The UltraTech Zone

I had a chance to review the 2010 Verizon Data Breach Report today, which I was alerted to by ISC.SANS.ORG.  They’ve put together data from 2004 through 2009, and it is quite interesting. These are from confirmed data breach cases. Here were 3 of the scariest stats in the document: 86% of victims had evidence of the breach in their log ...

I had a chance to review the 2010 Verizon Data Breach Report today, which I was alerted to by ISC.SANS.ORG .  They’ve put together data from 2004 through 2009, and it is quite interesting. These are from confirmed data breach cases. Here were 3 of...(read more)

Yes, you heard me correctly… We still think about personal and corporate security only as an afterthought. Despite all the regulatory and industry compliance that has been created and updated in the past 15 years, as we close out this decade, we are hardly any closer to proactively applying security guidelines in our personal or professional ...

Yes, you heard me correctly… We still think about personal and corporate security only as an afterthought. Despite all the regulatory and industry compliance that has been created and updated in the past 15 years, as we close out this decade, we are hardly...(read more)

I experienced a wide range of emotions as I read this allegedly tech savvy article in the Wall Street Journal, written by someone who is deemed a journalist for reasons which clearly have no basis in reality.  Mostly, I was surprised, because this is not the caliber of information that I expect from a publication such as the Wall Street ...

There are several major challenges to the successful implementation of good information security in many organizations today.  It is not because business owners do not think that security is important.  No, the issues exist because they do not grasp the complexities that embody the Information Security profession, and thus make decisions ...

There are several major challenges to the successful implementation of good information security in many organizations today.  It is not because business owners do not think that security is important.  No, the issues exist because they do not...(read more)

It has long been accepted that Information Security should be implemented in layers: Defense in Depth. The idea being that you should add overlapping protection mechanisms to either stop or slow down an intruder.  To use a simple analogy, if you store valuables in your home, you’re not just going to have a safe to keep them in, but you will ...

It has long been accepted that Information Security should be implemented in layers: Defense in Depth . The idea being that you should add overlapping protection mechanisms to either stop or slow down an intruder.  To use a simple analogy, if you...(read more)

I just finished reading a provocative Computer World article about the PCI compliance process, entitled “Will the Real Enemy of Security Please Stand Up?”, and it highlights a common misconception about the role of auditing and auditors in the compliance process. The article is a follow-up to an interview with the CEO of Heartland Payment Systems ...

I just finished reading a provocative Computer World article about the PCI compliance process, entitled “Will the Real Enemy of Security Please Stand Up?” , and it highlights a common misconception about the role of auditing and auditors in the compliance...(read more)

Well, it’s been a while since we’ve had an active zero-day in Internet Explorer, but according to Microsoft Security Advisory 972890, that’s what we’re looking at:  a vulnerability in DirectX that allows for unauthenticated, remote execution attacks via Internet Explorer.  In other words, drive-by attacks. This vulnerability impacts ...

Well, it’s been a while since we’ve had an active zero-day in Internet Explorer, but according to Microsoft Security Advisory 972890 , that’s what we’re looking at:  a vulnerability in DirectX that allows for unauthenticated, remote execution attacks...(read more)

It’s only the second of April, and already I’m dealing with chaos.   And not the kind I expected, either. We’ve all been waiting for Conflicker to do something this month, but so far, nothing has occurred.  This is not a bad thing, mind you, as long as we realize that we need to be equally vigilant about all subsequent ...

The Conficker worm continues to make headlines, not only because it has been so elusive over the past 5 or so months, but because it is configured to do something special on April 1, 2009.  For a disturbingly large number of individuals and organizations, it could prove to be a not-so-happy day. You can read up on the anticipated April 1 ...