Security

What is Private?

First of all a disclaimer – I’m not a lawyer and have no extensive knowledge of the laws of any country. This article represents my opinion and nothing more. Following a few stories on the news, it occurred to me that the lines of privacy are becoming difficult to define in the digital age. I […]

Read More

From the hacker’s perspective

How would you hack? I noticed that when I’m trying to secure a system I always have a very organized and structured way of thinking. On the other hand, when I’m asked that question “How would you hack this?” I always have a very different way of thinking. It’s a lot more random and out-of-the-box. […]

Read More

Security Myths and Truths

When we watch movies and hear chatter we unconsciously internalize a lot of myths about security. I think it’s time to separate some myths from actual truths. Myth #1: Hackers are all powerful “A good hacker can gain access to any system in 5 minutes and change or steal whatever they want”. While I shouldn’t […]

Read More

Trazabilidad en su base de datos Oracle sin excepciones!

Una aplicación normal de base de datos Oracle tiene muchas brechas de seguridad y lo que es peor no tienen ni los mecanismos de alerta ni la capacidad de detección necesarias. De acuerdo a los informes anuales de seguridad de Verizon, la mayoría de las violaciones de seguridad que terminan en perdida de datos son […]

Read More

Oracle Database Security – Part 2

This is part 2 of a series of posts aiming to analyze the real world security challenge of the Oracle database. Part 1 discussed the potential risks to the database, and this part will discuss the methods likely to be employed by each individual to compromise the data. So How will the breach occur? While […]

Read More

Oracle Database Security – Part 1

Securing any system is a complex task, but the Oracle database poses special challenges. This series of posts aims to analyze the problem and come to conclusions about what can and should be done in real world environments. The first step in security analysis is risk assessment, so part 1 will focus on: Who poses […]

Read More

BlueCross BlueShield

On Friday, October 2, 2009 at approximately 6:13pm, someone stole 57 hard drives from a network closet in a BlueCross BlueShield office in Chattanooga, TN. See the original notification issued by BlueCross BlueShield here. The drives contained unencrypted audio files of over 1 million customer support calls totaling 50,000 hours of conversation, along with 300,000 […]

Read More

Anonymous, LulzSec: Heroes or Villains?

I just read a post on Gov Info Security with the same title. While I find that post to be a little without focus, I think the subject is a good one and deserves attention. You can read an example of their mischief in this post I think there are a handful of good things […]

Read More

Security State of the Government

I read a survey today about about the state of government security as perceived by more than 200 government IT security professionals. I found the results to be very interesting. The survey shows concern is mostly about inside problems. The further outside the threat is, the less it is considered a threat. I find this […]

Read More

(UN)SAFE

The cover story of the April issue of Dark Reading was “Diary Of A Breach” by Adam Ely. I read it a few months ago and remembered it this morning when I was reading about the SAFE Data Act. “Diary of a Breach” was a well written piece that walked the reader through an imaginary […]

Read More
Page 1 of 212»