Surviving the Week 5/18/2012

WAF Wars

WAF is more commonly used as an IDS rather than IPS, This is mainly due to the amount of alerts they generate when using a default rule set. To use a WAF more effectively requires the writing of custom rules which can be a daunting effort. NTODefend generates custom WAF rules for vulnerabilities discovered by NTOSpider. Many of our customers implement these auto-generated WAF rules to specifically block the vulnerability findings while providing a mitigation strategy so that application developers have the time to re-code and fix the vulnerabilities -
http://blog.imperva.com/2012/05/waf-wars.html

An interview with Christopher Doyon, a.k.a. Comander X of Anonymous

It’s very interesting to get a glimpse from the inside of Anonymous. We’ve all heard much about this hacktivist group and it’s several factions such as LulzSec. These folks have a global influence and are changing culture. It is believed that some of the values that drive Anonymous have lead others into the Occupy movement. It’s a powerful statement this group makes and the actions they take. We’ve encountered their activities on several occasions and we are in this business to help businesses mitigate the risk posed by this and other groups to follow.

http://www.vancouversun.com/technology/Anonymous+Heroes+terrorists/6616378/story.html

Companies are slow to react to the mobile security threat.

This presents a large opportunity for nefarious programs to take advantage of the BYOD initiative and own corporate networks. Nearly 9 in 10 executives and employees are using their personal smartphones or tablets for business and without permission. And it’s believed by some that most of these users do not have any consideration for the security of these devices, their idiots. This article claims that nearly 2/3 of IT managers in china have reported a security risk as a result of personal devices on the corporate network. The threat is real and we need to take immediate action as an industry to to identify the risks.

http://www.csoonline.com/article/706335/companies-slow-to-react-to-mobile-security-threat?source=rss_cso_exclude_net_net

Secure your mobile

It’s expected to be a hot topic. With that, here are a few links to articles that help point readers to techniques and apps for security.

10 ways to make Android faster, more productive and more secure

Mobile Device Management – tools and technologies for the BYOD era

They are still at it

Anonymous hacks a pedophile website and leak it’s data. How? SQL Injection

Last updated by Dan Kuykendall at September 10, 2012.

About Dan Kuykendall

Dan Kuykendall is the CTO and Co-CEO at NT OBJECTives. Dan is a founder of NT OBJECTives and has been with the company for more than 10 years. He is responsible for the strategic direction and development of products and services and works closely with technology partners to make sure integrations are both deep and valuable. As a result of Dan’s dedication to security, technology innovation and software development, NTO application security scanning software is often recognized as the most accurate because of its sophisticated automation techniques. Dan joined NT OBJECTives from Foundstone, where he was responsible for the portal interface to the company’s flagship product, FoundScan. Prior to Foundstone, Dan was the founder of the Information Security team in the United States branches of Fortis. Dan is a regular blogger on web application security issues on ManVsWebApp.com and co-hosts An Information Security Place Podcast. His has presented on the topics of mobile and application security at many of the top security industry conferences such as ISSA (2011), B-Sides (2012-2013), OWASP AppSecUSA (2012), HouSecCon (2010-2012), ToorCon (2013) and THOTCON (2013). Dan has been involved with Web Application Security Consortium and is a regular contributor to many open source development projects including founding the RPM Builder, phpGroupWare and podPress projects. Connect with Dan on Google+