Always Remember: With Gusto Comes Data Loss.

Security vs. Compliance and the Role of the Penetration Tester in 2016

Recently I was asked to write an article about one of the many challenges facing Penetration Testers in 2016. I decided to focus on the role that compliance plays in the process of securing corporate systems. This is not as simple as it may seem, as being in compliance with security regulations does not necessarily mean your systems are secure. Below is the text of the published article. If you would like the original publication you can find it at Continue reading

US-CERT Announces Critical NTP Vulnerability

ntpYesterday Apple released a security update for a number of critical flaws found in the NTP (Network Time Protocol) service that OS X utilizes. The most worrisome of these is a buffer overflow that allows an attacker to remotely send specially crafted packets to a system, resulting in them being able to run malicious code with the privileges of the ntpd service (system level privileges on OS X). Be aware though, since NTP is an open source protocol more than just Macs are affected. Continue reading