With all the information out there on the Zeus bot and malware like it, we made a decision at home not to use Windows to access any of our online banking sites. Now to be honest, we probably had a head start in that arena as we only run Windows on our Work laptops. The home laptops and desktop all run Linux of one flavor or another. One evening not too long ...
Continue Reading →Do you provide a demo login account to your web application product? You may be exposing your customers’ data to anyone who wanders in.
It is often the case that when a demo account for a web application is created, it is created in the same fashion as a normal user account. The only difference might be that a scheduled job of some sort occasionally deletes any new information created in the account, and resets ...
Continue Reading →
Admit it, you hate calling tech support. Everyone does. I don’t know a single person who wakes up in the morning hoping for a data center catastrophe that requires opening a ticket with a vendor support system.
Why is that? It’s not that you dread finding out you did something stupid to cause the problem… well maybe, but it’s really the expectation of what’s to come. For me, it usually goes something like this:
The system is ...
Continue Reading →At the TED2004 conference, Malcolm Gladwell explained how a psychophysicist named Howard Moskowitz showed us how we can be happier with his work on spaghetti sauce and coffee. At the GovCERT Symposium in the Netherlands this year, David Rice applied Gladwell’s story to information security in his plenary speech, “Extra Chunky CyberSecurity.” I think both speeches hold three important lessons for information security auditors and their clients:
- 1) Clients can’t explain what assurance they want;
- 2) There is ...
Authored by Mosi Platt, Senior Audit Consultant, Pivot Point Security
At the TED2004 conference, Malcolm Gladwell explained how a psychophysicist named Howard Moskowitz showed us how we can be happier with his work on spaghetti sauce and coffee. At the GovCERT Symposium in the Netherlands this year, David Rice applied Gladwell’s story to information security in his plenary speech, “Extra Chunky CyberSecurity.” I think both speeches hold three important lessons for information security auditors ...
Continue Reading →
Risky Business Blog
Simplified Blog
Techno Blog
In The News
RSS Feed
