NIST Takes Security to Small Businesses
One of the big problems in information security is how to effectively teach small businesses safe data handling. They’re too small to have dedicated security budgets and they can’t be expected to...
View ArticleWhen Security Gets in the Way
Don Norman is my hero for today. Rarely do I read something and come away thinking, “this hits the nail right on the head. I can’t possibly think of a more eloquent way to say what is being said.” But...
View ArticleINSERT Ethics INTO Public Web App Testing
A few of my posts have involved debating the ethics of public web app testing by security professionals. When the good guys poke and prod public web apps it raises a bunch of ethical questions, besides...
View ArticleDetecting Scared Terrorists
From the “What can we do to stop terrorism, without actually addressing terrorism” department, comes the news that scientists are researching how to sniff out scared people at checkpoints. In the...
View ArticleControlled Worm Outbreak – The EICAR Worm
I have spent the last several days responding to a 0-day worm outbreak. We didn’t have signatures when the you-know-what hit the fan. Fortunately, some tooling we already had in place allowed us to...
View ArticleReal Grandpa Information Security
I recently blogged about security practices in a hospital environment that I was witness to. It was interesting to see how security worked (or perhaps didn’t work), rather than post about another...
View ArticleWhy Your Windows Log Size Settings May Be Too Big
Awhile back, I posted about how certain versions of Windows always have the capability to lose logs. I encourage you to read the full post to understand the issues involved, then come back here and...
View ArticleDetecting the Apache Range Header DoS Attack with OSSEC
If you run Apache, you may have heard about the DoS vulnerability last week. Apache suffers from a condition where an attacker can remotely cause the web server to consume huge amounts of memory. This...
View ArticleThe Immutable Friday Fav Five for September 9, 2011
Here are the five links that I found interesting for this week: The Shadowserver foundation is comprised of a group of volunteer security professionals who gather information about Internet-based...
View ArticleThe Immutable Friday Fav Five for September 30, 2011
Here are the five or more links that I found interesting for this week: PDF-XRAY is a site where you can submit suspect PDFs for analysis. Now you can download the code behind the site and have a go at...
View Article
