It’s been talked about in the past about how important it is to become PCI DSS compliant. For some industries it’s an absolute must. Without it, they can’t conduct business. We’ve covered some of the latest updates to PCI as well. One of the most overlooked aspects of becoming PCI DSS compliant though is actually maintaining compliance. Instead, most simply rush out to meet the requirements in order to meet the auditor deadline. Instead, we should be looking at what needs to be done on a continual basis. It’s the down time after the audit where most data breaches occur. The following list, which was put together by Dr. Anton Chuvakin, will outline the areas that require some form of[…]
Author: Tim Donaworth
Another iPhone killer is here. DROID. Whether you’re a fan of either product, or you’re still thumbing away on your Blackberry or WinMo device, there’s one thing to be said. There are plenty of apps now. A couple years ago it was a pretty daunting task to get any sort of application on your device that wasn’t already on your carrier’s supported list. WinMo users have been the only real open crowd here as every version of Windows Mobile has supported most of the older apps since the Windows CE days. But with the rise of more and more applications comes the rise of the risks associated with these applications.
Today is the day. Whether you pre-ordered Windows 7, received a free upgrade voucher, or are purchasing it from your local retailer, one thing is for sure. It’s been a long wait. If you haven’t had the chance to play with the beta, RC, or RTM versions of Windows 7, then you’ve truly been missing out (assuming you’re a Windows user to begin with). It truly is a great step up, regardless of all the negative hype Vista had, Win7 holds its own on quality.
One of the most expanded targets lately in vulnerability research is Adobe’s Flash. It has become a common everyday occurrence on the web; everything from banners, to games, to file uploads. It’s almost hard to find a mainstream site that doesn’t have some sort of flash application running somewhere within the domain. As a result it has become a target for many attacks. But one thing that hasn’t increased is the amount of time and checking that goes into the flash applications to ensure they are secure.
GFI LanGuard 9 is a network / PC auditing tool. The tool does a pretty decent job of detecting machines on the network, devices, appliances, and other misc. items. It can also do a fairly deep scan of each local machine for installed software, installed patches, missing patches, open ports, and detecting vulnerabilities that are present. The “Quick Scan” option is fairly quick taking no longer than a minute or two for each machine, and the “Full Scan” no longer than 5-6 minutes per machine.
If you followed or attended the recent Blackhat conference you may have heard a talk given by Peter Kleissner regarding his recent work on “Stoned Bootkit.” A bootkit is a boot virus that is able to hook and patch Windows to get loaded into the Windows kernel and thus getting unrestricted access to the entire computer. It is even able to bypass full volume encryption because the master boot record (where Stoned is stored) is not encrypted. The master boot record contains the decryption software which asks for a password and decrypts the drive. This is the weak point, the master boot record, which will be used to pwn your whole system. No one’s secure! Peter even demonstrates getting past[…]