An Information Security Community
Whether it's good or not that a government is…Continue
I am following many discussions on pentesting, including that one in @pauldotcom EP225. About how customers order pentests for the wrong reason (compliance checkboxing), how the word “pentest” has lost it’s original meaning and the question what we should call it instead, what penetration testing shall concentrate on, how the results shall be presented, about…
I just added Judy Novak to the "IDS hall of fame" of my Intrusion Detection Mindmap.
She definitely deserves a place in anybody's IDS hall of fame. ;-)
The mindmap can be downloaded here.
Just save it as IDS.mm and open it in the mindmapping tool of your choice. I personally prefer Freeplane.
If you have valuable…Continue
Added by d3tm4r on February 17, 2011 at 3:14pm — No Comments
This is what Morpheus said to Neo in the movie "The Matrix". And it's so very true regarding information security.
Intruders don't care about what you're thinking about your network security. They just peek and poke until they find a hole that you would not have thought existed.
Check! Your! Facts! Know your network. If you're not sure - just check, don't speculate!
It's the same for general troubleshooting problems and for information security. I am seeing…Continue
Reputation Based Protection is a good idea to complement classic signature based and heuristic malware detection.
Some antivirus vendors have already added cloud based reputation services to their antivirus products.
How do those services…
Added by d3tm4r on February 13, 2011 at 10:14am — No Comments
The folks of Pauldotcom Security Weekly podcast inspired me to write something about using 0day exploits for pentesting.
The question was, whether or not it's a good idea or fair to use those in a pentest.
My take on this is like "hell yeah!". But there are some more aspects to that topic of course, otherwise I wouldn't have considered writing a blogpost on it.
So first off, let's discuss what the intention of using 0days in pentesting might be. For me…Continue
“Oh, a worm just took down all of our servers. We’ve got a problem!”
“Oh, a virus has infected all of our PCs. Let’s quickly delete it!”
“Oh, chinese hackers have pwns0red several companies. But we are fine because we’ve got IDS, IPS, Antivirus, Anti-Spam, DLP and ‘til now…
Added by d3tm4r on February 12, 2011 at 12:30pm — No Comments