Welcome!


Security

There has been a lot of media attention on Heartbleed and as always that means a lot of bizarre and often conflicting advice. I sat down (for a very long time) to find the truth of the matter and bring it together in one single article for those involved in enterprise mobility. "The ...
Global information technology networks that are rich in services are typically complex and require hard-to-manage security solutions. The latest versions of next-generation firewalls now offer multiple security layers that can complicate management, particularly as more and more featur...
information and other data that must be protected. Medical practices, credit unions and independent retailers all face HIPAA, PCI and other standards. With so many regulations and limited budgets, how can small businesses keep up? Here are the top security mistakes that leave SMBs vuln...
In this series of blogs we will expose how fraudsters operate, we will run through several typical fraud scenarios, we will investigate where, how and why legacy detection solutions fall short, and what can be done to improve them. Banks and Insurance companies lose billions of dollar...
The reemergence of the Dirt Jumper botnet in association with fraudulent wire transfer and ACH transactions continues to highlight one simple truth: cybercriminals are all about money, whether it is generated directly via fraud or via access to information. Dirt Jumper came into the ...
Hackers and other attacks have become a major concern for businesses of all sizes. There are many reasons why your network could be taken out and rendered offline. Having your website down for even a few minutes can cause serious damage not only to your bottom line but also to your com...
On a recent trip back to the United States from abroad, I stood in line with several others as we waited for Homeland Security officers to check our documents and credentials. You knew as you waited in that long line of other residents returning from their trips, that when the person a...
When we talk about online security there’s a school of thought that suggests you can either make it safe, or you can make it easy to use, but you can’t have both. As we see a sharp rise in online fraud and identity theft it seems that traditional passwords are neither. The 2012 Ident...
But what is malware and what makes it so particularly bad for your PC? Malware - short for "malicious software," malware refers to software programs designed to damage or do other unwanted actions on a computer system. Below is a list of the top ten things you may not, but should, k...
Implement the predictive analytic process that is designed to assess/score risk attributes during authentication so that Access Management can determine whether to require the user to complete further authentication steps. Does this sound familiar? Ann, sitting at her desk eating lun...
Information security professionals often find themselves filling a critical but unique role within an organization. An effective security approach must balance required business operations and system availability while still ensuring the confidentiality and integrity of these same syst...
IT professional have a poor track record when it comes to defining and assessing risk. One of the most important responsibilities of the information security professional (or any IT professional, for that matter) is to help management make well-informed decisions. Unfortunately, this ...
Let’s take the notion of a user identity – or to be more precise, the user’s avatar – and consider it to be a Cloud resource. The user, that is, we can provision such avatars as we see fit. And because they’re in the Cloud, they’re location independent. Facebook could use our avatar. A...
The Open Group's Jim Hietala recaps presentations at the recent Open Group Conference on cybersecurity and protecting global supply chains. Cybersecurity is at a critical juncture, and conference speakers highlighted the threat and attack reality and described industry efforts to move...
Today’s software development is geared more towards building upon previous work and less about reinventing content from scratch. Resourceful software development organizations and developers use a combination of previously created code, commercial software, open source software, and th...
If you were happily running your IT system but needed some additional performance, chances are you turned to some kind of SSD caching solution to improve performance at a lower cost point than adding more servers or storage. You went on what I am calling a “cache diet” (no, not the “cr...
If you work in information technology and you passed through the city of London over the last week it would have been hard not to notice the InfoSec IT security conference being held at the Earl’s Court exhibition center. Logically, of course, certain themes and trends came out of th...
Today, security is undoubtedly the biggest risk and negative side effect to cloud computing. Fortunately, the status quo is about to change. The Trusted Computing Group (TCG), a not-for-profit organization that has developed open standards for computers, networks, storage and mobile de...
Sharing files with friends has never been easier. Whether it is via old-school hard copy methods like CDs, DVDs and USB drives, nefarious peer-to-peer torrents like BitTorrent or new shared, private cloud storage services like Dropbox, getting a photo or music file from one person to a...
The purpose of this article is to describe some tools and techniques in performing the planning, scoping, and recon portion of a penetration test. In covering these tools and techniques the reader will learn how to use them to find vulnerabilities in their organization and help improve...
United States military contractors are under unprecedented pressure to find ways to cut costs for their federal government customers despite the interest in developing new technologies to fight the war on terrorism. Gone are the days when contracts would swell exponentially without any...
Ever wondered how to use the autopwn feature in Metasploit on Unbuntu? Want to run nessus from within metasploit? What database should I use: sqlite3 or postgres? I will explain the benefits of both. Nessus is a vulnerability scanner program, it is free for personal use using the ness...
There's been a flurry of discussion this week among Internet and Web standards heavy-hitters around WebSocket, the new communications protocol supported in Chrome 4 and Safari 5. What was the main issue? Is there some kind of fundamental security vulnerability with the WS protocol? Web...
Imagine the CIO of a consumer bank who thinks he is running 50 Oracle databases, but now finds out that in fact he has 100 databases installed behind his firewall. He doesn't have any idea where the other 50 came from. He doesn’t know the name of the vendor(s) supporting them. And he d...
Hybrid applications made up of proprietary, open source and third-party components are the result of today's fast-paced and complex software development landscape. Applications developed within the last five years - whether internal or external - are at least 50% open source software (...
Throughout the last decade, society has witnessed an explosion of network connectivity among PCs and mobile devices as well as a vast proliferation of networked applications, ranging from Web-based email to online banking. The end result of this is that network connectivity has become ...
Efforts to modernize enterprise infrastructure have never been more complex. While the need is certainly there on multiple fronts - competitive edge, cost savings and new business initiatives, to name just a few - new hurdles seem to pop up no matter where an IT administrator might loo...
Data corruption is an insidious problem in storage. While there are many forms of corruption, there are also many ways to prevent them. For example, enterprise class servers use error checking and correcting caches and memory to protect against single and double bit errors. System buse...
Some years ago, a small manufacturing firm was hijacked by its IT employees. They didn't use weapons, but they did commit murder: They killed the business. Unfortunately, they were aided and abetted by the company's own lax security policies.
In an environment with more than a few Linux servers, managing users, groups, and other information securely across those systems is critical. Pluggable Authentication Modules (PAM) and the Lightweight Directory Access Protocol (LDAP) give administrators a way to accomplish this withou...
The security benefits and risks of Open Source code is one of the most debated topics in information security today. The views of proponents of the Open Source model are typified by Eric Raymond's argument that Open Source software is intrinsically more secure since its open nature let...