Sometimes I really can’t believe what you can pull off in large corporate or government organisations over here. Supplier doors that are wide open and give you direct access to the building (via the restaurant); patch cabinets that are open while nobody is in sight; trust-based employee systems; sticky-notes with corporate (login) information; unattended laptops, […]
Many years ago it used to be that most website hacking attempts were launched by sophisticated cybercriminals, or at the very least highly talented amateurs using complex methods and tools. While this meant such attacks could be more difficult to prevent – they were usually limited in number, and aimed towards larger corporations with very large […]
Incident response is the art (and science) of responding to computer security-related breaches. Interestingly, most organizations I deal with don’t have a documented incident response plan. The last thing you want to do during and after a security breach is figure out the best approach for handling the situation. It is an often overlooked component […]
The US National Vulnerability Database has been hacked and infected with malware on the 8th of March 2013. Until today, the same place from where both black hats and white hats get information about existing software vulnerabilities, is still offline (15th of May 2013). So far no official report was released that mentions how the hackers […]
It’s always great to start the New Year with a fresh set of to-do items that you’re finally going to get around to doing. The problem, however, is that when we set “resolutions”, the resolve to get things done is usually gone by February or March. We end up going down the predictable path and setting ourselves up […]
On one end of the application security and IT audit spectrum we have people that overlook the obvious and critical stuff. But just as dangerously, on the other end of the spectrum we have people who want us to find every single flaw on every single page of every single website or application. This can be […]
What is Cross site Scripting?Hackers are constantly experimenting with a wide repertoire of hacking techniques to compromise websites and web applications and make off with a treasure trove of sensitive data including credit card numbers, social security numbers and even medical records. Cross Site Scripting (also known as XSS or CSS) is generally believed to […]
