Blog (Default)

Apr 30th, 2008

Comments: 0
Category: Forensics
Read More

The dangers of jumping to conclusions

I’ve been reading quite a few posts about Microsofts COFEE toolkit which seems to be designed to help forensics investigators get evidence from (presumably windows based) PCs. It’s amazing to see how many sources on the Internet took the original article here from the Seattle times and came to the conclusion that this was some […]

Apr 24th, 2008

Comments: 1
Category: Penetration Testing
Read More

PCI 6.6 clarification – Am I missing something?

Recently there have been some clarifications around a couple of sections of the PCI-DSS, in particular one on section 6.6 . This update has created some comment and articles but none of the ones I’ve read has focused on the main point, as far as I can see… Previously there were two options for satisfying […]

Apr 8th, 2008

Comments: 0
Category: General Security
Read More

Security Shorthand problems

I was thinking about a story I saw recently about the recent update to the british banking code There’s a lot of discussion about Internet banking users potentially being liable for fraud if their PCs aren’t “secure”, as a result of this update. The code says “Keep your PC secure. Use up-to-date anti-virus and spyware […]

Apr 7th, 2008

Comments: 0
Category: General Security
Read More

Some More UK Data Loss

http://news.bbc.co.uk/1/hi/business/7334249.stm This time HSBC have lost 370,000 sets of personal details from insurance customers. One thing that puzzles me in the reporting of this story is the statement that although the data on the disc was protected by a password it had not been encrypted How do you password protect something without encrypting it ?! […]

Mar 13th, 2008

Comments: 2
Category: Database Security
Read More

Database expert: Oracle behind Microsoft on patch management – Network World

http://www.networkworld.com/news/2008/031308-database-expert-oracle-behind-microsoft.html?fsrc=rss-security Interesting to see someone have a shot a putting numbers on how far Oracle are behind Microsoft in the database security arena (well secure features as opposed to security features anyway). The number that they come up with is 5 years… Assuming that nothing turns up soon it actually looks like SQL Server 2005 […]

Mar 8th, 2008

Comments: 0
Category: General Security
Read More

Infosec Scotland

There’s a new portal over at www.infosec-scotland.com thats been started up to provide information about upcoming security events in Scotland (and the wider UK). There’s a calendar of events available and some links to relevant sites. If you’ve got any events you’d like to get added to the calendar, just send an email over to […]

Mar 8th, 2008

Comments: 0
Category: General Security
Read More

February OWASP meeting

The February meeting of the scottish OWASP chapter went pretty well on the 28th. We had Steve Moyle doing a presentation on Database security (slides can be found here ) I picked up some interesting ideas from his presentation. Firstly the idea that relational databases have a fundamental flaw when it comes to security, which […]

Feb 21st, 2008

Comments: 0
Category: Uncategorized
Read More

Upcoming Security Events in Scotland

There’s a couple of good security events coming up in Scotland which should be a great chance to meet some of the security community up here and also hear some good speakers! On the 28th of February, there’s an OWASP Scotland meeting with Dr Steven Moyle of Secerno doing a talk on Database Security. There’s […]

Feb 1st, 2008

Comments: 0
Category: Software Security
Read More

Interesting new site?

There’s a post over at the Microsoft %41%43%45%20%54%65%61%6d blog about their new Hello secure world resource. When I saw this I thought I’d go over to the site and take a look around, as Microsoft have released some great information about developer security in the past and it’s an area of interest for me at […]