Please don’t say you do everything in vi. I returned Friday from a business trip on a data loss prevention project with a client in Poland and I realized it has been a while since I posted to my blog. Totally off topic from data leakage prevention and software security, I just won a small …
Read more »A while back, a colleague asked me what is the best way to encrypt internal email. My first question to him was – what is the threat, who is the attacker and what is the asset you are protecting? Are you trying to encrypt business communications between employees and vendors/customers to protect from eavesdroppers or …
Read more »A lot has been written about Google-aided automation of hacking. There is little I can add to this topic besides some personal and practical advice. If you’re running Joomla 1.5 you may have noticed queries of the sort “powered by joomla .domain_name_extension” in your Apache access.log file. It’s almost certain you’ll find a few of …
Read more »Thursday this week, is the 7′th anniversary of the Al Queda attack on the US in New York on 9/11/2001. The world today is more connected, more always-on, more accessible…and more hostile. There are threats from Islamic terror, identity theft, hacking for pay, custom spyware, mobile malware, money laundering and corporate espionage. For those of …
Read more »I was looking at the CSI 2008 security survey recently and noticed that the top three loss categories are fraud (number 1), viruses (number 2) and data loss (number 3). I’m a little dubious about viruses landing up in the number 2 slot. We haven’t even installed anti-virus software on our office workstations in the …
Read more »This week, I met with one of my former clients who have done some innovative work in the digital media space. They are a typical tech company with typical problems that create typical opportunities for larger companies to buy them out for peanuts. This particular company operates in a difficult and competitive market with long …
Read more »