Monthly ArchivesSeptember 2008

Why SSL is not the Catch-All standard

Billy Rios, application security extraordinaire, posted commentary on Sandro Gauci’s paper entitled “Surf Jacking – HTTPS will not save you.” It’s based on an attack called “Side Jacking” that was introduced during the 2007 BlackHat conference. Essentially, this type of attack allows someone to hijack a web session which would give them access to your account on a particular website. Branden… In English please… Ok, so let’s say you make use of some stretch time that the office gives you (assuming they know about it), and head down to the coffee shop of your choice to get a nice fresh cuppa. You bring your laptop with built-in WiFi with the full intention of working on that presentation for Johnson. That ...

Continue Reading

Silos and Cross-Dysfunctional Teams standard

I may not be the first to use the term, but this concept is killing security and compliance across the globe. What am I talking about? I’m talking about the lack of function in companies with silos. We see silos rear their ugly heads in virtually every customer we deal with. Sometimes it is the disgruntled manager that was passed up for a promotion that is no longer being a team player. Other times it is a team in another region of the globe that wants to do things their own way. Or maybe it is just a jerk sitting next to you in Prairie Dog Land. So what do we do when these turf wars break out in our ...

Continue Reading

How fast will your data walk out the door? standard

Cyber-Ark has released a new study (article on ars technica) suggesting that 88% of IT workers would steal data if fired. Every 88 in 100 IT employees would steal data if they were shown the door. That’s more than the 4 out of 5 dentists that recommend chewing Trident after meals! I’m not sure who they were polling, but it sure makes IT folks look like a bunch of criminals. At a minimum it does reinforce one point that often shows up in my presentations. At the end of the article, we learn that every third administrator would write down an administrative password. Administrators are often the worst offenders when it comes to breaking security policies and procedures. This is ...

Continue Reading

This is a unique website which will require a more modern browser to work!

Please upgrade today!