We finally got everything arranged and we got all of the ducks, not just in a row, but quacking nicely together and we are going forward with the TechColumbus presentation on E-Voting. Come out on October 17th and hear about the EVEREST project, attacks against voting systems and the work that the entire EVEREST team [...]
What is a good password? Well, that depends who the password is for and what the password is protecting. For a normal system user that only has access to limited amounts of information, services and software, the most important thing about a password is that it’s hard to guess and that they protect it properly. [...]
We got a great story this week from a user of HoneyPoint:Network Trust Agent (NTA). This user touched base with us to let us know how his NTA deployment on his laptop helped his security team identify a critical network hole. His story started as usual, he had downloaded NTA after one of our conferences [...]
Our HoneyPoint deployments have been picking up a recently added (August 08) scan signature from Morfeus, the bot-based web scanner, that has been around for a long time. The new scans were first detected on our consumer grade DSL/Cable segments in late August and have now also been seen on our Corporate environment sensors as [...]
Just got a great question about the visual layout of the blog page. To answer the questionof why we don’t increase the “flash” of the blog page that RobM asked about, the answer comes from Marketing Guru Seth Godin – we want you to focus on the signal contained in the blog posts, not the [...]
OK, I spent the last week or so working on my Twitter capability. But, I have to say, after a week, Tim Ferriss’s strategy of not following people really seems to be limiting the capabilities that Twitter seems to bring to the table in terms of information aggregation, conversation and leveraged crowd sourcing on ideas. [...]
This morning I ran a quick Google Trends look at three types of vulnerabilities: buffer overflows, SQL injections and cross-site scripting (XSS). The results are interesting to me, though certainly no shock. You can view the graphs and data here. What we see are spikes of interest in injections while both XSS and buffer overflow [...]
I’ve often heard folks downplay the importance of securing their internal network, indicating that the real threat is from the outside, from external attackers, so why expend the effort? When we think of threats we often recall the many stories of internet attackers who gain access through internet-facing systems and wreak havoc by stealing information [...]
It has been a turbulent last few days around MSI and in Central Ohio at large. On Sunday, we experienced the left overs of Hurricane Ike. Being in the mid-west, we were not quite prepared for what came our way. Wide swaths of the state experienced winds as high as those associated with a minor [...]
I know we have always preached that application security is much more cost effective when it is baked in. But, the reality of today’s application horizon is that security is an afterthought, at best, for a majority of web applications. A variety of reasons ranging from inexperienced developers to legacy technologies and from apathetic customers [...]