November 30, 2011

The Privacy and Security Implications of Misusing Technology

If you haven’t already heard of Carrier IQ, you need to do some serious web searching, as they are swiftly becoming the new name in technology misuse […]
October 29, 2011

My Workplace Technology Wish List

It is not every day that one gets an opportunity to put together a wish list of technology solutions that could be used to drive a […]
October 15, 2011

Guess What? Technology is not easy

It might seem that way because of how ubiquitous it is, but technology is not really easy.  Lots of time has been spent trying to hide […]
August 21, 2011

Managing a Garden

Since May of this year, we have started a little “Green Grocer” project (as my neighbor likes to call it).  It started out from four (4) seedling […]
July 13, 2011

Where Netflix Went Wrong: Corporate Communications

The good folks at Netflix recently announced a huge price hike for their customers, as they separate their DVD and streaming businesses into distinct product offerings.  If […]
June 29, 2011

Effectively Managing Risk

Despite the significant uptick in information security events on display thus far in 2011, and despite the diversity and caliber of organizations that are being breached, […]
June 9, 2011

To Disclose or not to Disclose

…that is the question. Every time a software vendor experiences a vulnerability or releases patches for a serious security issue, the debate about Full Disclosure or […]
May 31, 2011

Just ask Sony…

Why should you take your organization’s information security posture seriously? Just ask Sony.  It has been estimated that Sony will spend more than $170 million dollars due to […]
May 3, 2011

Managing Technology-based Risks

Risks exist. You would think that this is so obvious as to not need saying, but too many people appear to operate as though downplaying or […]
April 29, 2011

Reactive Security: Feel the pain in 2011+

We are only one third of the way into 2011, but we have had some of the largest information security breaches of the decade – and […]
March 31, 2011

Maintaining Good Security Practices

Security is not just a state of being. We are often called to provide an assessment about our present security posture, and usually, the person asking […]
February 15, 2011

Why Your New Technology Purchase Might Disappoint – Part 2

Last time, I mentioned that inadequate planning is one of the key reasons why your new technology purchase might prove to be disappointing.  This is true […]
October 23, 2006

Growing Malware Sophistication

The level of sophistication of the malware threats we face is continuing to grow at a much faster rate that the methods that most organizations are […]
November 8, 2006

Process Monitor v1.0

Process Monitor v1.0:  http://www.microsoft.com/technet/sysinternals/processesandthreads/processmonitor.mspx Process Monitor is an advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity. It combines the features of […]
November 21, 2006

Virtual Machine Detection in Malware via Commercial Tools

More About Sophisticated Malware http://isc.sans.org/diary.php?storyid=1871 Virtual machine detection is a self-defensive property of many malware specimens. It is aimed at making it harder to examine the […]
November 27, 2006

Backdoor Trojans, Rootkits and SPAM: Notes from the Microsoft Antimalware Team

The Microsoft AntiMalware team has recently published a paper discussing some of the data collected by their monthly AntiMalware tool. A summary of the article is […]
November 28, 2006

More Malware, More SPAM

According to some reports, spyware is getting harder and harder to control.  The sophistication of the malware makers is growing at a much faster pace than […]
December 5, 2006

Zero-Day Tracker from eEye Digital Security

The folks at eEye Digital Security have put together a website that tracks various zero-day vulnerabilities, and offers analysis and remediation recommendations.  The site is called Zero-Day Tracker, and […]
December 12, 2006

SANS sees upsurge in zero-day Web-based attacks

It’s pretty much official now (in case you didn’t believe it before):  We have exited the Worm era, and jumped head first into the era of specialized […]
July 30, 2010

The State of Data Breaches in 2010

I had a chance to review the 2010 Verizon Data Breach Reporttoday, which I was alerted to by ISC.SANS.ORG.  They’ve put together data from 2004 through 2009, and […]
March 31, 2011

Maintaining Good Security Practices

Security is not just a state of being. We are often called to provide an assessment about our present security posture, and usually, the person asking […]
April 29, 2011

Reactive Security: Feel the pain in 2011+

We are only one third of the way into 2011, but we have had some of the largest information security breaches of the decade – and […]
May 3, 2011

Managing Technology-based Risks

Risks exist. You would think that this is so obvious as to not need saying, but too many people appear to operate as though downplaying or […]
May 31, 2011

Just ask Sony…

Why should you take your organization’s information security posture seriously? Just ask Sony.  It has been estimated that Sony will spend more than $170 million dollars due to […]