Categories ArchivesEnterprise Security

Dave Taylor gets it right! standard

Please don’t take the title to mean that Dave doesn’t get it right often, I just wanted to laud this recent column at StoreFront BackTalk. The quote specifically that drives the nail home is: If you’re thinking that the Hannaford security breach is a very isolated “blip” and that PCI compliance is the same as securing the enterprise against security breaches, you’d better think again. Why? It’s not uncommon for merchants to turn on security controls shortly before an audit, and turn them off afterward. Could not have said it better myself, Dave. The two points he brings out are, 1) Compliance is not the same as security, and 2) you have to MAINTAIN what is assessed. I had a ...

Continue Reading

Protect Your Internet Traffic! standard

One of our consultants brought a great write up on Dan Egerstad, the Swedish security consultant who set up a series of Tor servers designed to promote anonymous browsing. Unfortunately, the organizations deciding to adopt Tor forget that unencrypted traffic can still be read, captured, and exploited. This brings up an interesting trend though. Why are people still not protecting their internet traffic? I’m not talking about browsing around and picking up the next Super Mario Bros game at Amazon, but using Outlook for email via POP3/IMAP. Compound this with the problem that most people are remiss in using unique passwords for your key accounts, and you can see how a nefarious organization with a little bit of technology could ...

Continue Reading

This is a unique website which will require a more modern browser to work!

Please upgrade today!