One company I worked at had a sad data center failure, and I’m not talking a power outage or a fire or theft.
When I arrived at this company, it had no security department. Few security processes. Little security.
And the company also made two interesting mistakes when it hired me.
Filed under Audit, Case Files, Security, Security Scout
The Taddong Security Blog has a great list of vulnerable web applications you can play with to learn and test your web hacking knowledge and pen-testing tools, handcuffs not included. In other words, you can enter and stay at the playground without going to jail.
Some of them you download and install on your own systems, some of them you run as virtual machines (VMs) or ISOs on your systems, and others are available on the web for your malfeasance pleasure.
A lot of company data is lying around unprotected, making it very easy to steal. No, I’m not talking about picking up other people’s documents at the printer. Stealing printouts isn’t hard, but it can be risky, especially if the printer is a busy one. Besides, it has 2 other problems:
There’s a much better way that is fast, easy, simple, raises no suspicion, and is basically impossible to detect, if you do it correctly. Can you think of what it is?
I was visiting a friend at large, public company doing some benchmarking when we had to schedule several meetings with IT to gather data. My friend “Meako” starting entering attendees into his online calendar to see whether we could get some important meetings scheduled during the next week.
Filed under Audit, How to..., Security, Security Scout
Most auditors and security analysts have never performed a wastebasket audit. Why do a trashcan audit?
I was checking out the latest post of my new blogger colleague from London, Audit Monkey, and read the following….
I’m sitting here in reflective mood thinking what the ‘Top 10′ worst possible jobs could be. Here’s my list.
Filed under Audit, Humor/Irony, Top 10
If you probe networks, systems, and applications, you need a GOOJ card to protect yourself and your job.
In How to Stay Out of Jail, I recommended that anyone who scans, probes, or pokes networks, systems, or devices should always carry a get-out-of-jail (GOOJ) card. I also provided some reasons why such a card is critical.
Filed under Audit, How to..., Security, Technology
If you work in information security or IT audit (and I don’t mean IT SOX audit), I’d advise you to carry a “get-out-of-jail” (GOOJ) card at all times. In short, get permission before you do your dirty work.
When I joined LinkedIn, it was because it was BUSINESS-like and so un-Facebook. As much as I like LinkedIn, it is becoming too much like Twitter and Facebook. Or perhaps it is more accurate to say that LinkedIn features are being used in the same casual manner.
Filed under Security
ITauditSecurity 