Compliance Is Bad for Security
June 18th, 2013
By: Kevin Townsend - Information Security Reporter @kevtownsend
There are two separate approaches to keeping data safe: compliance and security. The first is a legal/regulatory obligation; the second is not. If you ask a compliance author, whether that’s a government legislator or a bureaucratic regulator, what is the purpose of compliance, the reply will be ‘to ensure security.’ If you ask the same [...]
Infosec Haiku
June 15th, 2013
Anata no joho sekyuritei konshu no haiku PCI Audit Oh Dread! Yay, We Pass With Ease But Are We Secure? ### Notes ### With apologies to Yoshida-san, Mori-san, Shimizu-san and all my other friends and former colleagues in Nihon for mangling this beautiful traditional art form. Thanks to Ms. Etsuko vdH for the translation. [...]
Much Ado About Java
June 12th, 2013
So, have you seen the latest about Java? Seems most organizations are still running (really) old versions. And even the current version has what is technically known as a shit-ton of zero-day vulnerabilities. And so Oracle is changing their vulnerability numbering system to accommodate all of them, in addition to taking other steps surrounding Java [...]
IT Gets a Summer Vacation with Light Patch Load for June
June 11th, 2013
It’s a record month for Microsoft this month. With just five bulletins, June marks the lowest number of bulletins we’ve seen from Microsoft to date this year, making it a light month for IT admins. It’s also the halfway point for the year, which is always a good time to look back at last year [...]
My Dreams of an iWatch Connected World
June 10th, 2013
Apple’s WWDC 2013 is upon us, and there is rampant speculation around the impending iWatch. Tim Cook himself nearly confirmed the product at D11 last week. I think the wrist is interesting. It is somewhat natural. I think for something to work [to be a sellable item], you have to convince people why it is [...]
InfoSec Haiku
June 7th, 2013
Anata no joho sekyuritei konshu no haiku Patch Tuesday Again? So Many Patches This Month Goodbye Social Life ### Notes ### With apologies to Yoshida-san, Mori-san, Shimizu-san and all my other friends and former colleagues in Nihon for mangling this beautiful traditional art form. Thanks to Ms. Etsuko vdH for the translation. Submit Your [...]
Securing the Internet of Things
June 6th, 2013
Gone are the days when the Internet was something accessed only through a PC attached to an Ethernet plug. Access is now available from anywhere and via a multitude of form factors. The Internet has moved beyond the computer and even your smartphone into the most unlikely of things. Your TV, your thermostat, even your [...]
Detecting RMI – Hiding Under the Covers Part II
June 5th, 2013
“All warfare is based on deception” – Sun Tzu, The Art of War My previous post, “Hiding under the Covers”, reviewed the advantages that attackers gain through the use of Reflective Memory Injection (RMI) techniques. In follow up, let’s take a look at methods to detect injected libraries. One of the most powerful penetration testing [...]
Near Real-Time Threat Intelligence in the Cloud
May 30th, 2013
Microsoft announced this week they will host known botnet malware infection information and other threat data in their Azure Cloud. This move will enable near-real-time threat data sharing and inarguably, this is a step in the right direction in our fight against the bad guys. ISPs and CERTs have received threat data via email from Microsoft [...]
Big Brother is Listening Too – Are Journalists Sitting Ducks Part II
May 29th, 2013
Since writing “Are Journalists Sitting Ducks?” a few months back in response to the New York Times being targeted by Chinese hackers, several more high profile news organizations have been hacked including The Onion, AP, Financial Times and BBC. It’s apparent this trend is not going away any time soon. To add insult to injury, [...]
3 Executive Strategies to Prioritize Your IT Risk
May 22nd, 2013
Every company wants to know the best way to protect their company, but it can be difficult when faced with the evolving security challenges of today. I recently sat down with Richard Mason, VP & CSO at Honeywell, Roger Grimes, security columnist and author, to get their thoughts on risk management best practices. I hope [...]






FREE Scanner
Free eBook
Over 80% of IT Directors say that mobile devices represent the greatest network security threat.



