Skip to content

Month: September 2014

Published on Leave a comment on Independent review of your IT Security

What is the reason one hires an independent CPA to check your financial books?

fixvirus-logo-small

Unfortunately even where employees are trustworthy and capable, it makes sense to periodically review their work.

Even the PCI Security Standards Council has the following as "Testing Procedures"

6.1.b Interview responsible personnel and observe processes to verify that:
 New security vulnerabilities are identified.
 A risk ranking is assigned to vulnerabilities that includes identification of all “high” risk and “critical” vulnerabilities.
 Processes to identify new security vulnerabilities include using reputable outside sources for security vulnerability information.

Are you really performing this function with internal personnel? Can you ensure that it is done with accuracy and efficiency over the long term?

For an independent review to occur by definition it must be "Independent"

That is why we have developed a basic Alpha Security scan  to give information to the IT department and management so they can run more efficiently and with higher security.

Published on Leave a comment on We should be reviewing our IT departments


 IT departments  have too much to do

Session_Hijacking__from_owasp.org

They have to keep up with new technologies, all of the new security potential vulnerabilities are frequently too difficult to keep up with unless that is your full-time job is security. Also the concept of attacking one's network with multiple "pairs of eyes" is also a good thing.

Most IT departments get burned out and after some time just "soldier on" with the environment as it is.  "Damn the torpedoes - full speed ahead" .

One thing I have learned is that the attackers are already here - they have infiltrated your network, and are attacking non-stop looking for your weaknesses. what you need is to make sure that the IT department is doing what it says it does.

 

The only question is how bad is it?

Contact me to give you a direct report for Alpha, Sigma and Omega scans

Published on Leave a comment on Tabnapping – new style of attack

I normally do not make so many cross links from my sites, but If you are now seeing this for first time,

Please be aware of this new style of attack.

I explain it a bit on my blogsite www.oversitesentry.com

azaraskin

this is what you see first, then within a hacker's page it switches to a gmail login (which is on a hacker's page designed to steal your gmail identity.

Published on Leave a comment on Kickstarter project ” Computer Security Simplified”

My Kickstarter Project Link

The Ebook will be available within 2 weeks from now

Contact me if you are interested in the E-book

If interested in this book contact me, as I am still working on it (updated in October 2014) but it is no longer on Kickstarter.

Published on Leave a comment on On radio Wed 11am – 11:30am KXEN 9/2014

In the on air interview I discussed a kickstarter project on a book, but that did not go anywhere in time (as Stan Fine thought so) anyway kickstarters on books do not seem to work unless already written.

The KXEN station:

KXEN Radio is located in St. Louis Missouri and ranks 30th out of 200 local radio stations, 
and transmits over 50,000 Watts that reaches 100 miles in all directions.

The radio show ended and the mp3 file of the show is here 

The businessinandout radio program is no longer on the air.

 

After this radio show Dr. Stan Fine left the radio program and is now retired (he has some health problems). He might have had 1 or 2 more shows before retiring in 2014 winter.

This post was updated - 6/30/2016

Published on Leave a comment on Penetration testing to test attack your site

We perform the Alpha scan to perform the initial scans, and then use the information to perform penetration testing (or pentesting) with the Sigma scan to attack the site as a hacker would do.

serverinfrastructure

If there are custom needs for your networked equipment, then it is necessary to do the Omega scan which requires other types of attacks.

Attacks consist of SQL injection(SQLi) tools

also Cross Site scripting (XSS) tools,

 

A very good understanding of 65,536 ports in udp or tcp is necessary as well.

 

Published on Leave a comment on New WordPress 4.0 ready to be upgraded

It is important to patch your software, I know it is tedious, and sometimes (for Windows) it requires a reboot.

for WordPress one may need to get out of the current tasks and perform the updates tab.

It is important to keep up with updates as security issues arise all the time, and the less of a vulnerable profile one has the better. The harder the life of a hacker is the more you can continue your life without interruption due to security issues.

 

As far as functionality 4.0 has embedded video and Twitter and more. you can review the function:

https://wordpress.org/news/2014/09/benny/

this site is now on WordPress 4.0 (as well as Oversitesentry

Published on Leave a comment on iCloud account hacks could have been averted

There are many news reports of Celebrities getting their accounts hacked and then pictures were taken in their archives of a compromising nature.

It is evident that everyone needs to have Two Factor Authentication (2FA), where it does not take just a password to enter the account. On a new computer the first time access must be granted with a password and an additional device, like a code to a cellphone.

Here is Apple's tech support information for iCloud 2FA:

http://support.apple.com/kb/ht5570

Enter your Apple Id, receive a verification code, enter your code to verify your identity and finish singing in

Simple, once you know of it.

 

Of course also having a password that is long would be also good, I doubt the actors and actresses have 14 digit passwords with numbers and capital letters.