Amazing that security breaches like the one I am about to tell you about are becoming more common…so common that the mainstream media like CNN doesn’t even report it anymore. If you haven’t read about this pretty significant security breach yet…let me briefly tell you about it… Bank of New York (BNY) Mellon and People’s […]
Raiders of the Lost Backup Tapes Read More »
I wrote an article some time ago about multiple platform password managers. At the time I talked about PasswordSafe and Password Gorilla. While both of these are really good password managers that work on Linux, Windows and OSX…Matt Neely talked about KeePass at the NEO InfoSec Forum last week and how KeePass is probably the
KeePass Password Manager Read More »
This is just classic. A TJX employee, Nick Benson, was fired for posting about security issues on the TJX internal network to this sla.ckers.org forum. Nick attempted to report security issues to his management back in 2006 (before the massive TJX security breach) and nothing changed. Apparently things like having blank passwords on servers were
TJX Employee Fired for Posting Security Issues Read More »
Looking for a fresh, new look at all the recent security news and threats? Check out the new security podcast called “SecuraBit“. The crew of the SecuraBit podcast includes Jason Mueller, Chris Gerling (you may know him from Hak5), Anthony Gartner and Christopher Mills. It’s nice to have another podcast following in the footsteps of
SecuraBit: New Security Podcast Read More »
If you happened to sign-up for the Black Hat USA 2008 Briefings early this year you will notice that as a paid delegate you are able to review and comment on all the current papers submitted to the Black Hat speaker review board. You can basically comment and rate each paper and also provide comments
New Black Hat Call for Papers Review Process Read More »
I saw a good presentation analyzing the malware behind this current “fake subpoena phish” by Tyler and Greg at the NEO Information Security Forum the other night. Tyler and Greg are legendary in the Cleveland area for conducting some cutting edge malware analysis over the last few years. They focused on how this type of
Malware is Evolving Read More »
Want to easily know when every security related conference takes place world wide this year? I just found a great Google Calendar that lists all of these events in one easy to view calendar. I am a big fan of Google Calendar and adding this to a existing Google Calendar is really easy. You can
IT Security Events Calendar Read More »
Interesting post over on Slashdot yesterday on what the best practices are for documenting processes and procedures. While this is a general problem in IT, I thought that it would be worth to note that documentation is a major part of what pen testers and security professionals do. From the pen testing side I require
How do you document? Read More »
I wanted to provide everyone with an update on how things are going with Password Safe. While Password Safe is a great program, I have found that the “Gorilla” is the bigger, badder animal…
Password Safe, Good – Password Gorilla, Better Read More »
Saw this on Digg today…this is a must read! A security researcher, Benjamin Googins from CA, discovered that the Sears/Kmart “community” web site installs extremely dangerous spyware. From the researchers blog post: “Sears.com is distributing spyware that tracks all your Internet usage – including banking logins, email, and all other forms of Internet usage –
Sears.com installs dangerous spyware Read More »
