Blog

Feedback and/or contributions to make this better are appreciated and welcome Highlighted quotes of the week: “If you ever get the urge to build your own proprietary cipher. Stop. Don’t do that.” – George V. Hulme “For software security spend as a portion of firm-wide IT spend, we collected data from eight firms with very …

Category Index Hacking Incidents / Cybercrime Unpatched Vulnerabilities Software Updates Business Case for Security Web Technologies Network Security Database Security Mobile Security Cloud Security Privacy General Tools Funny Hacking Incidents / Cybercrime Kneber botnet returns, steals sensitive government documents  [www.net-security.org] The Kneber botnet is running and striking again – this time with a Christmas-themed electronic …

Feedback and/or contributions to make this better are appreciated and welcome Highlighted quotes of the week: “Real IT/security talent will work where they make a difference, not where they reduce costs, “align w/business,” or serve other lame ends.” – Richard Bejtlich “woodworking tools do not make chairs == security tools do not make security.” – …

Category Index Hacking Incidents / Cybercrime Unpatched Vulnerabilities Software Updates Business Case for Security Web Technologies Network Security Mobile Security Privacy General Tools Funny Hacking Incidents / Cybercrime   Gawker was hacked six months ago, say sources close to Gnosis  [www.guardian.co.uk] Server was cracked using 'local file inclusion' weakness and hacking group then worked through …

Some of you might like the following article I put together last week: https://7asecurity.com/blog/2010/12/migitating-isp-disruption.html  You should not be using IE, in general, but because of this New Internet Explorer vulnerability affecting all versions of IE if you do, now you have yet another reason to switch to Firefox + NoScript and if you are paranoid …

Category Index Hacking Incidents / Cybercrime Unpatched Vulnerabilities Software Updates Business Case for Security Web Technologies Network Security Cloud Security Privacy Mobile Security Cryptography / Encryption General Tools Funny Hacking Incidents / Cybercrime Gardai prepare file on welfare officer  [www.independent.ie] Gardai are expected to send a file to the Director of Public Prosecutions (DPP) in …

The problem There was an unexpected challenge to put together the security weekly news last night: My ISP mistakenly thought I had not paid my bills last month and decided to disrupt my web browsing experience by displaying a web page that said something like “information page … you have not paid x,y,z .. to …

Feedback and/or contributions to make this better are appreciated and welcome Highlighted quotes of the week: “Any reliance on a generic scanning tool as your primary security control is nothing more than a false sense of security and a disaster waiting to happen. ” – Michael Coates “Instead of asking why Gawker leaked all those …

Category Index   Hacking Incidents / Cybercrime Unpatched Vulnerabilities Software Updates Business Case for Security Web Technologies Network Security Mobile Security Cryptography / Encryption Privacy General Tools Funny Hacking Incidents / Cybercrime   The Real Lessons Of Gawker’s Security Mess  [blogs.forbes.com] Gossip site Gawker has experienced a large data breach whose scale fully came to light …

Feedback and/or contributions to make this better are appreciated and welcome Highlighted quotes of the week: “Porting all those security fixes in PHP 5 back to PHP 4.4.9 is a PITA” – Steffan Esser (Still using PHP 4? Good luck!) “Criticizing WAF tech is so “2009” – AppSec is so difficult, you need to use …