SecurityRatty: securosis.com

Dont Drop That Landline

2008-05-15 17:35:15 by rmogull in securosis.com

Engadget is reporting some stats that households are increasingly dropping their landline phone service for mobiles only. For safety reasons, I highly recommend against this In the latter half of 2007, it was discovered that 16-percent of domiciles didnt even have a landline Mobile phones are great until you need to call 9-1-1 (or anyone else in...

Tags: landline, phone, phone jack, phone lines carry, landline phone service, power, power outage, mobile phones, safety reasons

Shimel Wants To Sell You A Dead Parrot. On An Iceberg. Slathered In GRC

2008-05-15 15:38:28 by rmogull in securosis.com

...security, but he thinks GRC tools offer at least a partial solution to this problem GRC is a needed tool in todays security practitioners tool kit. They are being placed in the position to ensure compliance and they need the ability to do so. They also need help getting the budget approved for the tools they need to do the job. We can rant...

Tags: grc, grc tools offer, tools, grc vendors, security tools, confuse grc, grc trap, compliance, grc tool

Network Security Podcast, Episode 104

2008-05-14 22:18:06 by rmogull in securosis.com

Martin and I were all over the map this week, but still managed to keep things under 30 minutes. We talk about the Dave and Busters hack, data exposure in Chile, and browser virtualization, among other things. The show is up over at netsecpodcast.com

Tags: data exposure, busters hack, browser virtualization, chile, week, minutes, martin, map, talk

New Nessus Licensing: NSP Interview With Ron Gula, CEO Of Tenable

2008-05-14 22:13:29 by rmogull in securosis.com

If you didnt catch the news today, Tenable is changing the Nessus license and enabling the real-time signature/plugin feed for the free version. Martin and I managed to snag Ron Gula for a short interview we posted over at NetSecPodcast.com Overall I think its a very positive license change and it shouldnt hurt you unless you were using the free...

Tags: free version, real-time signatureplugin feed, positive license change, snag ron gula, short interview, commercial purposes, tenable, nessus license, martin

GRC, Average Deal Size, And The Dangers Of Venture Capital

2008-05-14 21:42:37 by rmogull in securosis.com

...information security, working for a vulnerability management vendor whose aim it was to sell appliances into all parts of the enterprise. They believed that vulnerability management was the kind of tool that needed to be embedded into every subnet within the entire organization, and that a huge infrastructure would be built up to manage...

Tags: grc, grc company, market, up-market, average deal, company, grc yesterday, huge market, 10m company

Database Activity Monitoring Is As Big, Or Bigger, Than DLP

2008-05-14 17:12:04 by rmogull in securosis.com

Last night I had this recurring dream I seem to have a few times a year. It involves a plane crash, but not one that Im on. The dream always changes, but in every case Im out and about someplace, I look up and see a struggling plane, it crashes, and I rush over to help. The dream almost always end before I do anything, and since Im no longer a...

Tags: dlp, pure-play dlp market, dam vendors, dam, major dlp, market, market rollup, dlp product, dam specific sales

GRC is Dead

2008-05-13 20:26:58 by rmogull in securosis.com

...information from other sources. A GRC tool provides almost no value at the business unit level, since it doesnt help them get their day to day job done The pretty dashboards and reports might be worth a certain investment, but not the six-figure plus fees most of them run for. No one really needs a GRC tool, since the tools dont really help...

Tags: grc, call grc tools, grc tools, todays grc tools, grc obsession, call grc, grc tool, internal, internal auditors

Webcast of Thursday: Web Application Vulnerabilities

2008-05-12 20:57:52 by rmogull in securosis.com

...Security on Integrating Web Applications into Your Vulnerability Management Program You can register for it over here at WhiteHatWorld.com , and heres the description Along with end-user systems, web applications often present the weakest link to attackers targeting sensitive data. However, while many security professionals conduct endpoint...

Tags: web applications, web application vulnerabilities, join core security, core security, fewer adequately manage, vulnerability management program, miss critical exposures, data breach threats, broader vulnerability assessments

Train Like You Fight

2008-05-12 20:54:11 by rmogull in securosis.com

Ah, Monday. And not just the usual Monday, but a Monday after a perfect 5 day trip with my wife to Sonoma. A Monday where, right after we get back, the hot water heater in our old house (that we now rent) dies. Sigh. I really dont like this whole real world thing On the plus side we set two records on our wine tour: fewest wineries visited, and...

Tags: real, test real attack, practice, diligent practice, response, defense response skills, train, real world, incident response

Off the Grid

2008-05-07 06:14:36 by rmogull in securosis.com

For the next 5 days my wife and I are heading to Sonoma to celebrate our anniversary. I am, to say the least, one lucky #&^(*&^#* to have her nuff said

Tags: sonoma, wife, nuff, lucky, anniversary, days

Your name:
Your email:
Describe a problem:
AntiSPAM Validation:

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo