Security Balancetrying to bring balance to the Force |
 |
I’m a bit late on this subject, but I think it’s worth a post. For those who usually do pentesting and usually get some access to Windows boxes, but are looking for a specific credential (like a domain admin), impersonating access tokens available can be a very useful approach. The details about how to do [...]
The logic behind risk management makes almost all companies to focus on protecting their servers instead of spending time on the workstations. Although it seems to make sense, it is important to note that people access, generate and input information on sensitive applications and servers mostly through their workstations. Owning the workstations of an organization [...]
Yes, a lot of security professionals went to the bill’s text and were not able to find anything related to information security, even when directed to sections 302 and 404. I was very happy to find this post from the eIQnetworks blog today, as it is written in the same exact way that I use [...]
I’ve stumbled upon this blog from Shrdlu (that just entered into my blogroll) and found a very good piece on why a CSO ends up working more (ok, as much as) than his/her employees. Also a very good post from him on incident response.
Richard Mogull mentions on his blog today the concepts of adaptative Authentication and Authorization. In short, from his post: “User: This is an area I intend to talk about in much greater depth later on. Basically, right now we rely on static authentication (a single set of credentials to provide access) and I think we [...]
I was very excited to read about TCG IF-MAP on Chris Hoff’s blog last week. Chris found that interesting as something that could bring some light to the “cloud nightmare” and to virtualization issues. I like IF-MAP, however, because it raises the security intelligence level on the network. Today most of SIEM installations are working [...]
John Pescatore is right when he says that talking about less regulation at this time seems to be not aligned with the current crysis, but the article he is pointing to is very precise on saying that the costs from SOX are pretty high and, as we could see, it wasn’t able to prevent cases [...]
A lot of noise about a new research that “cracked” WPA was made this week. Well, there are more details about it today, and they clearly show that the WPA sky is not falling. There is a very good abstract of what is happening on the article above: “To describe the attack succinctly, it’s a [...]
