Security Balance

Wednesday I went to the TASK meeting and learned about Seth Hardy, who is trying to get his name included in the (ISC)2 Board ellection ballot. I really don’t know Seth, but I don’t like the 1% rule from (ISC)2, where a member who wants to be a candidate for the Board must gather signatures [...]

Now that I’m back to pen testing I’m having the chance to see the mistakes that admins are going into nowadays. There is something very interesting that Windows domain administrators sometimes forget and needs to be addressed as it brings serious security implications: login script files permissions. Login scripts are those little batch scripts that [...]

I already mentioned how I like stuff like port knocking. It can’t be used as replacement for other security measures, but it’s a nice way to keep important stuff out of radar. Imagine if you had some SSH daemons remotely accessible when that OpenSSL PRNG crisis started. I saw lots of admins running to replace [...]

The indictment of 11 people on a mass card theft is all over the news this week. I’ve seen reports about software developed to steal cards, war driving and other stuff that I really don’t know if it’s just bad press or actual facts. There are some good info here and here. Of course PCI [...]