2011 – Security Hacks
Dark Reading had another great article recently on the “7 Coolest Hacks of 2011”. This was by Kelly Jackson Higgins. (more…)
Dark Reading had another great article recently on the “7 Coolest Hacks of 2011”. This was by Kelly Jackson Higgins. (more…)
Continuing on with the employee security awareness thought: the weakest link – the WSJ article discusses other areas. (more…)
Another great article by WSJ – this one on information security and employee cyber security awareness. Because hackers today are so advanced, applying all the security solutions at our disposal and shoring up the perimeter isn’t enough anymore. (more…)
Sometimes when I’m talking with organizations about their security testing needs, there is some confusion between what constitutes a vulnerability scan, a penetration test, and a web application assessment. (more…)
Saw an interesting article right in the Chicago Tribune’s Sunday Magazine section about information security – Cybercrime is on the rise. I love that cyber security is not only making the news, but it’s right in front of you when you’re settling in with your coffee and Sunday newspaper (for those of us who still read newsprint). (more…)
Who is safeguarding your customers’ sensitive data? I’ve been reading with wonder, as I’m sure many of you have, about the seemingly endless parade of breaches for companies small & large. Increasingly, it isn’t the company reporting the breach that is the cause of the issue; rather it has been partners or service providers to those companies. (more…)
There is often confusion with the difference between “vulnerability scanning” and “penetration testing“, the latter being synonymous with “ethical hacking”. This article/podcast, from the president of the EC Council, the accreditation body for the Certified Ethical Hacker designation, includes a nice explanation of this very important kind of security testing. (more…)
Before proceeding, please note that there are many tools and methods that have the ability to scan for weak or blank MS-SQL passwords. SQLPing comes to mind which is a great tool if you’re on a Windows host. Metasploit has the ability to scan for MS-SQL passwords as well but it isn’t ideal for targeted lists and it can take time trying to connect to hosts that don’t have SQL installed. I could probably write a few extra pages just about tools and methods so I’ll stop there and get started. (more…)
If you’re doing your quarterly vulnerability scans you may be wondering if that is the same as a penetration test or if you really need to do both. (more…)