Surviving the Week 5/18/2012

WAF Wars

WAF is more commonly used as an IDS rather than IPS, This is mainly due to the amount of alerts they generate when using a default rule set. To use a WAF more effectively requires the writing of custom rules which can be a daunting effort. NTODefend generates custom WAF rules for vulnerabilities discovered by NTOSpider. Many of our customers implement these auto-generated WAF rules to specifically block the vulnerability findings while providing a mitigation strategy so that application developers have the time to re-code and fix the vulnerabilities –
http://blog.imperva.com/2012/05/waf-wars.html

An interview with Christopher Doyon, a.k.a. Comander X of Anonymous

It’s very interesting to get a glimpse from the inside of Anonymous.  We’ve all heard much about this hacktivist group and it’s several factions such as LulzSec.  These folks have a global influence and are changing culture.  It is believed that some of the values that drive Anonymous have lead others into the Occupy movement.  It’s a powerful statement this group makes and the actions they take.  We’ve encountered their activities on several occasions and we are in this business to help businesses mitigate the risk posed by this and other groups to follow.

http://www.vancouversun.com/technology/Anonymous+Heroes+terrorists/6616378/story.html

Companies are slow to react to the mobile security threat.

This presents a large opportunity for nefarious programs to take advantage of the BYOD initiative and own corporate networks.  Nearly 9 in 10 executives and employees are using their personal smartphones or tablets for business and without permission.  And it’s believed by some that most of these users do not have any consideration for the security of these devices, their idiots.  This article claims that nearly 2/3 of IT managers in china have reported a security risk as a result of personal devices on the corporate network.  The threat is real and we need to take immediate action as an industry to to identify the risks.

http://www.csoonline.com/article/706335/companies-slow-to-react-to-mobile-security-threat?source=rss_cso_exclude_net_net 

http://www.csoonline.com/article/706335/companies-slow-to-react-to-mobile-security-threat?source=rss_cso_exclude_net_net

Secure your mobile

It’s expected to be a hot topic.  With that, here are a few links to articles that help point readers to techniques and apps for security.

10 ways to make Android faster, more productive and more secure

Mobile Device Management – tools and technologies for the BYOD era

They are still at it

Anonymous hacks a pedophile website and leak it’s data.  How?  SQL Injection

facebooktwittergoogle_plusredditpinterestlinkedin
About Dan Kuykendall 159 Articles
Connect with Dan on Google+

Be the first to comment

Leave a Reply

Your email address will not be published.


*