferno
The month is over, patching is past and we are not saved. June 2009 may have been one of the busiest months of the year for information security officers with patch and vulnerability management oversight
- Building A Culture of Preparedness
How much is your organization doing to prepare personnel for emergencies?
- Why Don't You Take Care of That?
I’ll begin my blog here on CSO with this quick introduction and then I’ll dive in. My background has encompassed more than 25 years in information systems and security. Wait, are you reading the right blog, here?
- Pt. 1 of an Interview with Edward Schwartz - The Truth about Regulatory Compliance
This is the first part of my podcast interview with Edward Schwartz, CSO of NetWitness. In this installment, Mr. Schwartz comments on regulatory compliance as a driver for security spending. He shines a light on how myopic focus on complaince can be dangerous to the organization.
- SecurityBINGE - InfoSec from the Hacker's Perspective
SecurityBinge – a team composed of Chris Martin aka pr34ch, Tim Elrod aka ri0t, and Stefan Morris aka Janus – are forging a video podcast show addressing information security from the hackers’ perspective. SecurityBinge, according to its founders, “will have a community-driven focus in the delivery of its high quality video productions.”
- Security and the Tao of the Organization
According to Sun Tzu, the Tao is the Way – the context that defines how actions are perceived and valued. In a business context, corporate values and culture define the Tao. The success of any strategy depends on how it is supported by the Tao.
- Stop Repeating the Same Mistakes
Even if a solution seemed like a good idea a few years ago, that is no reason to perpetuate something which is now known to be a security vulnerability.
- Playing Catch-up, Again
Controlling endpoint applications (installation, patching, hardening, etc.) is a difficult but necessary component of safeguarding your data and your network.
- Learning from the Attack on the Apache Software Foundation
Even if we don't use Linux, there are lessons to learn from what happened to Apache.
- Cable Modem Hacker Busted by Feds
An expert on cable modem hacking has been arrested by federal authorities on computer intrusion charges.
- Alleged Sarah Palin hacker, Kernell to wait another six months for trial
David Kernell's trial has been pushed back six months as the judge considers motions in the case.
- German man arrested for alleged extortion of Facebook clone
A German man has reportedly been arrested after crawling several popular German social-networking sites for data and then allegedly trying to extort $120,000 from the sites' operators.
- GAO Report and Ponemon Study Show Public-Private Parallel Themes!!
There are many more metrics we could cover that describe the state of current agency efforts to security the nation’s critical infrastructure but I believe this is enough to demonstrate the current maturity of the efforts.
- Cyber Mercenaries - Avatar Forces
The new cyber commands within the US military will need to establish mercenary programs with private industry, virtual cyber forces that perform offensive actions against entities hostile to the US Government and critical infrastructures.
- BATTLE from Team Cymru
Botnet Analysis Tactical Tool Law Enforcement
- Why Do Security Professionals Fail?
Why do security professionals fail? What works and what doesn't seem to make much difference in getting consistently good results? My answers will probably surprise you.
- A Call to Cyber Security Action: Think Globally and Act Locally
I recently visited Africa for the first time, and I was impressed. The South African government invited me to give a keynote speech at GovTech 2009 in Durban on hot cyber security trends within governments around the world. Not only was the conference impressive, I met people of different nationalities before, during and after the conference who convinced me that we have cyber allies in every corner of the globe. Cyber experts: we need to think globally and act locally.
- Why Do Disruptive Cyber Attacks Seem to Rise Every August?
Why do disruptive cyber attacks seem to rise every August? I've been asking myself that question for several years now. Could it be the timing of the annual Black Hat convention? Students going back to college? Are the hackers taking July off and coming back refreshed in August? Or am I imagining things? I need your help.
VIRTUAL CONFERENCE
Security Directions: A Virtual Conference
Available On Demand Sept. 30 - Dec. 30
Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.
