Tag: security

Governance, Risk, and Compliance, hackingLeave a comment

Accent Zip Password Recovery – A Career-Saver

SysRisk

The fine folks over at passwordrecoverytools.com sent a request for an evaluation about four months ago, and as I was ensconced in a plethora of security work and programming, I never had a chance to test the tool for a good writeup. That was, until I decided to go on vacation last week and a client sent a password protected zip file without forwarding the password! That same client has decided that since I am on vacation, that my emails are not worth responding to! Hmmm…. Hahhhh! (small bellows of smoke roll out from the ears)Well, the password was recovered … Continue reading Accent Zip Password Recovery – A Career-Saver

Cybersecurity, Governance, Risk, and ComplianceLeave a comment

WorkPapers Software, Java, Google Web Toolkit, and DCMA

SysRisk

Hi All!! Still alive and kicking. Been a couple weeks since the last posting but have been hard at work putting together another platform iteration of WorkPapers software. So far, I have created the audit working papers management software solution in Cocoa and RealBasic, so this time around thought I would try one more iteration in Java and Ajax. For more information about WorkPapers, please see the projects page on this web site. This will give a cross-platform solution that will sync with a web-base Ajax interface… sexy! So now that I am in advanced stages of this programming iteration, … Continue reading WorkPapers Software, Java, Google Web Toolkit, and DCMA

Governance, Risk, and ComplianceLeave a comment

The Next Wave – Preventive Security and Statisticians

SysRisk

Over the past couple weeks I have concluded that enough (bad) breath has been spent ranting about how system and security auditors really are missing the mark. However, one cannot reasonably just point a finger in one direction – it takes two to tango, so it is now time to point out what CIOs and administrators of secure environments should start to consider in order to prevent incidents. And along the way add a rant or two about how the average CIO (too) is an administrative paper-pushing, policy guru that does not really have real systems administration experience – most … Continue reading The Next Wave – Preventive Security and Statisticians

Cybersecurity, Governance, Risk, and ComplianceLeave a comment

Increasing Attacks Against Grid Systems

SysRisk

This article over in the Dark Reading brings up an issue that power companies apparently have been denying for a long time. However, for those of you who get the weekly SANS newsletter may have seen the sideline from Alan Paller: “The data that will be discussed at the SCADA Security Summit (http://www.sans.org/scada-security-summit-2010/) will make it much harder for EEI to claim it isn’t happening.” The power companies spokespersons seem to be in complete denial, but reports are showing over 120 attacks have been carried out against such systems. Continue reading Increasing Attacks Against Grid Systems

Cybersecurity, Governance, Risk, and ComplianceLeave a comment

Saltzer and Schroeder

SysRisk

This is a great article about Saltzer & Schroeder, two 1970′s computer security researchers that published this paper. The principles in this paper are the most cited in computer security and many apply to secure coding. While many have heard of Saltzer and Schroeder or their basic computer security principles, few actually take the time to read their work. Enjoy! Continue reading Saltzer and Schroeder

Governance, Risk, and ComplianceLeave a comment

IT and Infosec Auditor Shortcomings – SANS Joins The Dialog

SysRisk

Actually, SANS has been in the dialog, but they put out an article that reinforces the issue of how IT and Infosec auditors – and many consultants alike – are not delivering the proper value to the market. I wrote this article last year that ranted on the issue, and many responded through email and comments to show support of the view. This was an issue that I noticed about five years ago as ISC2, ISACA, and other organizations really focused on increasing membership and increasing revenues. Also, from my experience in the Big Four over the years, I noticed … Continue reading IT and Infosec Auditor Shortcomings – SANS Joins The Dialog

Cybersecurity, hacking, SocialLeave a comment

Twitter Phishing Rampant – Today’s Flavor

SysRisk

The Twitter buzz (<- that’s funny) this morning were a bunch of postings about a phishing direct mail that would include a link which included a link to bzpharma.net (don’t click here if my blog software automatically links!!). When the end-user goes to the site, malicious software is executed that retrieves the user’s Twitter password, then spam direct messages all of their followers. Nasty and too bad. I have grown to like Twitter and other similar services as yet another networking medium. After seeing several hundred tweets (I’m up to 700-plus followers on @sysrisk), lo and behold, I received one … Continue reading Twitter Phishing Rampant – Today’s Flavor

Cybersecurity, Governance, Risk, and Compliance, Social, SocietyLeave a comment

This is big news on a cyberattack…. 75,000 Systems Breached!

SysRisk

This is big news on a cyberattack…. 75,000 Systems Breached! This Washington Post article just released details one of the biggest cyber attacks in history that has been recently revealed. The attack started in late 2008, but was just discovered last month. Again, highlighting the sophistication of hacker groups, demonstrating that they are gaining power equivalent or greater than nation states ability to protect themselves from such attacks.Read more at the link above. Continue reading This is big news on a cyberattack…. 75,000 Systems Breached!

Cybersecurity, Social, SocietyLeave a comment

Facebook, Social Networking, and Spammers

SysRisk

TechCrunch has an interesting article that claims Facebook drives 44% of social networking. This is very interesting to me in the sense that a lot has recently been chronicled about how hackers and spammers are targeting social networks more, for a couple of reasons – recent new computer users are introduced to social networks as a method of keeping interest in computing. Some even purchase computers just to social network and keep up with peer conversations. Those newer users are prime targets. Another reason is that all the user profiles are there for exploitation without a phisher, hacker, or spammer … Continue reading Facebook, Social Networking, and Spammers