As we blogged about earlier in the week, core processing systems continue to be a focus for security teams. This week has seen additional new issues in HP-UX, Oracle problems and issues in various other related applications. Please take a moment and look through your patch levels and ensure your core systems are up to [...]
Looks like there are quite a few issues emerging with various systems and components that many banks and such use for their core processing. The last few weeks have seen issues in Oracle, MySQL, AIX, of course Windows and various supporting tools and services. Given the importance of core processing availability to most financial institutions, [...]
I just wanted to post this pointer to another article of mine that ITWorld is running. This one is an explanation of some ideas of different approaches to doing security testing of applications. If you are considering app testing, and want to get an overview of pent testing, code review and hybrid processes, this is [...]
My column at security.itworld.com is now running an article I wrote about the key ideas behind risk assessment, and the top three things that organizations need to know when they are considering risk assessments. You can find it here. I especially think that more organizations need to remember point number two, which is that the [...]
In this day and age, almost anyone can invade your computer system and steal your data. This makes it all the more essential to ensure that beyond your perimeter network security barrier, you have a line of defense inside your system. That line of defense is encryption. Storing data unencrypted on your hard drive isn’t [...]
Say what?? Some special characters are better than others for passwords. When an attacker gets a password hash, they need to pick which charset to use to crack it. Some people say there are only 4 categories: lower alpha, upper alpha, numbers, and special characters. However brute-force password crackers like Cain, and more advanced cracking [...]
The BBC finally validated what security teams around the world have been saying for a couple of years – home user machine security counts too. In a recent test by the BBC news team, they used a honeypot to emulate a home user system with a high-speed connection. What they found is likely not surprising [...]
For the last several months, news has been coming from the various security vendors that attacker focus has shifted away from banks and other financial institutions to the credit unions. The attackers probably assume that credit unions are an easier target than the banks. In our experience this is simply not true. Though credit unions [...]
I just heard from a client, one Mr. BW, we shall call him, that he has a smart new use for HoneyPoint Security Server in his organization. In addition to using it as designed, to capture emerging internal threats, Mr. BW has found a way to make use of HoneyPoint’s emulated web server to catch [...]