Zappos shows that big breaches are still part of the cyber crime outlook

We tend first to get blown away by data breach numbers: RECORDS OF 24 MILLION ZAPPOS.COM CUSTOMERS BREACHED. Then we sort of glaze over and shrug: <Just another big data breach.> Let’s face it, the “big” makes news, but the “big” isn’t what it’s all about. The last Verizon Data Breach...

Read more

From SSAE 16 to SAS 70 (Part II): SOC reporting and certification

In my previous post (From SAS 70 to SSAE 16, what does it mean?), I outlined the similarities and differences between SAS 70 and SSAE 16 audits. Now, I will go into more detail about the reporting options available with SSAE 16 and the additional auditing/reporting facilities the American Institute of CPAs (AICPA) has developed for the world of IT...

Read more

Mideast cyber spat ups the hacktivist ante

We have to assume that the kinds of cyber attacks taking place in the Mideast, most recently attacks against Tel Aviv Stock Exchange, Israeli national airline El Al, and several Israeli bank website, augur more and more ideological cyber warfare. I don’t believe that this means we’ll see a wave of government-on-government attacks...

Read more

What should we draw from AV detection rate test findings?

Testing desktop antivirus products has always been tricky, attempting to simulate the real-world possibilities of all the type of malware and all the interesting and exciting ways it can be introduced onto a client system in a test lab. Today, I think, even well-crafted tests can at best offer some basic guidance for enterprises, rather than clear...

Read more

Slow app layer DoS attacks can bring your servers down quickly

To paraphrase Alice (with apologies to Lewis Carroll and all my high school and college English teachers), denial-of-service attacks are getting “insidiouser and insidiouser.” The latest proof-of-concept “slow” application layer DoS attack is yet another demonstration that attackers don’t need huge botnet armies...

Read more

More Posts