One of my pet peeves with security vendors like Symantec, Vontu, Websense and Checkpoint is marketing collateral that totally disregards the basics of security – it’s like they hired an English major straight out of school and told them to start writing. Sensitive assets, confidential assets, proprietary assets – you can make a total mishmash …
Read more »I have been an Orange mobile subscriber for over 10 years – since they launched and I’m generally very happy with the operation of the network but it’s clear that if they managed their mobile network with the same incompetence that they manage their online services – Partner would have gone bankrupt years agao. Orange …
Read more »The Polish Police did an IT modernization project in 2008 for installing mobile terminals in police cars. The software in the mobile terminal uses Microsoft IE. Since the mobile terminals use Microsoft IE – it should be possible to attack the mobile terminal using one of the known IE software vulnerabilities
Read more »I’ve been telling customers for years that most security exploits are caused by a small number of software defects (you can download my white paper on Software Security and see how to mitigate enterprise software vulnerabilities systematically using Business threat modeling Still it’s amazing how the trade press are gushing on this – must have …
Read more »It is a truism of security that the worst vulnerabilities are usually the simplest – many are configuration bugs or simple design flaws like leaving temp files world read. Many Open Source projects such as Open Clinica use the excellent PostgreSQL database. You get 90% of Oracle at 10% of the weight and for free. …
Read more »These are dangerous times for a business. Every day brings another threat. The sub-prime crisis, the crash of world financial markets, the price of oil (going way up and now going down again), an impending crash of the US sub-prime credit card market (like how long can you charge 35% over the top interest rates?), …
Read more »A security checklist for a developer might make it look like writing secure code is kids stuff, but even kids think like attackers sometimes. Microsoft are doing some interesting work on SDL – Secure Development Lifecycle. I’m just not sure I agree with dumbing it all down to a checklist and letting developers work without …
Read more »Please don’t say you do everything in vi. I returned Friday from a business trip on a data loss prevention project with a client in Poland and I realized it has been a while since I posted to my blog. Totally off topic from data leakage prevention and software security, I just won a small …
Read more »A lot has been written about Google-aided automation of hacking. There is little I can add to this topic besides some personal and practical advice. If you’re running Joomla 1.5 you may have noticed queries of the sort “powered by joomla .domain_name_extension” in your Apache access.log file. It’s almost certain you’ll find a few of …
Read more »