You know, it’s 2013 and we still have this issue of employees believing that corporate data is their own to do with as they please. In a recent Ponemon survey report ~two thirds of employees believe this to be true. Unfortunately, this is an incredibly ...
It’s all your fault, really, it is. Whether it’s a lack of caring, naivety or a misunderstanding you executives of companies and leaders of agencies have helped to create an underground ecosystem for attackers to collaborate and coordinate attacks ...
Last month, Symantec hosted its 2nd annual internal CyberWar Games and I had the privilege of joining Efrain Ortiz, Ben Frazier, and JR Wikes as part of team Avengers. For five days, we worked on limited sleep, grinding our way through the process of ...
I do not need a solution (just sharing information)
Has anyone experienced an issue with mount points after installation? Messages such as "mount: you must specify the filesystem ...
With the continued uncertainty lingering in the global economy, I think it is likely that spending on new information security initiatives will continue to be highly scrutinized. This isn’t to say that security initiatives won’t go forward, just that ...
Over the past few months I’ve noticed a disturbing trend in our industry to talk more about “offensive security.” People are writing and tweeting about “active defenses” or “strikeback capabilities” but it all points to a movement that is at best a ...
I came across this article (see link below) not too long ago and it really got me thinking about not only the places where I put my information on the Internet, but the reasons I put my information out there. Most sites we put our information seem ...
So what is the big deal if a few of my corporate PCs are infected with malware, what’s the worst that can happen? In this post I want to cover what can be done with a compromised PC and why it is a big deal. Many Security Managers minimize the importance ...
While managing Operational Risk for a large IT organization, one of my responsibilities was to work with Corporate Operational Risk to define Key Risk Indicators (KRIs) KRIs were monitored at a corporate level. We took the easy route by using canned ...
Ready for one last slick web application penetration test trick? In this installment we'll explore a subtle and often overlooked vulnerability related to web application authentication. In response to the login request containing posted ...