Security Balance

I’m surprised that most of the MitB attacks are still just stealing credentials instead of changing transaction contents on the fly. I can see that credentials have an intrinsic value on the “black market”, but the attack model of stealing credentials and then using them to log into the victim account to perform transactions seems [...]

I don’t hide it from anybody; when doing pentests, my favorite approach was to simply browse information in open shares until I could find some user credentials there (yes, in big organizations, they are always there: scripts, source code, ini files…). With those in hands, try to see what else I was able to have [...]

Two posts in a day…I’m probably sick or something like that I was reading an interesting article by Bill Brenner on CSO Online, “Five Security Missteps Made in the Name of Compliance”. Although I don’t disagree with what is listed as missteps (in fact I think they are quite correct), something in the last paragraph [...]

OK, I’m trying to get out of from a long hiatus of producing content by putting together a presentation about Log Management: the devil is on the details. I have been working in log management projects for some years by now and I noticed I managed to assemble a nice list of small issues that you find [...]