Hacker Guard

In a revelation you would expect to read in some financial thriller novel, The New York Times reports Bloomberg News acknowledged yesterday their reporters used the company's terminals to monitor when subscribers (315,000 of them) had logged onto the Bloomberg News service terminals and to find out what types of functions, like the news wire, corporate bond trades or an equities index, they had looked at. Bloomberg L.P., founded by Michael Bloomberg in 1982, current Mayor of New York, provides proprietary hardware to over 300,000 financial analysts and government officials worldwide. The terminals are leased for a minimum of $20,000 each annually. Bloomberg L.P. also provides financial information services realtime to these terminals. In addition, the company publishes Bloomberg

Disclaimer: I am not a fan of InfoWorld Security because of their lack of respect for subscriber privacy. So I just couldn't resist commenting on an extremely misleading headline column posted by Roger Grimes yesterday, "Too Many Admins Spoil Your Security". Not faulting Mr. Grimes. His article stresses the basic and inexcusable error in giving all users administrative privileges to every application within an organization. But a casual glance at the headline, which is all most security professionals would give to this article, leaves the impression that System Administrators screw up security, and that the root cause of our security woes is that we have hired too many system admins. Nothing could be further from the truth in most organization, especially small and medium size businesses which

Here is the list of six articles we would like you to review prior to next week's SANS Hacker Guard Training, live in New York, Live in Columbus, OH, and live online: The articles can be found in these HackerGuard posts: 1.Found, Someone Doing Smart Security Work, 2.Why Do so many University Healthcare Systems have breaches, 3.Tarala challenges security pros to pen test their own

Excellent article today found in CSO Online, written by Geordie Stewart, who I find myself agreeing with more than most authors. As I commented in a thank you note to Stewart, the key message of his article, found deep within page 2, is "However, until we acknowledge that a better understanding of user behavior is needed, and that it's not efficient to use awareness to cover up poor security design, then it's the users who will suffer." The author points out that security professionals leading the claim that security awareness training is a waste of time do so in order to defend what they see as their "turf" at best. Really, they refuse to bring in security awareness training in order to cover up poor/no security architecture. These people fail to

On October 16, 2012, announced a new SANS initiative, the University Consortium. Goal of this initiative is to educate university info sec professionals to defend their environments against attackers. Seed of this concept came from aNY Times article documenting 53 universities breached by an organization called Ghostshell. On April 29 - 30, SANS Sr. Instructor John Strand will train 75+ people from 7 different universities on