Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
Oracle Patches Get Bad Rap
On the surface, a recently published survey by the Independent Oracle Users Group (IOUG) bears some seemingly frightening numbers. According to the study, which was conducted during the middle of 2008, 26 percent of 150 respondents admitted that their respective companies require the quarterly Oracle patches to be applied upon release. Nineteen percent said their companies don't have any policies at all
IR/Forensic Favorites Get Streamlined
A couple of my favorite incident response and forensic tools were recently updated with some great new features to help streamline their use. The first two tools are from Mandiant and work hand-in-hand, Memoryze and Audit Viewer. If you've not used Memoryze yet, it deserves your attention. I've found it to be extremely useful in incident response situations dealing with malware.
Consumer Password Status Quo
So what's it going to take for consumers to take security seriously? Apparently a lot more than the nearly 10 million cases of identity fraud and massive breaches at their favorite discount retail chains. If they haven't already had their credit card accounts compromised, most everyone knows of someone who has. But apparently that's not incentive enough for them to
Tool Validation: Trust, But Verify
I received a lot of great feedback after my Friday post about WinFE, the bootable Windows Forensic Environment. The biggest question was whether it really is treating the drive as read-only. In my closing, I said I'd do more testing than just building the CD and making sure it booted up in my virtual machine environment. As security professionals and forensic investigators, don't you all validate your tools befor
TCG Drive Encryption Goes Mainstream
The Trusted Computing Group's newly released specifications for the management of hard drive encryption are now being adopted by a number of vendors -- Seagate arguably the most prominent, but also including Fujitsu, Toshiba, Hitachi, Wave Systems, CryptoMill, WinMagic, Secude, and McAfee.
WinFE: Windows Bootable Forensic CD
I've been using the Helix incident response and forensics LiveCD since it was first created. It has been an invaluable tool, but sometimes it falls short on hardware support for various SATA/SAS and RAID controllers. In those situations, creating a forensic image came down to a "best effort" exercise during which I did my best to prevent modification to the original evidence while still getting an image I could analyze later. WinFE is here to help.
Conficker's Three-Way Knockout
Malware analysis is a highlight of what I do, but it's not something I get to do on a weekly basis. The cases I deal with are a bit sporadic and clustered, showing an obvious ebb and flow based on current trends. This is one of those heavy times, thanks to Conficker and its friends.
Major Vendors Propose Interoperability Standard For Key Management
IBM, HP, RSA head up list of vendors supporting guidelines designed to ease deployment and management of encryption
Sensitive Data Found On 40 Percent Of Used Drives On eBay
Forensics firm finds that many hard drives are not fully wiped clean before resale
Path To Becoming An Infosec Pro
Last Friday, my blog entry discussed how many companies out there are disrespecting IT security by inundating infosec professionals with system administration and network management tasks to the point that security is put on the back burner. I've received some excellent feedback from readers, including an e-mail asking what route someone should take to become an infosec professional.
Could Slimmer OSes Lead To Better Mobile Device Security?
Maybe I'm stretching a bit, but let's say that operating system developers slimmed down their standard OSes enough so that eventually they'd be skinny enough to have a career in fashion and, more important, run on mobile devices. And, if so, would this be a good thing for mobile device security?
Metasploit Hacking Tool To Add New Services-Based Features
Upcoming back-end services could help shape new generation of pen-testing services
Free Helix IR Tool Sells Out To Cash In
All good things must come to an end. That's the sentiment I'm seeing on a few forensic mailing lists in regard to the demise of the free version of the Helix incident response and forensic LiveCD.
Companies Lack Respect For Infosec Pros
While a lot of my friends are off having a blast as ShmooCon in D.C., many more of my infosec friends and I are, instead, wishing we were there. It's tempting to rant about how little infosec training many of us actually get, but there's another problem I've seen several examples of lately -- infosec professionals getting stuck wearing the hat of sysadmin or network administrator.
PCI DSS Is A Process, Not A Checklist
Data breaches happen. We all know this simple fact. It's plastered on the news and the Internet. We hear about the big ones from co-workers, friends, and family. The recent Heartland Payment Systems breach, reported here on Dark Reading, is a testament.
Free Fuzzing Tool For Oracle Databases
The word "free" in front of any technology is always enticing, but even more so in the current economic climate. It's not unusual for security or other technology vendors to toss out the occasional freebie tool, which, of course, they also hope will stimulate interest in their other (price-tagged) products. The latest freebie utility is FuzzOr, an open-source fuzzing tool released today by Sentrigo for detecting potential security flaws in Oracle database a
Going Public About Corporate Espionage
Corporate espionage probably goes on every day. I suspect we don't hear about it because of the high stakes involved; companies don't want their reputation tarnished as the victim or perpetrator of espionage, especially if the intrusion was successful and trade secrets were lost. Another more probable reason is that it goes completely unnoticed. And in the few cases we do hear about, the victim is sometimes publicly calling the attacker out to embarrass them and win some public opinion in their
|
Latest Comment: This comment is waiting for review by our moderators.
2020: The Year in SecurityDownload this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Tweet This
0 Comments
