How many managers think that it makes no sense to spend money protecting information that can be reconstructed? What can really happen? Theoretically, anything and everything from the abuse of workers (through natural disasters and industrial espionage) to terrorist attacks. Is our company is prepared for this? Imagine this scenario: […]
Nowadays pretty much everyone uses wireless networking from your smart phone to your home and/or business networks. There are many security issues with wireless networking; the one that I see the most is security carelessness of some ISP’s contractors and installation personnel.
ISP based WEP Vulnerability:
I have noticed from […]
I would like to dedicate this article to all my friends, they know who they are, and to Irene, for her love and support.
From time to time I come across various security tools and utilities and sometimes I enjoy analysing them in order to evaluate their effectiveness, especially if […]
After its human resources, information is an organization’s most important asset. As we have seen in previous chapters, security and risk management is data centric. All efforts to protect systems and networks attempt to achieve three outcomes: data availability, integrity, and confidentiality. And as we have also seen, no […]
Note: the following suggestions are at your own risk! This article assumes some level of understanding of what changes are being suggested.
WordPress is the most popular CMS used for many commercial websites as well as hobbyist sites. The popularity of WordPress also brings the software to the front as […]
This is an interview with Richard Bejtlich, Chief Information Security Officer at Mandiant.
1. We have readers with varying levels of information security experience. Please describe the role of a CISO in general, and more specifically your role is at Mandiant.
Because I define security as “the process of maintaining an […]
Excerpted from Securing the Clicks: Network Security in the Age of Social Media by Gary Bahadur, Jason Inasi, Alex de Carvalho (McGraw-Hill; 2012) with permission from McGraw-Hill.
Securing the Clicks serves as a practical guidebook for corporations wishing to safeguard their interests, assets, and rights, and defending their digital assets and reputation from attackers. A team […]
Ever since the computer and the critical data it holds came into headlines, so did the malicious programs, attacks and the threat landscape. We have thousands of cases of malware infection, zombies and trojans taking over networks in fast pace. The amount of data that passes through any switch, […]
With the significant prevalence of Linux web servers globally, security is often touted as a strength of the platform for such a purpose. However, a Linux based web server is only as secure as its configuration and very often many are quite vulnerable to compromise. While specific configurations vary […]
When I communicate with programmers who are writing a code for custom applications, I often wonder how carelessly they relate to the issue of safety in their code.
Certainly it is influenced by many factors.
For example, an already fairly experienced programmer during a private conversation said to me,
“Well, why should […]
With the advancement of the technology in the field of computers, requirement for hybrid setups has also escalated. Nowadays every company is using a heterogeneous infrastructure for its variety of tasks. Everybody utilizes a different blend of services, infrastructure and platforms for its operations and service delivery. Sometimes there […]
There are multiple intercepting proxy tools available and Burp Suite is one of the best tools available for interception. If you are not yet familiar with it, for a brief Burp Suite Walkthrough, please read the article written by Prateek Gianchandani.
The added advantage Burp provides is its extensible functionality […]
The BYOD (Bring Your Own Device) phenomenon is expanding at an incredible rate. It is something that affects every business, from the smallest to the largest. How each business is dealing with BYOD ranges from complete apathy to a full embrace of it with sophisticated processes and controls in […]
Managing security is managing risk. As explained in Chapter 1,
Security ensures the confidentiality, integrity, and availability of information assets through the reasonable and appropriate application of administrative, technical, and physical controls, as required by risk management.
In Chapter 1, we explored risk at a high-level. As security practitioners, however, we […]
Far too often we will download an API (Application Programming Interface) from Programmable Web, or download an SDK like the Facebook SDK and not worry about any of the security issues that might come from bad or improper coding practices that are embedded within the API. Often any static […]
This tutorial will cover the process of writing an SEH based buffer overflow exploit for a known vulnerability in the Vulnserver application.
Vulnserver is a Windows server application that deliberately includes a number of exploitable buffer overflow vulnerabilities, and was designed to act as a target application to teach and […]
In our ongoing series of interviews, we got HD Moore to answer a few questions and pull back the curtain a bit on the methods, tools and motivation for the research he does discovering security exploits.
HD Moore is Chief Security Officer at Rapid7 and Chief Architect of Metasploit, the […]