Is everybody scared? Or is it something else?

After a wonderful talk to some high-end tech guys from a large company, I suddenly realized it. Application Maintainers; programmers and to some extend system administrators are most of all scared by the thought of security and breaches of them. The hacker mindset is one that is special; and potentially dangerous for companies to hire. […]

Social Engineering Mindfuck: 7 ways to protect yourself

Sometimes I really can’t believe what you can pull off in large corporate or government organisations over here. Supplier doors that are wide open and give you direct access to the building (via the restaurant); patch cabinets that are open while nobody is in sight; trust-based employee systems; sticky-notes with corporate (login) information; unattended laptops, […]

Are you complying to your policies?

Don’t you hate it when you’re chugging along, minding your own business, doing what you believe to be the right things in business then whammo, an oversight catches you off guard? Take, for instance, a compliance violation that comes up during a routine audit. The auditor discovers the gap, your team is called on it, and […]

“I am not going to get hacked”

Many years ago it used to be that most website hacking attempts were launched by sophisticated cybercriminals, or at the very least highly talented amateurs using complex methods and tools. While this meant such attacks could be more difficult to prevent – they were usually limited in number, and aimed towards larger corporations with very large […]

Plan your Hacking Strategy

Incident response is the art (and science) of responding to computer security-related breaches. Interestingly, most organizations I deal with don’t have a documented incident response plan. The last thing you want to do during and after a security breach is figure out the best approach for handling the situation.  It is an often overlooked component […]

Can you believe it’s time again for New Year Resolutions?

It’s always great to start the New Year with a fresh set of to-do items that you’re finally going to get around to doing. The problem, however, is that when we set “resolutions”, the resolve to get things done is usually gone by February or March. We end up going down the predictable path and setting ourselves up […]

Is your site vulnerable to Cross Site Scripting?

What is Cross site Scripting?Hackers are constantly experimenting with a wide repertoire of hacking techniques to compromise websites and web applications and make off with a treasure trove of sensitive data including credit card numbers, social security numbers and even medical records. Cross Site Scripting (also known as XSS or CSS) is generally believed to […]

How to check for Google hacking vulnerabilities

What is Google hacking? Google hacking is the term used when a hacker tries to find exploitable targets and sensitive data by using search engines. The Google Hacking Database (GHDB) is a database of queries that identify sensitive data. Although Google blocks some of the better known Google hacking queries, nothing stops a hacker from […]