Main Menu

Home
Wireless Hacking
Forensics
Cisco Hacking
Incident Response
IDS/IPS
VPN Hacking
VOIP Hacking
Misc Notes
Malware Watchlist

Polls

What's your favorite OS?
 

Login Form






Lost Password?
No account yet? Register

Syndicate

Your Flash player is outdated. In order to properly display this content, Flash Player 8 or greater is required.
Please click here to update your player now.
 
Got Identities?
Written by oleDB   
Monday, 19 March 2007

Brian Krebs has written a few articles recently focusing on how bad identitiy theft and credit card fraud really is. There are 2 facts that I find really hard to ignore, which are also really infuriating. The first is that according to Symantec, the majority of the Credit Card trafficking is being done on servers located inside  the USA. So what happened to that Patriot act? Why are these criminals allowed to continue doing this, when clearly the FBI has the power to stop it. I know the logic they are using is that they are going after the kingpins and not the small fish, which makes sense. Except that tens of thousands of US citizens are getting thier lives destroyed in the process. And even though they may take down a kingpin one day, another one pops up the next. So eitherway, US citizens are getting screwed. The second problem I have is that we are infact subsidizing our own credit cards getting stolen. The Credit Card industry on a whole acknowledges fraud as an acceptable loss and simple passes on the costs to the customer. They even go so far as to sell us identity theft protection. That is completely ridiculous. Here's a novel idea, how about you make your product secure before selling it to the American public. 

Read the Story HERE  
Last Updated ( Thursday, 26 April 2007 )
 
Is Pen Testing a waste of time?
Written by oleDB   
Friday, 16 March 2007

Bruce Schneier and Marcus Ranum had an interesting article over on InfoSec Magazine debating the effectiveness of Pen Testing. After reading it, its pretty obvious neither of them are big proponents of pen testing. It makes sense on some level, if your not going to do anything with the report, why bother spending the money. The only reason for it then would be compliance issues. I personally think pen testing does provide some value, but the market is flooded with below average pen testers which waters down the effectiveness of it. Also, I think simply coming in and reviewing and revising IT processes like patching, best practices, and IR policy is more effective then a network pen test in the long run. Otherwise the best you can hope to do with a pen test is apply a quick fix band aid, which probably won't address the source of the problem.

 Read the Story HERE

Last Updated ( Monday, 19 March 2007 )
 
<< Start < Prev 1 2 3 Next > End >>

Results 9 - 10 of 10
Joomla Template by Joomlashack
Joomla Templates by JoomlaShack Joomla Templates