Always Remember: With Gusto Comes Data Loss.

The Basics of Cryptography

With the nearly constant flood of data breaches that we read about almost every day, I thought I would take some time to cover the basic cryptographic techniques out there. I have avoided this so far because it is a rather difficult subject to explain without immediately going over many people’s heads. However, it is becoming increasingly clear that everyone, not just those using it on a daily basis, needs to understand just how encryption works. Continue reading

Security vs. Compliance and the Role of the Penetration Tester in 2016

Recently I was asked to write an article about one of the many challenges facing Penetration Testers in 2016. I decided to focus on the role that compliance plays in the process of securing corporate systems. This is not as simple as it may seem, as being in compliance with security regulations does not necessarily mean your systems are secure. Below is the text of the published article. If you would like the original publication you can find it at Continue reading

US-CERT Announces Critical NTP Vulnerability

ntpYesterday Apple released a security update for a number of critical flaws found in the NTP (Network Time Protocol) service that OS X utilizes. The most worrisome of these is a buffer overflow that allows an attacker to remotely send specially crafted packets to a system, resulting in them being able to run malicious code with the privileges of the ntpd service (system level privileges on OS X). Be aware though, since NTP is an open source protocol more than just Macs are affected. Continue reading