Most recent blogs, videocasts, papers, etc.

Stolen passwords don't have to be the end of the world... (April 14, 2014)

Getting your Facebook, Google, or Yahoo password stolen is not necessarily a critical issue. It depends on how you configure authentication to these and other sites that allow multi-factor authentication (MFA).

Vcast Episode 2 - 2014 Internet Security Threat Report (April 13, 2014)

Following a look at Heartbleed and a list of sites needing password changes, we review the findings of the Symantec 2014 Internet Security Threat Report. Finally, we dig deeper into risk management by discussing avoidance, acceptance, mitigation, and transfer of risk.

Security Crossword #2

Theme: Ethical and not so ethical hacking

FTP Risk: It is bigger than you think

FTP can be a big gap in your security framework. Attackers can use it to upload and execute code or as a channel through which to extract collected data. Blocking ports 20 and 21, ports reserved for FTP, isn’t enough to protect your servers and network

Vcast Episode 1 - Zeus Trojan Defense

A look at the new iteration of the Zeus banking Trojan, how to defend against it, and Part 1 of Practical Risk Management

Security Crossword #1

Have a little fun on break or while waiting for a process to complete.

Heap Spraying Dynamics and Defense

Well-defended organizations have become difficult targets for cybercriminals using traditional network intrusion vectors (i.e., hacking a firewall). However, attacks leveraging browsers and ActiveX controls still find open doors to end-user devices. While software developers and security pros have made significant progress in blocking many such attacks, several remain prevalent. One such attack is the heap spray.

WinRAR Vulnerability Elevates User Risk

WinRAR, a popular file archiver (both RAR and ZIP) provides attackers with the ability to create malicious archive files masquerading as harmless data repositories.