Quantcast

Archive: May 2013

Interview with Jim Aldridge on Targeted Intrusion Remediation. Part 3

The remediation activities being discussed with Jim Aldridge here include massive password change, software patching, and building security posture overall. – One of the most critical and difficult parts in remediation is universal password change. Do you have short advice to help organizations with...

Interview with Jim Aldridge on Targeted Intrusion Remediation. Part 2

In this subset of questions & answers, Mandiant’s Jim Aldridge sheds more light on the typical targeted attack lifecycle and the key countermeasures to adopt. – A lot of successful targeted intrusions have involved various red herring techniques. For example: some systems are DDoSed and while...

Best Practices of Targeted Intrusion Remediation: Interview with Mandiant’s Jim Aldridge

Jim Aldridge of cyber security firm Mandiant helps organizations investigate and respond to security incidents. His areas of expertise include security incident response, penetration testing, security strategy, as well as secure systems and network design. Jim has significant experience working with the...

InfoSec Blacklist of Charlatans: Part 2 of Our Interview with Jericho from Errata

Following the first part of our interview with Errata’s Jericho, this section encompasses more of his answers regarding nuances of InfoSec blacklisting. – Errata has a section dedicated to suspicious statistics, which various media outlets try to feed us. It’s a sad thing but is there any place for...

InfoSec Blacklist of Charlatans: Interview with Jericho from Errata

As Attrition.org states, Jericho is a security curmudgeon, pimp, helicopter pilot, lighter thief, HTML nazi, cat herder, guinea pig relationship specialist and obsessive compulsive TV game show participant. Jericho has been poking about the hacker/security scene for over 19 years (for real), building...

Life Inside a Skinner Box 6: Implementing an Automated System the Right Way

The scientists are highlighting ways to implement automated law enforcement without having to suffer the consequences of malfunction and possible abuse. Lisa Shay: So, what can we do about this? Obviously there are countermeasures that are available for all different kinds of problems. Greg and I gave a...

Life Inside a Skinner Box 5: The Mixed Blessing of Perfect Law Enforcement

The researchers provide here an insight into whether perfect law enforcement is a good thing, and dwell on related issues from an automation perspective. Woody Hartzog: Some of the big questions, and I think the one that goes to the heart of our talk today, is whether we want perfect enforcement of the law....

Life Inside a Skinner Box 4: Benefits and Downsides of Automation

Greg Conti and Woody Hartzog dwell on the possible advantages and disadvantages for the society given that law enforcement gets increasingly automated. Greg Conti: So, clearly, there’re advantages to this, but there’re certainly disadvantages as well, and it really depends on your perspective: are...

Life Inside a Skinner Box 3: Breakdown of Automated Law Enforcement

Woody Hartzog and Lisa Shay now break down the automated law enforcement process into individual constituents and analyze each one in detail. Woody Hartzog: So, how does the law become involved in all of this? Greg just talked about how the technology is in place. The sensors are there to record our...

Life Inside a Skinner Box 2: Existing Technology and Successful Prototypes

In this part Greg Conti provides unambiguous examples of the already acting technology and initiatives towards automated law enforcement. Greg Conti: As we look to the future, has anyone seen Google’s Project Glass video? Even better, have you seen the parodies where they’re wearing the glasses and get...

Life Inside a Skinner Box: Automated Law Enforcement

This entry is based on the Defcon talk “Life Inside a Skinner Box*: Confronting our Future of Automated Law Enforcement” by researchers Lisa Shay, Greg Conti and Woody Hartzog about downsides of automated surveillance and law enforcement. Lisa Shay: Good afternoon. I’m Lisa Shay, I teach...

A Security Aficionado – Interview with Tom Eston. Part 2

In this part of our interview with Tom Eston we’re discussing today’s down-to-earth and most relevant enterprise security issues from a pen testing perspective. – You say that accounting systems are frequently overlooked by penetration testers. Why? – Accounting systems are overlooked by...

A Security Aficionado – Interview with Tom Eston

Tom Eston has many years of experience in penetration testing and security assessments. Currently Tom is the manager of the highly skilled Profiling and Penetration Team at SecureState. Tom focuses much of his research on new technologies such as social media and mobile applications. He is the founder of...