the State of Security

Security Hardening

Security Hardening and the State of Security

Conficker Me

Conficker Me

by Michael Thelander

An article caught my eye last week that I couldn’t ignore. It was by turns interesting, infuriating and illuminating, with a simple and matter-of-fact headline: “Thanks to weak passwords, Conficker worm still rampant.” It was from SC Magazine and it made me gack just a little.

Read More
Verizon’s latest breach delivery

Verizon’s latest breach delivery

by Dwayne Melancon

I was catching up on my backlog of podcasts last week, and listened to Episode 271 of the Network Security Podcast (part of my balanced diet of security fiber). If you’re not familiar with this podcast, it consists of Rich Mogull, Zach Lanier, and Martin McKeay shooting the breeze about security topics. It is very casual, and very informative – I recommend you subscribe if you haven’t already.

Read More
Hardening your Systems is Job #1

Hardening your Systems is Job #1

by Crystal Miller

Hardening your security configurations is job #1 in preventing breaches and detecting and correcting any subsequent changes that weaken them. Yet in complex corporate IT settings, it’s easy to understand how basic steps to security are overlooked. Especially when everything you are doing is a #1 priority. In a 2011 June report entitled “Perceptions About Network Security,” [...]

Read More
FIM is Dead — Long Live FIM

FIM is Dead — Long Live FIM

by Michael Thelander

Sometimes you just can’t see the obvious when it’s right in front of you. Usually, this happens because you’re so invested – materially, emotionally, or historically – in the way things have been that you have a hard time reconciling the way things are. This is true for companies as well. The technology that made [...]

Read More
Check your doors and windows

Check your doors and windows

by Dwayne Melancon

Yesterday, I was reading about the Utah Department of Health’s recent breach, in which 500,000 patient records and 280,000 social security numbers were stolen. One of the things that jumped out at me was how insufficient configuration hardening played a role, based on a statement by the Utah Department of Technology Services (DTS).

Read More
Friendly pwnage? Or just a public beat down?

Friendly pwnage? Or just a public beat down?

by Dwayne Melancon

It seems some hackers (known as “MalSec”) are going around to security companies, defacing their web sites, and leaving “polite warnings” that they’d better get their act together or they face the risk of being hacked in a more malicious fashion. Are these “helpful” hacks really helpful or not?

Read More

← Previous Entries