It’s data breach report day today. Or, so it seems. My brain just ‘sploded on overload from all the fresh tasty stats received. There’s not enough time today to go through everything with a fine-toothed comb. Suffice to say: Data breaches are continuing to happen in growing numbers. Basic security practices still aren’t happening. As painful as it is to admit, it appears that regulations like PCI DSS are having a positive impact. Our codebase still leaves much to be desired, though there is reason to be a bit optimistic. That said, here’s the goods: Verizon Business 2011 Data Breach Investigation Report Veracode 2011 “State of Software Security” Report Ponemon 2011 PCI DSS Compliance Trends Study Incidentally, if you take[…]

I had the good fortune to attend ShmooCon 2011 last weekend. A new tradition at ShmooCon is evening “firetalks” on Friday and Saturday. Basically, after the conference has ended for the day, a bunch of folks decide to put off parties for a few more hours in order to do a bunch of 15-minute “get right to the point” talks. This year had a good selection of topics and speakers, with one that jumped out to me as a perfect topic for this week’s “Technology & Tool Thursday” post. Armitage was written by Raphael Mudge (not to be confused with Peiter “Mudge” Zatko). It’s a GUI interface for using Metasploit to pwn your targets. Metasploit is a tremendous framework for[…]