A feeling of general malaise in the IT Security Industry prompted us to take a closer look at the current state of affairs. Despite the pervasive doom and gloom, there is perhaps a silver lining. Let’s take a look at malware, botnets and the other pesky critters wreaking all the havoc and how they may actually be serving a useful purpose.
Threat Modeling is a process which leads to better architecture, design, function and long-term security of software, hardware, information systems and even entire organizations.
In multiple research studies, USB devices that have been left in public places have been plugged into company PCs by those who have picked them up, despite no information on their origin. If the researchers had left spoons instead of USB devices, how many people would pick them up and put them in their mouth?
At long last, one is no longer beholden to DropBox or hacking away on command line with rsync for a convenient cloud file storage and synchronization service!
On October 13th the Corporate Finance division of the Securities and Exchange Commission (SEC) quietly released a document on the web that has the potential to make a major impact on the way that corporations look at cyber-security. What does it mean to you?
There are two orthogonal stacks in an IT ecosystem: Implementation or Doing and Parametric or Directing. A full security assessment covers all aspects of security that impact on an IT ecosystem and its supporting services.
A new technique for phishing has emerged. Dubbed “spear phishing,” it targets specific individuals or groups to gather information. The FBI documented spear phishing attacks in early 2009 , and since then the frequency, complexity, and motives behind spear phishing have grown more sophisticated and dangerous.
Other than divine intervention, the best answer is to rely on mathematical and statistical models along with computer simulation to help forecast, predict and control risk.
RSA was hacked potentially compromising SecurID, currently the most popularly used 2-factor authentication mechanism. What is the attacker really after?
Categoried under: Credential Mechanisms, Cyber Fraud, Cyber Security, Identity Credentials, Security Passwords
View All 
