Uncategorized

The Truth About PCI Compliance. What They Don’t Want You To Know

By |2020-03-31T10:26:23-04:00January 20th, 2014|

All of the recent news about Target, Neiman Marcus, and other businesses being hacked might be a surprise to many but it’s no surprise to us. Truth is that practice of security has devolved into a political image focused designed satisfy technically inept regulatory requirements that [...]

Comments Off on The Truth About PCI Compliance. What They Don’t Want You To Know

Aircell GoGo Inflight Internet – Hackers on a plane

By |2020-03-31T10:39:11-04:00May 6th, 2009|

GoGo Inflight Internet is a Wi-Fi service provided by AirCell and offered to an increasing number of airline passengers. This service enables users to connect to the Internet while in transit for business or pleasure. While the service is a great idea, its implementation is flawed [...]

Comments Off on Aircell GoGo Inflight Internet – Hackers on a plane

Conficker (and friends) v.s. Quality Penetration Testing

By |2020-03-31T10:39:24-04:00April 3rd, 2009|

Its funny to me that people haven't commented on the fact that the ability of a worm to spread is proof positive of just how insecure today's networks are. (Yet, even with this lack of security others are talking about this kick-ass idea of "Cloud Computing"). [...]

Comments Off on Conficker (and friends) v.s. Quality Penetration Testing

Cambium Group, LLC. CAMAS Advisory

By |2020-03-31T10:39:42-04:00February 24th, 2009|

We've finally released the Cambium Group, LLC Content Management System ("CAMAS") advisory after much waiting and debate. These security risks were discovered in CAMAS during a customer penetration test that we did in August of 2007 (we notified the Cambium Group about these risks on 08/24/2007). [...]

Comments Off on Cambium Group, LLC. CAMAS Advisory

Facebook from the hackers perspective.

By |2020-03-31T10:43:38-04:00February 12th, 2009|

For the past few years we've (Netragard) been using internet based Social Networking tools to hack into our customer's IT Infrastructures. This method of attack has been used by hackers since the conception of Social Networking Websites, but only recently has it caught the attention of [...]

Comments Off on Facebook from the hackers perspective.

They will protect my data (won’t they?)

By |2020-03-31T10:43:46-04:00February 9th, 2009|

So the other day I was talking with my buddy Kevin Finisterre.  One of the things that we were discussing was people who just don't feel that security is an important aspect of their business because their customers don't ask for it.  That always makes my [...]

Comments Off on They will protect my data (won’t they?)

A Quality Penetration Test

By |2020-03-31T10:43:54-04:00January 20th, 2009|

Someone on the pen-testing mailing list asked me to write an entry about the difference between vulnerability scanning (and services that rely on it) and Real Time Dynamic Testingâ„¢. This entry is a sanitized description of a real Advanced External Penetration Test that our team delivered [...]

Comments Off on A Quality Penetration Test

Network Vulnerability Scanning Doesn’t Protect You

By |2020-03-31T10:44:17-04:00January 7th, 2009|

Vulnerability scanning can have a detrimental negative impact on the security posture of your IT infrastructure if used improperly. This negative impact is due to a perceptional issue that has been driven by the vendors who sell vulnerability scanning services or the vulnerability scanners themselves. The [...]

Comments Off on Network Vulnerability Scanning Doesn’t Protect You

Finding The Quality Security Vendor (Penetration Testing, Vulnerability Assessments, Web Application Security, etc)

By |2020-03-31T10:44:29-04:00January 5th, 2009|

While I've written several detailed white-papers on the subject of identifying quality security vendors, I still feel compelled to write more about the subject. It is my opinion that choosing the right security vendor is critical to the health and safety of a business.  Choosing the wrong [...]

Comments Off on Finding The Quality Security Vendor (Penetration Testing, Vulnerability Assessments, Web Application Security, etc)