I know some sites trust their servers and let the servers talk to anywhere on the Internet or internally. Just had a thought, instead all servers should be blocked for all traffic except for business needed traffic. What about updates? The servers need to go fetch updates. (In those cases where the patches/updates are not [...]
In this article Whitfield Diffie talks talks about secure cloud computing. I take comfort in knowing that he and I used to work for the same company, Sun Microsystems. There are some really smart people at Sun. The article is small and I recommend reading it. I specifically quote part of the article below as [...]
IRS deploys applications knowing they have security issues Oh great, the IRS knew about the issues yet still deployed the applications. Those in charge and who approved this should be fired, IMNSHO. Putting applications on the network with known vulnerabilities is not a wise decision, regardless of the data contained within. Given the nature of the [...]
I like what Fyodor has to say about this http://insecure.org/stf/tcp-dos-attack-explained.html I like this quote How do you know this is the same bug Robert and Jack found? I don’t, since they have refused to release full details. But this sounds like the same fundamental bug. Robert and Jack are smart fellows, so, again, I’m sure that [...]
Attrition Security Rant: Useless Compensation for Data Loss Incidents I agree 100% with this article. I already have, paid for with my own money, a service that watches my credit report from all three agencies, and notifies me with any change. I read an article by Bruce Schneier a while ago and came away from that [...]
Recent Comments