Is Your Organization a House of Cards – Part 3

January 26th, 2015

In my last 2 posts (part 1, part 2) I explained I will be walking you through the attack of an airline company in order to obtain credit card data I can sell. I’ve identified an airline, Lychee Air, flying out of Hangzhou Airport. I was able to use a not-so-public IP camera to watch […]


Is Your Organization a House of Cards – Part 2

January 19th, 2015

In my last post, I explained I will be walking you through the attack of an airline company in order to obtain credit card data I can sell. Now I have my project defined. The first step is to identify a target. Because I’m looking specifically for an airline, I can’t just start scanning ports […]


Is Your Organization a House of Cards?

January 12th, 2015

Some data breaches get a lot of attention in the news. When a large amount of data is taken from a popular retailer or organization, it makes big news in the media, and law enforcement gets interested. They like to be seen investigating the biggest crimes so everyone thinks they are doing their job. On […]

By: - Dir. Solutions Marketing

Infosec Haiku

December 21st, 2014

Anata no joho sekyuritei konshu no haiku Sony Hack Is Called “Snowdon for Corporations” This 5h1t Just Got Real   ### Notes ### * Thanks to Ms. Etsuko vdH for the translation. * Thanks to everyone who’ve contributed their haikus … watch this space to see if yours is published. * Submit Your Own … […]

By: - Independent Computer Security Analyst


Did North Korea Hack Sony? It Seems Hard to Believe

December 1st, 2014

There’s plenty of rumours and speculation, but one thing is certain: something has gone awfully awry with the computer systems at Sony Pictures Entertainment – the television and movie subsidiary of the huge Sony Corporation. The media has been full since last week with reports that the company has shut down its servers, after a ghoulish […]

By: - IT Security Expert

Avoiding the User Blame Game

October 10th, 2013

It might not be part of any formal forensics or incident response policy, but odds are at most organizations, whenever a malicious hacking attack hits the mark there’s one step rarely missed: blaming the user. Users do some boneheaded things sometimes so pointing the finger at them is easy. But the truth is if IT […]

By: - Forensics and Security Expert


Securing the Internet of Things

June 6th, 2013

Gone are the days when the Internet was something accessed only through a PC attached to an Ethernet plug. Access is now available from anywhere and via a multitude of form factors. The Internet has moved beyond the computer and even your smartphone into the most unlikely of things. Your TV, your thermostat, even your […]

By: - Former Chairman and CEO, Lumension


Big Brother is Listening Too – Are Journalists Sitting Ducks Part II

May 29th, 2013

Since writing “Are Journalists Sitting Ducks?” a few months back in response to the New York Times being targeted by Chinese hackers, several more high profile news organizations have been hacked including The Onion, AP, Financial Times and BBC. It’s apparent this trend is not going away any time soon. To add insult to injury, […]

By: - Technology Reporter

FBI Apple AntiSec Chess Match

September 12th, 2012

The denials by the FBI and Apple that unique device identifiers (UDIDs) of Apple devices were breached would seem to put to rest Anonymous spinoff AntiSec’s claim that it was able to steal 12 million UDIDs from Special Agent Christopher Stangl’s notebook computer. Right? Not so fast. A number of media outlets have confirmed with […]

By: - Dir. Solutions Marketing

Change Your LinkedIn Password – Now!

June 6th, 2012

LinkedIn – the online professional networking site which I suspect many Optimal Security blog readers use – has apparently been hacked, resulting in something like 6.5M SHA-1 hashed passwords being posted in a Russian hacker site. This evolving situation will certainly be updated through-out the day (and beyond), so I don’t want to recap the […]

By: - Dir. Solutions Marketing

Novel New USB Attack

July 19th, 2010

News about a new attack via USB flash drive, known as Stuxnet.B, is surfacing. The Belarusian antivirus company VirusBlokAda recently discovered it and published a report on it. There are several points about this attack which make it both novel and unique, even though infection / propagation via USB flash drives is very common. To […]

By: - Dir. Solutions Marketing

HITECH Breach Data: the Good, the Bad, and the Ugly

March 1st, 2010

As I’ve discussed before, one of the requirements of the HITECH Act is for the Secretary of the Department of Health & Human Services (HHS) to publish a list of all breaches of healthcare data covered by the HIPAA security rule on a yearly basis. The first such publication has been made, covering the period […]

By: - Sr. Director Solutions and Strategy


“Security” on the WSJ Front Page – A Cautionary Tale

January 15th, 2010

Having a security problem on the front page of the Wall Street Journal is never a good thing for the companies involved, but it can be instructive for everyone else.Unfortunately, many will ignore the high-profile coverage of China’s spear phishing attack on Google, Adobe and over thirty other businesses.They will think that this is a […]

By: - Sr. Director Solutions and Strategy


“Micro-Botnet” – The Cybercriminal’s Choice for Enterprise Data Stealing?

September 28th, 2009

Last winter and spring we all watched with interest the headlines heralding the spread of the Confickr botnet.  The under-reported part of the story was that fact that well-patched enterprise networks were largely unaffected by Confickr’s bloom.  In some circles, this seems to have lead to a complacency or belief that botnet infections are not […]

By: - Former Chairman and CEO, Lumension


Breaking Down the Military Fiefdoms by Building a “Fifth Arm” to Combat Cyber Security

August 4th, 2009

The recent attacks on U.S. and South Korean IT infrastructure has once again raised awareness around national cybersecurity issues here in the States. While I certainly agree with my security colleagues that it is high time that President Obama finally appoint a cybersecurity czar to head up the overarching public-private initiatives that have been promised, […]

IT Secured. Success Optimized.™

Contact Lumension | Privacy Policy

Connect & Follow Us