Tag Archives: insider

Data Center Failure: Conclusion

conclusion: sad faces

In previous posts, I described how I gained access to the data center area and then the data center proper.

I had bypassed door #1 and door #2.

My new colleagues were not happy.

Continue reading

Leave a comment

Filed under Case Files, Security, Security Scout

Out-of-Office Reply Tells All

I checked my personal email account and found I had 3 out-of-office replies from people who obviously belonged to the same organization. However, I had never emailed any of them.

At first I thought they were some kind of a malware emails, but they were text only and contained no links. So I just left them in my email box and wondered about them every time I saw them. Then I figured it out.

Continue reading

4 Comments

Filed under Blogging, Security, Security Scout

Pathethic Password Help Pages

I found some really pathetic password help pages on a company’s intranet while I was there visiting.

This is a large company that most people would recognize, and it is subject to plenty of government regulations. Overall, I’ve heard the security is pretty tight, but since I’ve never worked there, I can’t speak from experience. Except, that is, the experience I mentioned in an earlier post, Randomly Generate Weak Passwords. Perhaps all their security is what Bruce Schneier likes to call “security theater.”

Continue reading

2 Comments

Filed under Audit, Humor/Irony, Security, Security Scout

5 Security Steps for Non-Big Businesses

Lenny Zeltser suggest 5 steps that mid-market organizations can take down the security path:

  1. Identify key data flows
  2. Understand user interactions
  3. Examine the network perimeter
  4. Assess the servers and workstations
  5. Look at the applications

Continue reading

Leave a comment

Filed under Security