Death of Antivirus & Indicators of Compromise
This week there have been articles popping up all over the Internet with quotes from a Symantec executive stating that antivirus software is DEAD. The articles state that antivirus solutions are only catching about 45% of cyber attacks. Both the Wall Steret Journal and Brian Krebs (Krebs on Security) posted great articles on the topic and the current state of antivirus solutions.
Heartbleed: 0-day Vulnerability in OpenSSL
A widespread and impactful 0-day vulnerability has been identified in current versions of OpenSSL that is utilized in most Linux and Unix based web servers that serve pages over SSL/TLS encryption
Everyday Cybercrime and What You Can Do
I'm a big fan of Ted Talks. I came across one that was very interesting and relevant to security. James Lyne, a cybersecurity specialist with Sophos, discussed the basics of everyday cybercrime and the simple steps each of us can take to protect ourselves from cyber attacks.
Cyber Attacks & Emergency Preparedness
Today I came across an article published on the Digital transactions. The overall focus on the article was about how small, level 4, merchants are still lagging behind when it comes to PCI compliance and conducting risk assessments in their organizations.
Web Application Session Auditing Part 1: Intro
Web application session handling is one of the most difficult things to do right. As we move more and more towards standard web frameworks (django, rails, etc.) to handle the basic functionality of a custom web application, this becomes a smaller issue. Unfortunately, there are engineers and developers that insist on going it alone in this realm. There are also legacy applications that require backward compatibility and then there are just plain old out of date applications that still serve publicly.