You are here: Home / Archives for Blogs

Oh great, now the IRS is making my information available (and YOURS too)

October 17, 2008 By Leave a Comment

IRS deploys applications knowing they have security issues

Oh great, the IRS knew about the issues yet still deployed the applications.  Those in charge and who approved this should be fired, IMNSHO.  

Putting applications on the network with known vulnerabilities is not a wise decision, regardless of the data contained within.  Given the nature of the data contained within the IRS everything should be triple checked and any issues fixed immediately.  The risk is huge given the data.  

If the data to be protected was email, not having encryption over the wire within the data center might be an acceptable risk.  However given the nature of the data we are talking about here, the data should be encrypted 100% of the time.

Filed Under: Blogs Tagged With:

"New" TCP DDoS

October 9, 2008 By Leave a Comment

I like what Fyodor has to say about this http://insecure.org/stf/tcp-dos-attack-explained.html

I like this quote

How do you know this is the same bug Robert and Jack found?

I don’t, since they have refused to release full details. But this sounds like the same fundamental bug. Robert and Jack are smart fellows, so, again, I’m sure that they’ve found ways to extend and improve the attack in certain situations. But the simple approach described above is quite effective on its own. You don’t even need to use more specific and esoteric attacks when the basics are so effective.

Especially the last sentence, not rocket science, but follows the KISS principle.

Filed Under: Blogs Tagged With: , ,

Mappings file sample

October 8, 2008 By Leave a Comment

See mappings example file

Filed Under: Blogs Tagged With: , ,

For the animal lovers out there

October 4, 2008 By Leave a Comment

Looks like this has been around a long time, but I just happened to come across it last night.

Filed Under: Blogs Tagged With:

What companies are paying for loss of customers data

June 12, 2008 By 1 Comment

Attrition Security Rant: Useless Compensation for Data Loss Incidents

I agree 100% with this article.

 I already have, paid for with my own money, a service that watches my credit report from all three agencies, and notifies me with any change.  I read an article by Bruce Schneier a while ago and came away from that thinking that if someone steals my identity I will find out about it and notify the credit reporting bureaus that it is fraudulent information.  I think I could make a strong case of fraud against the agencies/credit card companies, if they continue to publish this fraudulent information with my credit information.  If the credit card company is so sure that it is myself who signed a credit card agreement with them, in my mind, the burden of proof lies with them.  They must prove, beyond a reasonable doubt, that it was in fact myself who signed up for and entered into the agreement with them.  Obviously the credit card company will never be able to do so, as I did not enter into this fraudulent contract.

Filed Under: Blogs Tagged With: ,
Newer Posts »