Mac Defender: Did you really think Apple Macs couldn’t be hacked?

There is nothing sadder than witnessing reality give millions of people a wakeup call, shattering their sense of invulnerability. Mac users got to experience a taste of what their PC counterparts have had to live with for years, with...

05/27/2011

Securing the System: The Forest or the Trees?

How many emails did you get last week, telling you that your name and email address was compromised as part of the Epsilon database hack? Chances are you have done business with one or more of the large companies that utilized...

04/10/2011

Can Your Security Policy Handle IPv6?

The move to IPV6 got a shot in the arm with the February 3rd announcement that the last five /8 blocks of addresses were allocated by IANA, signaling that unallocated IPv4 addresses are now completely gone from the global pool. While...

03/15/2011

You Gotta Keep Em Separated

One of the cornerstones of network defense is through protecting sensitive data by segmenting it from other parts of the network. When was the last time you saw a castle built with hundreds of doors to the outside? They don't build...

11/16/2010

Combating Online Infringement and Counterfeits Act

One of the primary roles of an auditor is to stay on top of new laws, regulations, and industry compliance requirements that could impact a business. In September, The Combating Online Infringement and Counterfeits Act (COICA) was...

10/07/2010

8 Cloud Security Concepts You Should Know

Cloud security isn't that hard. It's really just traditional security concerns in a distributed and multi tenant environment. The challenge for most organizations is getting past the hype of what a cloud is.I love a good buzzword as...

09/17/2010

VAST: The Unified Communications Security Testing Suite

VAST is a Linux distribution built on Ubuntu that offers a suit of UC security testing tools for penetration testers and security auditors. This article highlights a couple of the most useful tools, UCSniff and VideoJak both of which...

09/03/2010

London’s calling…Through your voice gateway

Protecting your voice gateway is extremely important for preventing toll fraud and other criminal activities that can be conducted through your VoIP system. This post covers five key areas that can help reduce risks to your voice...

08/25/2010

Your Password Policy Stinks

Research has shown that accounts protected by passwords less than 8 characters are about as hard to break into as a safe made out of toilet paper. The minimum password length should be between 12 and 16 characters, which means your...

08/20/2010

Auditing layer 3 routing protocols the Loki way

I love new security testing tools. There is nothing quite like finding some magical bits of code allowing you to use and abuse protocols in unique and unnatural ways. I was introduced to Loki at Blackhat this year, and it was love at...

08/14/2010

Is there a patch for stupid?

I was speaking with the security group of a customer the other day and they were complaining about how 80% of their security incident were because of users doing stupid things on the Internet. They kept pointing to reports...

08/09/2010

IT security auditors are NOT evil and could keep you from getting hacked

As I sit here writing my first blog entry, while attempting to recover from a week in Las Vegas spent taking in the sights, sounds, and insanity that only Black Hat and DEF CON can inflict on a mere mortal (robots and ninjas are...

08/04/2010

Load More