Security Convergence

Security Convergence

I introduced Dr. Paul L. Kendall this morning at TRISC. Dr. Kendall is with Accudata Systems, Inc. He talked about security convergence, where Physical and IT security departments are starting to either merge or become very cooperative in organizations to help with incident response and security costs. It was very interesting to hear that some …

Read More Read More

Update on TRISC

Update on TRISC

Caleb Sima from SPI Dynamics had a great keynote this morning. I was pleased that it was a case study and a demonstration of SQL Injection and SQL Blind Injection. Very informative, and it really peaked my interest on Web security. I am more of a network security guy, but I am getting more and …

Read More Read More

We have wireless!!

We have wireless!!

Lo and Behold, the hotel has free wireless! Of course, someone at the conference has most likely discovered it as well (I would be disappointed if they have not!), so they probably are sniffing my traffic as I type. If you see some unusual blog posts over the next couple of days, it might be …

Read More Read More

Out for a couple of days

Out for a couple of days

I wrote a quick post on Thursday about TRISC – Texas Regional Infrastructure Security Conference. The conference is from Monday, May 15 to Wednesday, May 17. I will be attending and announcing a couple of session speakers, so I probably won’t be posting during on these days. I will be taking pictures and posting some …

Read More Read More

Security Awareness Presentation

Security Awareness Presentation

I posted a couple of days ago on free security awareness videos from Educause. I also said in there that any security awareness program should be tailored to the environment. Well, I just finished recording a video for my company’s security awareness program. It was an hour long, and I pretty much developed the presentation …

Read More Read More

Another Certification Post – Is the CISSP being devalued?

Another Certification Post – Is the CISSP being devalued?

Martin McKeay has a good post in response to this article by Sean Walberg about the possible devaluation of the CISSP certification by teaching the 10 domains in college courses. My first thought was that Mr. Walberg is correct, that this will cause a flood of young, non-experienced CISSP’s. However, the experience requirement (5 years …

Read More Read More

Rootkits – Under the Radar

Rootkits – Under the Radar

This is a comment I made on Alan Shimel’s blog post about rootkits: “The rootkit issue is one that has been around for a while, yet it always seems to be that one issue that stays below the radar. It just never seems to be this major security issue that Security Vendors include in their …

Thanks to Alan Shimel

Thanks to Alan Shimel

Thanks to Alan Shimel for linking to my blog in this recent post. Alan is the CTO of StillSecure, which provides security solutions including IDS / IPS, network access control, vulnerability management, etc. I have heard great things about this company since being introduced to them. I posted about them recently. Vet

Netsky still a pain – WHY?

Netsky still a pain – WHY?

You remember Netsky, right? The major pain in admins’ backsides in 2004? Well, it is still causing problems out there. According to this InformationWeek article, Sophos is reporting that Netsky is the number one reported virus today – 2 years after its release (go here to see all the variations). I just have to ask …

Read More Read More

Educause giving away FREE Security Awareness videos!

Educause giving away FREE Security Awareness videos!

Educause had a computer security awareness video contest. Go here to take a look. I believe that most security awareness programs need to be directly tailored to the organization they are targeting, but if you need something quick and with some quality, this is a great resource. I picked this up from Martin McKeay’s blog.

Malicious Hacker Pleads Guilty for 2005 Bot Attack

Malicious Hacker Pleads Guilty for 2005 Bot Attack

Good. See more about the attack here. And since he used hospital’s PC’s as his zombies (idiot), see more at a medical blog here. Here’s the DOJ February post about the indictment. [Update] Martin McKeay brings up a good point about this with his latest post, entitled “Catching the low hanging fruit” at mckeay.net Vet

Sleepy Blogger – A Great Blogging Resource

Sleepy Blogger – A Great Blogging Resource

I just added a link to Sleepy Blogger. This is a great blogger resource run by Robyn Tippins. She is a professional blogger and a great person. She blogs at quite a few places, and she knows her stuff. She has many posts with blogging advice. Don’t miss it.

Geeks take down some C-Level Crooks

Geeks take down some C-Level Crooks

Here’s a pretty sweet little story about some admin guys taking down some dirty C-Level crooks.  I am not advocating their course of action, and I am not against all C-Level’s out there.  We need them as much as they need us.  But it is kinda nice to hear of some dirty crooks getting paid back.

HP’s IDM and StillSecure

HP’s IDM and StillSecure

I recently met with an HP rep on their IDM solution provided via their ProCurve switches. It looks very promising. He also said they were beginning a partnership with StillSecure for their remediation (loading updates, updating AV files, etc., while in a quarantine zone). I also ran across this blog entry by Alan Shimel. He …

Read More Read More

Blue Security Goes Nuclear

Blue Security Goes Nuclear

Go check out this blog post by Mitch Wagner at InformationWeek. Mr. Wagner, according to Blue Security, you are an accomplice to a notorious spammer! Go see Blue Security’s explanation and attack timeline. I hate spammers, but I don’t know a lot about Blue Security and how they work. I will let you know when …

Read More Read More

Aetna and the stolen laptop

Aetna and the stolen laptop

I talked about Fidelity losing a laptop that held personal data of 196,000 employee’s of HP in this post. Now it looks like Aetna has done it. Martin McKeay mentions it here. ZDNet has the the story. Looks like about 38,000 employees of two un-named companies (they asked to stay anonymous) had names, addresses, and …

Read More Read More

Some non-InfoSec blogs I peruse

Some non-InfoSec blogs I peruse

Thought I would post some non-infosec blogs I visit from time to time. Take a look at Michael Yon’s blog. This guy is amazing. Whether or not you agree with the war in Iraq and the war in terrorism in general, this guy has some amazing information. I will be adding a permenant link to …

Read More Read More

USC and FBI – I’m torn on this one

USC and FBI – I’m torn on this one

Here is a case where I am torn. Basically, Mr. Eric McCarty was going to register at USC, and in trying to help keep the Internet secure, he decided to test their registration website for flaws (he claims nothing but good intentions, which I really find no reason to disbelieve). Well, he found a big …

Read More Read More

What’s up with Ohio this week?

What’s up with Ohio this week?

Man, two more incidents in Ohio. I know my previous post is concerning the government, and these are from the Ohio University, but this is kinda crazy. The one breach happened on a server that was supposed to be decommissioned. Read this excerpt from the article: “We immediately took it off-line and got into the …

Read More Read More