Wired has a good article covering the fact that 2007 was the worst year on record when it comes to the amount of credit card and social security numbers disclosed to third parties.
Seriously people wake up. PCI might be nice and it might set a baseline and all that nice stuff. It is still [...]
Entries from December 2007
Is PCI Really Working? 2007 Worst Year Yet
December 30th, 2007 ·
Tags: Security · Security Industry
Top 10 Security Stories of 2007
December 26th, 2007 ·
This is my list of the Top 10 security stories of 2007. Since I am a Web Application Security guy this list is slanted in that direction for sure. If you think something should be in my list that I missed post a comment!
10. Penetration Testing Goes Prime Time - No this is not a [...]
Tags: Security
My Review of Tiger Team
December 26th, 2007 ·
That was not what I expected but that is mostly due to my definition of penetration test being way too narrow. Tiger Team ends up being a “It Takes a Thief” knockoff with a tech twist. In my book that makes for some good TV. I really enjoy “It Takes a Thief” which is [...]
CourtTv Tiger Team Trailer
December 19th, 2007 ·
CDC seems to think this is going to be good, but then again one of their guys is going to be in it. I still have my doubts but I did find the trailer.
If you enjoyed this post, make sure you subscribe to my RSS feed!
Tags: Security
Security Consultant Hacks: Size Matters
December 19th, 2007 ·
This is part of my occasional series on security consultants and how best to employ them.
Security consulting operations come in the standard small, medium and large sizes. Small shops are less than 30 consultants, medium 31-200, large 201+.
Small shops: Sometimes known as boutique firms or lifestyle firms (since the people that run them take jobs [...]
Tags: Security · Security Industry
Tiger Team on CourtTV
December 18th, 2007 ·
This should be fun to watch, kinda like watching a train wreck. “Tiger Team” is a new “reality” series where the follow a security team as they try to break into some corporations network/property and make off with the goods.
I am going to go out on a limb and say they always get in. I [...]
Tags: Security Industry
Top 10 “Underground” Security Resources
December 17th, 2007 ·
Not underground like the Russian Business Network but not as well known as some people think. These sites and conferences will be well known to some but I am amazed that everyone does not know about them. You are uber cool if you know about them all!
2600 - An oldie but a goodie. 2600 [...]
Tags: Reviews · Security · Security Industry
Hacking Tips from 1983
December 17th, 2007 ·
Some kids at Santa Clara high students hacked into school’s computers. The kicker, they where found because they wrote down the passwords and left them in the library, pretty much just like in WarGames. They then used there access to look at test questions and their fellow students homework.
WarGames was a seminal moment in [...]
Presentations from ClubHack
December 15th, 2007 ·
The presentations from ClubHack have been posted. I did not attend this conference but the presentations look pretty good.
If you enjoyed this post, make sure you subscribe to my RSS feed!
Tags: Security · Security Industry
PCI Sets the Ceiling Not the Floor
December 7th, 2007 ·
I was somewhat surprised to read this post from RSnake about how good PCI is for business. I have to disagree with him. While I agree that PCI sometimes sets a floor for a minimum is also sets a ceiling for a vast majority of organizations.
PCI compliance has become the must have for any organization [...]
Tags: Security Industry
