OK. so, I can’t resist commenting on this breaking news and I’m looking forward to seeing where it ends up. It has a little bit of everything in it – potential invasion of privacy, allegations of hacking, accusations of adultery, maybe even overzealous prosecution… and the list goes on. You’d think this was a story right out of Beverly Hills but no it’s taking place in Michigan. The suit is based in alleged violations of a statute apparently intended for … →
It has been a long year, but the weeks on the road have paid gastronomic dividends. Gems uncovered, old standards revisited, experiments gone bad. Congratulations to this year’s winners. Best Dish Fresh Trout Luncheon Special, Mac’s Old House, Antioch CA – Nothing beats fresh delta fish for under $10. Cash only. Finalists Falafel, Azuri Cafe, NYC Cereal Milk, Momofuku’s Milk Bar, NYC Cinnamon Roll, Stella’s Kitchen and Bakery, Billings MT Potato Taco, Reyes Market, Carpinteria CA Best Restaurant Portos, Glendale/Burbank … →
Year end is always a great time to reflect and assess resolutions, improvements and goals, which makes me think about major improvements banks and financial organizations have made towards security in the last year. Most companies are doing everything they can to make sure the customer has a safe, secure and somewhat enjoyable/hassle-free experience with online banking. My question is, is the customer doing everything to make sure they are safe? Most financial organizations rant and rave about personal relationships … →
Have a fresh Microsoft Windows 2003 or 2008 domain just deployed and don’t know where to start? Inherited a potentially questionable domain and looking for some basic things to check? Already know what you’re doing and want a sanity-check? Here are the recommended Password Policy settings to configure to try and creep towards that impossible balance of usability and security. All of these settings should be configured at the Default Domain Controllers OU level. Minimum Password Length This is an … →
Performing security assessments for our clients, not only brings us around the globe, but also provides a global view of effective security processes. Here are the key attributes we see in our clients that are successfully managing security risk: process, process, process. Whether our view of client security operations is from an external perspective (i.e. penetration test or web application security assessment), or from an internal vantage (i.e. internal security assessment), or even an industry specific viewpoint as we see … →
Designing an effective Information Security Program is a process that requires a thorough knowledge of your assets (what you’re protecting) and the threat sources (the type of entity that might try to get it). Understanding these two factors is foundational to building an Infosec program. Based on the results of this characterization you will have an idea of the level of security you need. For example some workplaces have snacks in their lunch room that rely on the honor system. … →
HHS delivered an early Christmas present today with its announcement that registration for the Medicare and Medicaid electronic health record (EHR) system incentive programs opens on January 3rd. Blumenthal, head of the HHS Office of the National Coordinator for Health Information Technology is urging inter-connectivity for the benefit of patient, providers, payers, employees, the national interest and all mankind. While visions of sugar plums and super information health highways are dancing in his head, let’s take a moment to reflect … →
Garnet Hill data breach. Is this related to the McDonalds email provider breach? What “preferences” were stored about me? →
L0phtCrack was one of the original and greatest hacking and auditing tools of the 90′s, essentially creating the modern LM/NTLM password auditing landscape. L0pht Heavy Industries – the creators of the tool – were instrumental in raising awareness of both the ease of cracking passwords as well the obviousness of how poorly people choose passwords. →
In the post-9/11 world, disparate government agencies took flack for their need-to-know data sharing policies. To improve intelligence efforts, a need-to-share policy was employed, ideally resulting in more efficient communication and flow of inter-agency information. A need-to-share policy, however, also increases the risk of unauthorized access due to an increased threat-source population. Is opening up access and consequent weaker access-control a worthy security trade-off? Let us know what you think!
