Recent events serve as the best example of how the context of security has shifted from the once server-centric model to that of a decentralized threat landscape. From the Heartbleed attacks to the widespread Internet Explorer vulnerabilities and finally the sensationalized OAuth issues, it appears that even organizations with a hardened perimeter infrastructure are just as vulnerable as an end-user at home.
The Internet Watch Foundation works to remove online videos and images of child sexual abuse and its 2013 Annual & Charity Report highlighted significant milestones achieved and a big year of change.
I attended one of the Black Hat training sessions titled “Advanced C++ Source Code Analysis.” It was quite fascinating! Looking through source code for bugs seems to be a different mindset from writing software.
A renewed sense of urgency to secure information, networks and electronic devices in order to thwart advanced hacking techniques loomed over the 2013 RSA conference floor in San Francisco. The harsh realization that traditional security measures simply don’t cut it anymore was confirmed by various keynotes and casual hallway conversations between peers.
At DEF CON 2012 in Las Vegas I sat through a presentation titled “Owning One to Rule them All,” hosted by penetration testers Dave Kennedy and Dave DeSimone. They discussed a recent penetration test that utilized Microsoft Systems Center Configuration Manager (MSCCM) to gain access to essentially an entire network of computers. MSCCM is intended to streamline the management of multiple devices – desktops, laptops, smartphones and tablets – within IT infrastructures. While a tool like MSCCM may seem convenient, granting too many administrative features can lead to more serious network security headaches, including breaches.
I had the privilege of discussing the state of mobile phone payments systems, like Google Wallet, on a local radio station show called “Backbone Radio” in mid-February, 2012, which is co-hosted by Joshua Sharf. The segment aired on 710-AM KNUS in Denver and 1460-AM KZNT radio out of Colorado Springs.
IPv6 enabled websites are steadily increasing as the availability of IPv4 addresses continue to diminish. While most current company network architectures already support IPv4, it is crucial that applications be ready to support the new IPv6. Migrating to IPv6 is not easy and challenges may arise involving both the network and application layers, as zveloLABS.
They always independently verify that their client is the best. Well, independent tests these days are a joke.