OWASP release the 2007 Top 10 Web Application Vulnerabilities
The excellent work by OWASP continues and they have recently launched the Top 10 web Application vulnerabilities for 2007. The list is a must read for anyone responsible for developing and/or maintaining a web application. It is also equally important for those that are testing applications before they are put into production. This list should […]
CERTs to the Rescue
Some details from TERENA on how various CERT teams throughout Europe are helping Estonia deal with the ongoing attacks against its Internet infrastructure as a result of civil unrest. It is a great example as to how the information security community can work together to tackle Internet crime. “A prolonged and large-scale denial of service attack […]
Details of TJX Hack Emerge – Wireless Networks the Weak Point
The Wall Street Journal has published a story outlining the details on how criminals managed to hack their way into the TJX network and gain access to over 45 million credit card numbers. It appears that in the summer of 2005, criminals using wireless laptops managed to crack into the wireless network of a Marshalls […]
Secure Hosting
If you decide to outsource the sourcing of your website or other services to a third party you need to remind yourself that no provider can guarantee you 100% security. Some providers will provide an SLA whereby they will pay penalty fees in the event that your site is compromised, however this is simply a […]
Calculating the Cost of a Security Breach
One of the challenges facing many security professionals is justifying the cost of implementing security controls, procedures and supporting technologies. The Privacy Breach impact Calculator from InformationShield could be used to help you estimate the costs of a privacy breach, i.e. where personal data for clients could be exposed. While the tool is focused primarily […]
Internet Security Intelligence
Thanks to Arrigo Triulzi for making me aware of an excellent resource for intelligence on what is happening on the Internet. Arbor Networks host a daily updated snapshot of the top attacks, trends and activities on the Internet that the ATLAS probes deployed in their customer sites have detected in the previous 24 hours. The global activity map gives a […]
This Year's Theme for Global Security Week
The theme for Global Security Week is “Privacy in the 21st Century” and will take place from the 3rd until the 9th of September. Last year’s highly succesful theme was “Identity Theft” and the above theme is a nice continuation of that topic. Given the increasing amount of personal data belonging to each individual being held […]
Inside Out
A number of stories came to my attention over the past week or so that highlighted something that often gets overlooked, or indeed underestimated, by many of us charged with protecting the organisation’s networks and information. The following stories all have a similar thread Port of Tampa Employees Victimized by ID Thief Social Security Administration […]
Everything Changes – Everything Remains the Same
I recently attended the recent BlackHat Europe briefings in Amsterdam and attended a number of the many interesting talks. The briefings highlighted the many extremely intelligent and dedicated professionals there are within the information security field who work tirelessly to help us better defend our networks from those with less admirable goals. Two talks in […]
Securing Wireless Networks
The freedom and ease of use of wireless networks is making them more and more popular both for personal and business use. However, as with all technologies it is important to ensure that they are deployed correctly and securely. At many of the seminars or presentations I give on seurity I am often asked how […]