Welcome to Delicate template
Header
Just another WordPress site
Header

Security Notes

January 30th, 2008 | Posted by Dominic Schulte in Security - (0 Comments)

For those who haven’t already noticed, Security Notes[truedigitalsecurity.com] are now accessible from this blog! For this month[truedigitalsecurity.com], I discussed how many organizations seem to be emphasizing perimeter security to the detriment of many other aspects that make up a healthy, holistic security program.

For more examples of why just keeping people out doesn’t solve the whole problem, check out this[sans.org] Internet Storm Center Diary and this[truedigitalsecurity.com] previous post.

Dominic Schulte

Dominic Schulte

Dominic Schulte currently serves as the Managing Director of Security Services & Consulting at TRUE, where he is responsible for the execution of a wide range of security and regulatory compliance services. Previously, Dominic worked with the National Security Agency (NSA) as a Global Network Exploitation and Vulnerability Analyst in the National Security Incident and Response Center (NSIRC). He holds CISSP, QSA and CNSS 4011-4015 certifications.

, ,

If you’re going to go postal, at least be certain of your situation

January 30th, 2008 | Posted by Brett Edgar in Security - (0 Comments)

For an example of the insider threat in action, check out this story[foxnews.com]. I’ll bet she feels stupid!

Think the insider threat isn’t a big deal? You’re wrong[cert.org]. In 1999, NIPC estimated that 55% of attacks were perpetrated by an insider. Some groups put the current totals as high as 85%. Whatever the case, if your organization is going to be attacked, the most malicious actions will likely come from an insider–destruction of company information, exfiltration of proprietary data, etc. Why? Because an insider knows exactly where to look for data, what data is most valuable, and what is most important to business continuity. Joe Hacker on the Internet is looking for big, juicy targets with lots of personal data (for identity theft) or bandwidth (so he can set up the biggest botnet and get the most money for renting it out).

Brett Edgar

Brett Edgar

Brett is a Founder and the Director of Managed Security Services at TRUE. He has been working in the system and network forensics field since graduating from the University of Tulsa with a B.S. Computer Science in 2003. He speaks hexadecimal fluently and is TRUE's resident human Ethernet transceiver. He holds CISSP, CSSLP, and CNSS 4011-4015 certificates, loves MLB and NCAA Football, and when he gets tired of hexadecimal, he goes home to hang out with his wife and kid.

Twitter - More Posts

, ,

Terrorists Need Privacy, too

January 25th, 2008 | Posted by Dominic Schulte in Encryption | Give me more Internets! | privacy | Security | Terrorism - (0 Comments)

We can all breathe a collectively sigh of relief – terrorists now have the ability to communicate securely[reuters.com]. I was really starting to be concerned for their privacy…

Dominic Schulte

Dominic Schulte

Dominic Schulte currently serves as the Managing Director of Security Services & Consulting at TRUE, where he is responsible for the execution of a wide range of security and regulatory compliance services. Previously, Dominic worked with the National Security Agency (NSA) as a Global Network Exploitation and Vulnerability Analyst in the National Security Incident and Response Center (NSIRC). He holds CISSP, QSA and CNSS 4011-4015 certifications.

, , ,

HBO to the Internet

January 25th, 2008 | Posted by Dominic Schulte in Give me more Internets! - (0 Comments)

HBO will soon make many of their shows and movies available on the Internet[reuters.com] for no additional charge, similar to what many other channel are already doing. In related moves, Wal-Mart recently suspended Internet movie rentals and Apple added movie rentals to its iTunes store.

While people are undoubtedly interested in accessing this type of content on-demand over the Internet, I wonder whether Wal-Mart’s move indicates an unwillingness in consumers to pay for such services. It will be interesting to see whether Apple has better success with their movie rentals.

Dominic Schulte

Dominic Schulte

Dominic Schulte currently serves as the Managing Director of Security Services & Consulting at TRUE, where he is responsible for the execution of a wide range of security and regulatory compliance services. Previously, Dominic worked with the National Security Agency (NSA) as a Global Network Exploitation and Vulnerability Analyst in the National Security Incident and Response Center (NSIRC). He holds CISSP, QSA and CNSS 4011-4015 certifications.

, , , , , ,

Unintended Denial-of-Service

January 16th, 2008 | Posted by Michael Oglesby in Security - (0 Comments)

For those who do not follow Apple news, today was the annual Apple keynote by Steve Jobs. These keynotes are highly anticipated as Jobs usually surprise announces the new Apple products: iPod, iPhone, MacBooks, etc. Since most people cannot go to the keynote, websites like Engadget[engadget.com] provide a live running blog of the event. Even knowing that they would have a abnormally large number of visitors to their site, Engadget was still taken down[engadget.com]. The massive amount of people visting their site caused a denial of service at 2 AOL data centers (AOL hosts Engadget). This goes to show that even with advanced planning, unintended or non-malicious denial of service is still a threat.

Michael Oglesby

Michael Oglesby

The Director of Tactical Security Services at TRUE, Michael specializes in security testing initiatives with vast network and application security assessment experience. He oversees a team of analysts in conducting SAST- and DAST-based services. Certifications include CISSP, CSSLP, QSA and CNSS 4011-4015. He is also the Verizon 2010 Data Breach Investigation Report Cover Challenge Winner and second place finisher in the 2011 competition.

Twitter - More Posts

,