The UltraTech Zone

Integrating Life, Technology and Business with Andrew S. Baker...
Welcome to The UltraTech Zone Sign in | Join | Help
in
Home My Blog Forums Photos Resume Reading List External News Knowledgebase Consulting Mailing Lists Other Links

Browse by Tags

All Tags » Vulnerabilities » Security   (RSS)
  • To Disclose or not to Disclose

    …that is the question. Every time a software vendor experiences a vulnerability or releases patches for a serious security issue, the debate about Full Disclosure or Responsible Disclosure gains a little more steam. Just how much information should a vendor disclose about the nature of the vulnerability that it has identified, and how that ...
    Posted to Talking Out Loud with ASB (Weblog) by Logik! on June 9, 2011
  • Just ask Sony…

    Why should you take your organization’s information security posture seriously? Just ask Sony.  It has been estimated that Sony will spend more than $170 million dollars due to the recent breaches they have suffered.  Personally, I think that the $170M figure is too conservative.  I expect it to get much closer to $300M than ...
    Posted to Talking Out Loud with ASB (Weblog) by Logik! on May 31, 2011
  • Reactive Security: Feel the pain in 2011+

    We are only one third of the way into 2011, but we have had some of the largest information security breaches of the decade – and the trend does not appear to be slowing down. Here are just a few of the biggest reports for the year: http://www.eweek.com/c/a/Security/RSA-SecurID-Breach-Shows-Why-Everybody-Must-Stay-Vigilant-595858/ ...
    Posted to Talking Out Loud with ASB (Weblog) by Logik! on April 29, 2011
  • Maintaining Good Security Practices

    Security is not just a state of being. We are often called to provide an assessment about our present security posture, and usually, the person asking the question is doing so within a very narrow context – one that the may or may not have shared with you. Answering such a question is difficult at best. Imagine walking up to your doctor and ...
    Posted to Talking Out Loud with ASB (Weblog) by Logik! on March 31, 2011
  • Searching for Return on Security Investments

    There are several major challenges to the successful implementation of good information security in many organizations today.  It is not because business owners do not think that security is important.  No, the issues exist because they do not grasp the complexities that embody the Information Security profession, and thus make decisions ...
    Posted to Talking Out Loud with ASB (Weblog) by Logik! on October 30, 2009
  • Another Zero-Day Vulnerability for IE

    Well, it’s been a while since we’ve had an active zero-day in Internet Explorer, but according to Microsoft Security Advisory 972890, that’s what we’re looking at:  a vulnerability in DirectX that allows for unauthenticated, remote execution attacks via Internet Explorer.  In other words, drive-by attacks. This vulnerability impacts ...
    Posted to Talking Out Loud with ASB (Weblog) by Logik! on July 7, 2009
  • We’re Back In The Worm Zone

    The Conficker worm continues to make headlines, not only because it has been so elusive over the past 5 or so months, but because it is configured to do something special on April 1, 2009.  For a disturbingly large number of individuals and organizations, it could prove to be a not-so-happy day. You can read up on the anticipated April 1 ...
    Posted to Talking Out Loud with ASB (Weblog) by Logik! on March 30, 2009
  • Yes, Security Is Still Important in 2009

    Quite frankly, it’s even more important than it has been in the past.   This morning, I was reading some articles on information security, including news about the Conficker worm.  You know, we haven’t had a really good worm in 3 or 4 years, so it seems that people have forgotten about how dangerous those things can be, and how ...
    Posted to Talking Out Loud with ASB (Weblog) by Logik! on February 13, 2009
  • Managing Information Security in 2009

    Since the middle of 2008, we have seen an increase in the types and complexity of information security attacks that organizations have been facing. The widespread worms of 2004 and 2005 gave way to the targeted attacks of 2006 and early 2007.  Things quieted down in the latter portion of 2007, as the security industry was able to clamp down ...
    Posted to Talking Out Loud with ASB (Weblog) by Logik! on January 2, 2009
  • Needless Vendor Bashing -- by Vendors

    In today's story of immense irony, we find a vendor taking time to bash another vendor for a security flaw, only to have diligent 3rd parties point out that the flaw exists for the bashing vendor as well. What a waste of time.  If folks would focus more on the issues they need to address, and less on showmanship and one-up-manship, they ...
    Posted to Talking Out Loud with ASB (Weblog) by Logik! on July 24, 2007
  • Revenge of the Worms?

    It's been a while since we've had a massive worm outbreak, but the potential for such an occurrence has increased significantly over the weekend with word that a wormable exploit has been made available for the recent animated cursor vulnerability in Windows. Microsoft has issued several status updates over the past few days via the Microsoft ...
    Posted to Talking Out Loud with ASB (Weblog) by Logik! on April 2, 2007
  • One More Reason to Turn JavaScript off in Browsers

    As if we needed another reason... A security researcher has found a way hackers can make PCs of unsuspecting Web surfers do their dirty work, without having to actually commandeer the systems. That's possible with a new security tool called Jikto. The tool is written in JavaScript and can make PCs of unknowing Web surfers hunt for flaws in Web ...
    Posted to Talking Out Loud with ASB (Weblog) by Logik! on March 23, 2007
  • Zero-Day Tracker from eEye Digital Security

    The folks at eEye Digital Security have put together a website that tracks various zero-day vulnerabilities, and offers analysis and remediation recommendations.  The site is called Zero-Day Tracker, and can be found at the following URL: http://research.eeye.com/html/alerts/zeroday/index.html Welcome to eEye Research Team's Zero-Day ...
    Posted to Talking Out Loud with ASB (Weblog) by Logik! on December 5, 2006
  • Security: Product vs People and Process

    One of the hardest concepts to emphasize concerning Information Security is that people and processes are more critical to your overall security posture than products are.   That is not to say that products are unimportant. Certainly, any deficiency in one of the three P's will necessitate compensation from the other two P's.  But ...
    Posted to Talking Out Loud with ASB (Weblog) by Logik! on October 20, 2006
  • Oracle's Patch Updates

    October 2006 is going to be a major month for Oracle.  First, the database and middleware powerhouse has made some significant changes to its patch management process. Secondly, it released its quarterly set of database and application patches on October 17th.  The full list of patches is available on Oracle's website, but interestingly ...
    Posted to Talking Out Loud with ASB (Weblog) by Logik! on October 18, 2006
Powered by Community Server (Personal Edition), by Telligent Systems