What do average computer owners do when the antivirus they buy is actually malware?
In order to manage, you must be able to measure...
Like all passionate people, I have a manifesto. Here it is.
There have been events in my personal and professional life that have caused me to take a new perspective towards information security and vulnerability management. While New Year’s Day and spring are seemingly better metaphorical times for rebirth or renewal, I am choosing to rededicate myself to this blog and the mission that I set [...]
No, this isn’t an article about logic branching within applications, rather I was thinking recently about the epic battle between two opposing forces: If and When.
To describe If and When, you have to understand their personalities, their personal history and the way they look at the world.
When looks at the world with maybe a glass [...]
While perusing through my security reading lists today, I saw something that I thought I would never see:
Eight charged in $9.5m payment processor hack
This headline (Source: The Register) references the compromise of the RBS WorldPay application, and the subsequent draining of numerous accounts to the tune of 9.5 million US Dollars. In today’s world we [...]
In today’s online edition of the Wall Street Journal (WSJ) (Article: WSJ Online), I read about a report commissioned by congress to investigate nation-state hacking against the United States and companies within our borders. We have seen reports in the news of how the government and companies that sell materials and equipment to the government [...]
Important note from the author on this one. The article I read (Source: The Register) talks about a court case in Australia. The author would like to indicate that this particular defense may likely not be observed as jurisprudence in many locations, but thought the concept was interesting nonetheless.
According to The Register, a man living [...]
I read an interesting article this morning:
Symantec Press Release
Basically, Symantec has seen a rise in the sale of malware disguised as antivirus or other security software. Their full report (Full Report) while wordy for the average computer user basically confirms what people in the security industry have been saying for years:
The bad guys are getting [...]
This is the first installment in a series of three articles about vulnerability management metrics. In this first installment, we are going to try to explain VM metrics and how each individual finding rolls up into a higher level report which must be designed to confuse management and technicians alike.
At most of the user conferences [...]
When I think about vulnerability management…and how the discipline/technology has evolved in the last ten years, I get passionate. I get passionate not because I think that the technologies are not working, or that they haven’t evolved…I get passionate when I think about how we use them as information security professionals.
Like all passionate people (see: [...]
