Be Careful What You Search For
Viruses and malware used to spread and try to find computer users to infect. Today, research released at DefCON 18, shows that increasingly search engines are bringing users are going straight to the malware.
Real-World Attacks With Social Engineering Tookit
Social engineering has always been a penetration tester's (and hacker's) most effective tool. I would say it's their best weapon, but not everyone is good at the softer, human side of social engineering. However, when it comes to the technical side, the tools are getting better and better, including the latest version of the Social Engineering Toolkit released at BSides Las Vegas on Wednesday.
Four Must-Have SMB Security Tools
Regardless of their size, many SMBs still need to meet strict compliance regulations, such as PCI and HIPAA. In addition to any special requirements, there are a few security technologies every small business should have in place. Here are my four SMB security must-haves.
Verizon Data Breach Report: Some Big Surprises
One of the most comprehensive data breach reports available found the number of breaches to have declined significantly last year, and significant changes in how attackers are infiltrating companies.
Making Storage Management Easier
As we discussed in our last entry no matter how easy the storage protocol or storage system you select at some point someone is going to have to interact with the storage itself. It may be a problem that needs to be resolved or it may be a need to provision a new server but something will come up. In most mid-sized data centers managing storage is no one's full time job. It is something that is dealt with
What You Should Know About Tokenization
A week ago Visa released a set of best practices and recommendations for tokenization. Unfortunately, "best practices" leaves plenty of room for poor implementations.
Security BSides Grows, But Not Too Much
The security "unconference" is back in Vegas, and this time the setting is a gated private resort with multiple swimming pools and a sand beach, and the number of attendees signed up so far for the free -- yes, free -- event has doubled. But that doesn't mean Security BSides will lose the intimate vibe that its organizers envisioned and encouraged when they first launched it in Las Vegas a year ago.
The Value Of A Storage Administrator
Storage hardware and software manufacturers are trying to make the process of managing storage easier. There are simplified storage infrastructures, simplified storage management systems and software to monitor the storage environment, but reality is even the smallest of storage environments need someone focused on the task of making sure that everything is operating as planned.
Conquering Large Web Apps With Solid Methodology
This is one of those weeks where I'm trying to wrap up as much as possible before I'm out of the office for Black Hat, BSides, and Defcon. One of those things on my list is a Web application assessment for a client that's a monstrous, open-source beast with subapplications bolted on from all over the place and tons of places for vulnerabilities to hide.
Storage Protocol Explosion
Today's Storage Manager is faced with more shared storage connectivity choices than ever. Off the top of my head there is SAS, iSCSI, NAS, AoE, FCoE and of course good old Fibre Channel. One would think that at some point there will be a shake out in storage but that doesn't seem to happen and when it does it seems like they are replaced with two or three new ones.
I'm like the proverbial kid in a candy store. This my favorite time of year. Between Black Hat, Defcon, and BSides, you have feds, criminals, security experts, reporters, and everyone in between congregating in the city of sin. What's not to like? Here's a rundown of these events, my picks for talks not to be missed, and an invitation.
Detection And Defense Of Windows Autorun Locations
As an incident responder and forensic investigator, there's a truth we expect malware to always follow: Persistence is a must to survive. OK, exceptions exist. But the general rule of thumb is that malware seeks to persist, and it will hook itself into common areas on a victim Windows machine to do so.
SIEM Ain't DAM
I've been getting questions about the difference between system information and event management (SIEM) and database activity monitoring (DAM) platforms. It's easy to get confused given their similarities in architecture. There's also a great deal of overlap in events that each collects and the way they handle information. Couple that with aggressive marketing claims, and it seems impossible to differentiate between the two platforms.
Mozilla Raises Security Bug Payout
If you are a bug finder, finding security flaws in Mozilla software products, such as the Firefox web browser, just became much more profitable after the foundation raised its bug bounty from $500 to $3,000. But will this move help improve your security?
Does Data Retention Really Protect A Corporation?
As I have gone through the series on developing a keep data for ever strategy, one of the criticisms has been about the risk to the organization. The conventional wisdom is that email stores and PST files are fertile ground for opposing counsel looking for evidence and by keeping that data forever you are exposing yourself to further risk. My opinion is that you are at no greater risk than with a strict r
Patching And Risk Mitigation
I followed an interesting discussion on a DBA chat board this week regarding whether to patch a database. The root issue for the DBA was a minor vulnerability was corrected by a recent patch release, but fear that a multipatch install process could fail halted the upgrade.
IOV - A Different Way To Wire Once
There is much discussion about wire-once strategies. The concept sounds like nirvana for storage administrators and network managers. Don't worry about the backend protocol, just use 10GbE and use the protocol that you need at the time; iSCSI, NAS or FCoE. Wire-once is not without its challenges and a compelling alternative may be I/O Virtualization (IOV).
Patch Tuesday: XP SP 2, Windows Help Center Patches Coming
Tuesday Microsoft said it will patch the critical Windows Help and Support Center vulnerability that has been widely attacked. This month's Patch Tuesday will also the last day of support for Windows 2000 and Windows XP Service Pack 2.
As security professionals, we want our network to be as secure as possible. The exception is if we're hired to break into it, but even then our job is to help secure the network to prevent future break-ins. The problem is that in securing our networks, it's easy to forget about the user and the "business."
Primary Storage In The Cloud, Ready For Prime Time
Fast, inexpensive primary storage that can store all your files and host all your applications that you don't have to have in your data center sounds like nirvana, but it may be coming sooner than you think. In some situations it is ready now.
Facebook And National Security: Two Cases
Dark Reading's Kelly Jackson Higgins wrote about the fake Robin Sage account, which duped many in vetted circles to add "Robin" as a Facebook friend. Now from Israel comes a story of how soldiers from a secret IDF base created a Facebook group for it.
Social Networking: Keeping It Real
Another demonstration on the security and privacy implications of using social networking sites reveals their real weakness. And I say: so what.
How Intelligent Does Your Storage Need To Be?
We have always counted on storage systems to provide software based services like snapshots, RAID protection, replication and thin provisioning, but now operating systems (OS) or file systems are offering much of those capabilities. Do we need the storage systems to offer them as well?
Virtual Machines For Fun, Profit, And Pwnage
Virtualization has turned the IT world upside down. It is used everywhere these days, from desktops to servers and data centers to the "cloud." It has also presented itself as a double-edged sword to security professionals.
Is Google Stealing Our Digital Freedom?
With the Fourth Of July here, it's a good time to focus on freedom. It seems that often when new technology and new ways of getting revenue advance in an industry, those who don't understand that technology are exploited by those who do. Google's model seems to increasingly fit this mold, and the example it is setting is driving others down the same path.
The Costs Of Finite Data Retention
In closing out our series about keeping data forever we will examine the financial aspects of keeping data forever. What can be done to curtail costs and how does it compare to the more traditional finite data retention model? In this entry we will look at the costs of a finite data retention policy.
The Kraken Botnet Returns
The return of the Kraken botnet from its reported death in 2009 shows just how difficult squashing the botnet threat really is.