Why read another article on the Shellshock bug when there have been a number of well-written articles and blog posts on it? Because almost all of the articles and blogs are talking about the bug itself, how it can be exploited, and how much of the Internet is open to it. However, what you should […]
The Target® Breach in November 2013 lives infamously in our memories and has served as a pivot point for all businesses with regard to third party vendor management (TPRM). After all, who could have imagined that the giant retailer would have been breached through a seemingly insignificant third party that didn’t seem to have direct […]
For those of us in the world of information security, the news of Attorney General Eric Holder bringing a first-of-its-kind criminal cyber espionage case against Chinese military officials is no surprise at all. For years, the Chinese have been known for launching cyber attacks on American industrial and military targets to steal prized military secrets […]
Last month the IP Commission Report was published by The National Bureau of Asian Research. This report chronicles the theft of American Intellectual Property and is a great read. The world of InfoSec tends to focus on vulnerabilities and infamous hacks.
Network Chatter from China Imagine one hundred container ships full of the most valuable U.S. assets heading to China every day. Diamonds, gold, oil, John Deere Tractors, priceless artwork, Chevy Corvettes, life-saving artificial hearts, books from our historic libraries, soybeans, the latest Intel® processors, Redwood trees, the genuine Constitution of the United States of America, […]
If you’ve never checked out http://www.privacyrights.org, I would encourage you to do so. It’s a listing of all breaches made public from 2005 up to present, presented in reverse chronological order. They collect the information from a variety of sources. You can filter your search by checking/un-checking various boxes on the following:
If you haven’t read the Verizon 2012 Data Breach Report, you may want to check it out. Contains a wealth of information on what’s going on in information security breaches. Here’s a link:
There is often confusion with the difference between “vulnerability scanning” and “penetration testing“, the latter being synonymous with “ethical hacking”. This article/podcast, from the president of the EC Council, the accreditation body for the Certified Ethical Hacker designation, includes a nice explanation of this very important kind of security testing.