Hi there everyone on the security bloggers network. I'm a security professional who works in:
vulnerability management (infrastructure and web penetration testing, benchmarking and optimisation)
security management (policy, procedure and technical standards development)
infrastructure & operations security (secure configuration of devices, databases, operating systems and assistance with logging monitoring and reporting).
I'm always limited on time I can spend blogging , so I end up blogging whilst waiting for clients in foyers and when commuting to and from work. So most of my blog entries are related to my activities during the day and my reflections on the way home.
About Me
- Matthew Hackling
- Matt runs his own security consultancy called Ronin Security. His focus is information security management and he has a keen interest in infrastructure and web application security. He's a CISSP and the current Branch Executive of the Melbourne chapter of the Australian Information Security Association.
Labels
- AISA (1)
- australian information security market (1)
- career advice (1)
- causes (1)
- DoS (1)
- economics (1)
- FUD (1)
- futurism (1)
- information security governance (4)
- IPS (1)
- privacy (2)
- sacred cows (1)
- security patching (1)
- vulnerability management (1)
- webappsec (1)
Friday, February 20, 2009
Thursday, February 19, 2009
Exfiltration
Currently it is very important to be monitoring traffic exiting your network to be able to detect remote access trojans that have not been detected by your anti virus .
I suggest restricting all out bound traffic from the desktop and inspecting proxy logs as well as web content management.
If you are a high risk target white listing only approved business web sites may be an option. You can always set up an internet cafe for users to surf fairly un restricted .
Without some of these restrictions it is too easy for the bad guys to write up a custom trojan (or just modify an existing one slightly )and slip it through your defences through a stored XSS in a trusted web site or even social engineer it through in a password protected zip file .
I suggest restricting all out bound traffic from the desktop and inspecting proxy logs as well as web content management.
If you are a high risk target white listing only approved business web sites may be an option. You can always set up an internet cafe for users to surf fairly un restricted .
Without some of these restrictions it is too easy for the bad guys to write up a custom trojan (or just modify an existing one slightly )and slip it through your defences through a stored XSS in a trusted web site or even social engineer it through in a password protected zip file .
Wednesday, February 18, 2009
Bizarre security sticker
---- Sent using a Sony Ericsson videophone
Monday, February 16, 2009
The love of Backtrack 4
Backtrack 4 now is in beta and it is a Ubuntu based distro. It is great to be able to use synaptic package manager and a bit of apt-get and apt-cache to load packages . Having a full set of wireless tools and all patched drivers etc is also a real time saver.
---- Sent using a Sony Ericsson videophone
---- Sent using a Sony Ericsson videophone
Thursday, February 5, 2009
Its hard to find spies to recruit when they have facebook :)
I love this bit
“We've been expecting you, Mr Bond,” says the evil Blofeld, stroking his white Persian cat. “We saw your Twitter update.”
Social networking websites make recruiting spies difficult
Thanks to Serg for this one!!
“We've been expecting you, Mr Bond,” says the evil Blofeld, stroking his white Persian cat. “We saw your Twitter update.”
Social networking websites make recruiting spies difficult
Thanks to Serg for this one!!
Tuesday, February 3, 2009
Logs logs logs
My advice for log management . Identify what could go wrong and then only log the activities that would be associated with that malicious activity (by enabling the devices to log these activities and sending them to a central log server under the control of the security department). Then establish alerts on a risk based approach only for those malicious activities that are of real concern.
---- Sent using a Sony Ericsson videophone
---- Sent using a Sony Ericsson videophone
Monday, February 2, 2009
Criminals
So what is the modus operandi of online thieves and other criminals?
Stealing credit card numbers ,selling them to others who make up fake credit card numbers and buy high value postable goods and resell them to turn the stolen credit into clean cash.
Guns for hire who steal customer lists to order or deny service to compettitors for unscrupulous business owners .
Extortionists who deny service to organisations on the fringe of legality.
This may explain why i am into testing web application security controls, load balancers, web application firewalls, IDS etc
---- Sent using a Sony Ericsson videophone
Stealing credit card numbers ,selling them to others who make up fake credit card numbers and buy high value postable goods and resell them to turn the stolen credit into clean cash.
Guns for hire who steal customer lists to order or deny service to compettitors for unscrupulous business owners .
Extortionists who deny service to organisations on the fringe of legality.
This may explain why i am into testing web application security controls, load balancers, web application firewalls, IDS etc
---- Sent using a Sony Ericsson videophone
Not kidding about this heat
---- Sent using a Sony Ericsson videophone
Subscribe to:
Posts (Atom)
Handy Links
Twitter Updates
Matt's list of blogs
-
TEDxMaui -- Hack Yourself First3 weeks ago
-
FedRAMP: It’s Here but Not Yet Here2 months ago
-
Bunraku V0.0.36 months ago
-
GoGrid Security Breach10 months ago
Blog Visitors
Lijit
InterSec - ISC2 CISSP networking portal