Security Balancetrying to bring balance to the Force |
 |
A was reading this article about AppLocker, the application control system from Microsoft that runs on Windows Server 2008R2 and Windows 7 clients. There seems to be some very good improvements there, specially the “automatic rule creation” part.
In, short, an organization can buildĀ its “gold image” desktop, with all necessary apps, and run the automatic rule [...]
We finally have some information about what really happened on Heartland, Hannaford and 7-Eleven breaches.
Even if the initial SQL injection was in a SSL connection (my assumption is there was no initial reaction due to lack of detection), the rest of the attack should still be easy to detect. What are these companies doing about [...]
There’s a lot of interesting discussions about the value of SIEM solutions. There’s also some discussions about the possibility of doing that with open source, like OSSIM (I personally think it is possible for some organizations – specially those that have the open source culture already).
I like to say that SIEMs are for security what [...]
Sometimes we spend so much time discussion network based IDS that we end up not looking at other interesting places to look for intrusion signs. There is a very nice post on SANS ISC Diary today about an organization that has one of its border routers compromised and detected it through a periodical configuration file [...]
As usual, another very nice post from Mike Rothman, this time about application security. He is mentioning the BSI-MM model, that I mentioned here too in the context of measuring the outcome of security measures.
Mike also mentioned, again, the need to REACT FASTER (have I said how nice his “Pragmatic CSO” stuff is?) and linked [...]
Back in 2007 I noticed (together with Fucs and Victor) that botnet creators had to solve a very important issue to keep controlling the infected computers: how to update the location of the controller?
Until then they were including the controller location inside the bot code, so it was easy to find to identify it and [...]
Rothman pointed to a nice discussion on how to prevent the extrusion (borrowing the term from Bejtlich) of stolen data in cases like Heartland, where credit card data was sent to Russia over clear text connections. Rothman post references a nice post from Richard Mogull on the subject.
Well, I’m an old advocate of analyzing outbound [...]
I have been away from the blog for a while because of a series of reasons, but I couldn’t avoid to comment on this recently published advisory from Microsoft, MS08-067. Just as some worms we witnessed in the past, this one is related to a core Windows service, meaning that almost all boxes are vulnerable. [...]
I was reading a comment from Shimel mentioning that NAC technology is becoming more mature every day, as we can see more 3rd party products integration. He mentions the integration of a IPS system, what promptly made me wonder about another kind of security product: DLP.
Have anybody tried to integrate DLP and/or e-Discovery products with [...]
So we are finally approaching the BH/Defcon weeks, when all the new stuff is presented to the security world and the sky starts to fall once more. I’m not going to Vegas this year (I’d love to), but as I came back to work on vulnerability assessments and penetration testing I noticed the main issue [...]
