Cybercrime on the Rise
Saw an interesting article right in the Chicago Tribune’s Sunday Magazine section about information security – Cybercrime is on the rise. I love that cyber security is not only making the news, but it’s right in front of you when you’re settling in with your coffee and Sunday newspaper (more…)
Who is safeguarding your customers’ sensitive data?
Who is safeguarding your customers’ sensitive data? I’ve been reading with wonder, as I’m sure many of you have, about the seemingly endless parade of breaches for companies small & large. Increasingly, it isn’t the company reporting the breach that is the cause of the issue; rather it (more…)
Why We Need Ethical Hacking
There is often confusion with the difference between “vulnerability scanning” and “penetration testing“, the latter being synonymous with “ethical hacking”. This article/podcast, from the president of the EC Council, the accreditation body for the Certified Ethical Hacker designation, includes a nice explanation of this very important kind of security testing. (more…)
Scanning for Weak MS-SQL Passwords Using NMap and Medusa
Before proceeding, please note that there are many tools and methods that have the ability to scan for weak or blank MS-SQL passwords. SQLPing comes to mind which is a great tool if you’re on a Windows host. Metasploit has the ability to scan for MS-SQL passwords as well but it isn’t ideal for targeted lists (more…)
Vulnerability Scan vs. Penetration Test
If you’re doing your quarterly vulnerability scans you may be wondering if that is the same as a penetration test or if you really need to do both. (more…)
Fun with Social Engineering
I recently wrote about Security Awareness Training, and mentioned that a well-trained staff and general employee population can be a good deterrent against Social Engineering practitioners. Social Engineering is a service offering of Halock Security Labs, and it’s probably one of (more…)
PCI DSS 11.2 and 11.3
A quick note about PCI DSS compliance and scanning vs. penetration testing and PCI DSS 11.2 and 11.3. Often (too often) when I’m talking with organizations about their PCI compliance, they respond that they’re already compliant and they already have someone doing their quarterly scanning for them. That’s great, I say! Then I ask about their (more…)
