Welcome to The UltraTech Zone Sign in | Join | Help

Talking Out Loud with ASB

Views on Life, Technology and Everything, by ASB (aka Logik!)...

My Profile

Andrew S. Baker (ASB)

News

  • Platform: CS v2.1 SP2...

    Get a FREE phishing filter for your domain!

    Who links to my website?

    Pando Pro

Browse by Tags

All Tags » Vulnerabilities   (RSS)

To Disclose or not to Disclose
…that is the question. Every time a software vendor experiences a vulnerability or releases patches for a serious security issue, the debate about Full Disclosure or Responsible Disclosure gains a little more steam. Just how much information should a Read More...
Just ask Sony…
Why should you take your organization’s information security posture seriously? Just ask Sony.  It has been estimated that Sony will spend more than $170 million dollars due to the recent breaches they have suffered.  Personally, I think that Read More...
Reactive Security: Feel the pain in 2011+
We are only one third of the way into 2011, but we have had some of the largest information security breaches of the decade – and the trend does not appear to be slowing down. Here are just a few of the biggest reports for the year: http://www.eweek.com/c/a/Security/RSA-SecurID-Breach-Shows-Why-Everybody-Must-Stay-Vigilant-595858/ Read More...
Maintaining Good Security Practices
Security is not just a state of being. We are often called to provide an assessment about our present security posture, and usually, the person asking the question is doing so within a very narrow context – one that the may or may not have shared with Read More...
It’s Time to Re-evaluate Host-based Security
I’ve said it for a few years now, but host-based antivirus is really not working out anymore.  Not with its reliance on signatures to detect malware. Recently, several prominent antivirus vendors have experienced problems with faulty virus definitions:  Read More...
The InfoSec Perspective for April 2010
It has been a busy month or so for information security.  Apple has patched a vulnerability that was showcased in a recent hacking contest, Microsoft has released a major set of fixes in its most recently Patch Tuesday, and and Oracle (which now Read More...
Searching for Return on Security Investments
There are several major challenges to the successful implementation of good information security in many organizations today.  It is not because business owners do not think that security is important.  No, the issues exist because they do not Read More...
Another Zero-Day Vulnerability for IE
Well, it’s been a while since we’ve had an active zero-day in Internet Explorer, but according to Microsoft Security Advisory 972890 , that’s what we’re looking at:  a vulnerability in DirectX that allows for unauthenticated, remote execution attacks Read More...
We’re Back In The Worm Zone
The Conficker worm continues to make headlines , not only because it has been so elusive over the past 5 or so months, but because it is configured to do something special on April 1, 2009.  For a disturbingly large number of individuals and organizations, Read More...
Yes, Security Is Still Important in 2009
Quite frankly, it’s even more important than it has been in the past.   This morning, I was reading some articles on information security, including news about the Conficker worm .  You know, we haven’t had a really good worm in 3 or 4 Read More...
Managing Information Security in 2009
Since the middle of 2008, we have seen an increase in the types and complexity of information security attacks that organizations have been facing. The widespread worms of 2004 and 2005 gave way to the targeted attacks of 2006 and early 2007.  Things Read More...
Needless Vendor Bashing -- by Vendors
In today's story of immense irony , we find a vendor taking time to bash another vendor for a security flaw, only to have diligent 3rd parties point out that the flaw exists for the bashing vendor as well. What a waste of time. If folks would focus more Read More...
Revenge of the Worms?
It's been a while since we've had a massive worm outbreak, but the potential for such an occurrence has increased significantly over the weekend with word that a wormable exploit has been made available for the recent animated cursor vulnerability in Read More...
One More Reason to Turn JavaScript off in Browsers
As if we needed another reason... A security researcher has found a way hackers can make PCs of unsuspecting Web surfers do their dirty work, without having to actually commandeer the systems . That's possible with a new security tool called Jikto. The Read More...
March Patch Madness
This has been a fun month with all the Daylight Saving Time patching from a myriad of vendors. (I wonder if anyone has done a study to see how much energy we burned preparing to save three more weeks of daylight?) Although Microsoft is the favorite whipping Read More...
More Posts Next page »