Viewing posts for the category Information Security

Bus Factor

Many of you may be familiar with bus factor, lottery, truck factor, and/or bus/truck number. For those that aren't though, I wanted to take a small moment to explain it. The concept is quite simple. This "factor" is nothing more than a scary way of labelling the number of developers a project could stand to lose (get hit by a bus) before the project couldn't continue. People have various events in their lives that permit or prevent them from performing certain tasks. As with software development someone's ability to keep working on a project could be taken away by changing jobs, getting a promotion, winning the lottery and quitting, or the more tragic getting hit by a bus/truck.

Read More


Old vs New: A Comparison of Magnetic Stripe and Chip-and-PIN

I was doing some poking around on the internet recently, reading various stories about different network breaches and loss of credit card numbers and I was reminded of the semi-recent Target breach and how they're making a push to switch to chip-and-PIN cards. This made me think it would be a good idea to do a a write up on the differences between chip-and-PIN and traditional magnetic stripe credit cards.

Read More


I Have Vulnerabilities On My LAN. So What?!

During the course of my penetration testing engagements (where I pretend I'm a malicious user and attempt to do naughty things on the network), I usually see or detect many vulnerabilities that are typically not found on the public internet. These vulnerabilities range from a small information disclosure (yawn) to full remote code execution (OH YES!) and of course everything in between. As a good security professional, my recommendations are to fix every single vulnerability found. This would exclude vulns that exist due to a specific business need, such as legacy systems or applications, or other legitimate reasons. When I suggest that we fix all of them, I often receive pushback from IT staff and sometimes even the stakeholders.

Read More


Heartbleed Hanging On

More than a month has past since the disclosure of the Heartbleed vulnerability and it is still making the rounds in the news. Even though it presents a serious security issue to Internet communication there are still a good number of servers and services that haven't been fixed. There is also evidence that a good portion of remediation efforts have fallen short and are insufficient to protect against and resolve the issues created by Heartbleed.

Read More


My Software is End-of-support, Who Cares?

With the ultimate demise of Windows XP comes questions of what it really means that software is "unsupported?" I get this question a lot when a client reads through a penetration test report for their environment and wants to know why they can't use an out-of-date version of XYZ webserver software or Windows XP (which, by the way, was supported for just shy of twelve years).

Read More

GET IN TOUCH

Call us at (214) 556-6613 or   CONTACT US