Uncategorized

Followup to my last Brian Chess – Fortify Software post.

By |2020-03-31T10:44:46-04:00January 4th, 2009|

Recently I published a post about Fortify Software's Brian Chess because of some outlandish claims that he made in an article about penetration testing being "Dead by 2009". The off-line and 0n-line comments that resulted from that post were mostly in favor of what I'd written [...]

Comments Off on Followup to my last Brian Chess – Fortify Software post.

ROI of good security.

By |2020-03-31T10:44:57-04:00January 2nd, 2009|

The cost of good security is a fraction of the cost of damages that usually result from a single successful compromise. When you choose the inexpensive security vendor, you are getting what you pay for. If you are looking for a check in the box instead [...]

Comments Off on ROI of good security.

Insecure *Security* Technologies

By |2020-03-31T10:50:23-04:00December 23rd, 2008|

There is not a single piece of software that exists today that is free from flaws and many of those flaws are security risks. Every time a new security technology is added to an Infrastructure, a host of flaws are also introduced.  The majority of these [...]

Comments Off on Insecure *Security* Technologies

Raising Infrastructural Awareness in 2008

By |2020-03-31T10:50:35-04:00December 19th, 2008|

Before 2008 nobody had done any high visibility vulnerability research and exploit development against critical systems used to maintain our critical infrastructure.  In early to mid 2008 that all changed.  Initially Core Security released a security vulnerability for Citect SCADA. That security vulnerability got media attention [...]

Comments Off on Raising Infrastructural Awareness in 2008

Utility Companies and Food for Thought

By |2020-03-31T10:50:49-04:00December 18th, 2008|

Something that I keep on hearing from engineers (power, water, etc) on the SCADASEC mailing list is that they are more concerned about human error causing an outage than an attack over the internet. Most of the incidents that I hear about are operator error and [...]

Comments Off on Utility Companies and Food for Thought

Fradulent Security Experts

By |2020-03-31T10:51:10-04:00December 17th, 2008|

So I've been participating in the penetration testing mailing list that is hosted by securityfocus and I can't say that I am impressed. In fact, I might even go so far as to say that I am concerned about the caliber of the people that are [...]

Conference with Green Hills Software

By |2020-03-31T10:51:19-04:00December 10th, 2008|

I recently gave a speech with Green Hills Software, Inc. in California. The presentation covered the real threat that businesses face as opposed to the theoretical threat that most people seem to worry more about. I also made it a point to uncover some of the [...]

Die Hard 3 – Our Infrastructural Systems

By |2020-03-31T10:51:28-04:00October 13th, 2008|

Society has one very critical technological underpinning that goes un-noticed by most people, but not hackers. If you’ve ever seen the most recent die hard movie then you’ll have an idea of what I am talking about. That is, the world’s critical infrastructures are vulnerable to [...]

Comments Off on Die Hard 3 – Our Infrastructural Systems

CitectSCADA Exploit Release

By |2020-03-31T10:51:38-04:00September 10th, 2008|

SNOsoft/Netragard's Kevin Finisterre recently released an Exploit, not Attack Code, to demonstrate that a critical vulnerability does exist in Citect's CitectSCADA product. This code was released so that users of the product could accurately determine their own level of risk and exposure as well as determine [...]

Comments Off on CitectSCADA Exploit Release

Hackers?

By |2020-03-31T10:51:46-04:00September 3rd, 2008|

Hackers: Amaturs, non profit. Netragard, LLC. -- The Specialist in Anti Hacking.

Comments Off on Hackers?