BLOG

I came across a good little article [^1] earlier in the week about setting up guest Wi-Fi and I think it should really hit home with many small business owners. Simply throwing up a wireless access point and connecting it to the rest of your network so guests can have internet access is a great way to cause yourself a whole lot of pain. Not only does doing something like that have harsh PCI compliance ramifications, your systems are wide open to anyone connecting to your Wi-Fi. Depending on the range your access point allows you could have a data breach without the attacker even setting foot on your property giving any physical controls you may have in place a zero chance of working.

Read More

This week's wrap up includes information on failing incident response, an update on the Chase Bank data breach, Jimmy Johns data breach, and the Good Will data breach.

Read More

This week's wrap summarizes the Jimmy John's data breach and the breach on Japan Airlines.

Read More

This past Wednesday, September 24th a vulnerability in bash was announced and I wanted to give a quick summary or run-down of the situation and how it may effect some of us. The vulnerability allows code execution in bash simply by setting certain specific environment variables. The vulnerability was originally found by Stephane Schazelas, and later Travis Ormandy disclosed a secondary exploit that manages to circumvent the initial patch. Given the fact this vulnerability revolves around using bash shells it has been given the name "shellshock". It has also been assigned two separate CVE numbers, CVE-2014-6271 for the original vulnerability and CVE-2014-7169 for the secondary variation.

Read More

Aeris Secure and the Arizona Restaurant Association are hosting a free lunch and learn on cyber security and the threat it poses to your business. We will discuss what you can do to prepare for, and ultimately prevent a data security breach from happening.

Read More