Articles

Just finished watching the 7th BT Big Thinker's online panel session. Highly recommended viewing if you have an hour to spare. An intelligent discussion of the problems we are now facing as a web-enabled society - issues which are increasingly more human in nature and affect our finances and well being. The panellists are very knowledgeable (they have to be) .. and the host is Bruce Schneier - do I need to say more?

Enjoy.

Posted by Sandro Gauci

Kevin Beaver and Caleb Sima have posted a short 2 page article outlining how easy it is to fall into the trap of looking at security vulnerabilities out of their context, and making a big deal out of it. I personally enjoyed this text mostly because it mentions a few specific examples - like the assumption that having Microsoft Frontpage directories means that the site is vulnerable to Frontpage attacks. The article puts a lot of weight on perspective and context, which will enable better vulnerability assessment by focusing on the things that matter most.

This eye opening writeup can be found at http://www.infosecwriters.com/text_resources/pdf/Vuln_Assessment_KBeaver.pdf

Posted by Sandro Gauci

We noticed that our website was down over the past couple of days and at times not resolving correctly.

Our hosting service provider has not given any reason for these problems however Sans report that they had a DDoS attack.
It was thought that the outage has something to do with the DST issue however this was not the case.

So far the problems seems to be mitigated. You can read more about the DOS attack here as reported on March 12, 2007.

Posted by Donald Tabone

961 hits

Every business or organisation has valuable assets and resources which need to be accounted for both physically and functionally. In this there is nothing essentially new, however the business of information security is all about risk management. Risks on the other hand are made of threats and vulnerabilities.

Threats --- A threat can be an internal or external circumstance who's impact could have negative or undesirable effects on an organisational asset. The potential for a threat-source to exercise (accidentally trigger or intentionally exploit) a specific vulnerability.

Vulnerabilities --- A vulnerability is a loophole or weakness of a safeguard in an asset that makes an threat potentially more harmful or costly more likely to occur on a frequent basis - resulting in a security breach or a violation of the system’s security policy.

Therefore an asset here is some resource that has some value to an organisation and must therefore be protected. Then again, assets can be tangible such computers, data, software, records or intangible such as privacy, access, public image, ethics -- both of of which might have a tangible value (purchase price) or intangible value (competitive advantage).

Continue reading "Securing your companies assets - part I"

Posted by Donald Tabone

Security is not all serious - some things can actually be quite funny. Like the life sized trojan horse which made it through various establishments. Or on Vista's UAC (user account control) feature which apparently everyone and their granny seems to be turning off. Humor just helps lessen the seriousness of such things but all of these have some real life implications of course.

Some websites are dedicated to the amusing side of security. SecurityBullshit is one particular website which picks on things like marketing of security products. On the other hand, StupidSecurity fingers bad security related decisions and the shortcomings of some solutions.

One thing is for sure - security related humor has a tendency to be black humor.

Posted by Sandro Gauci