Nine Tips For Your Holiday Gifts
Welcome! Welcome, one and all!
With Black Friday just around the corner, there is no doubt the holiday shopping season is upon us. For many, myself included, new phone FTW! This means a myriad of new electronic gadgets and gizmos.
Considering you are reading the Solutionary Minds blog, it stands to reason that you care about security. And because I've started setting up my new phone, it seems like a good time to discuss mobile device security.
The tips below apply primarily to phones, tablets and phablets (phones that are too big to be a normal phone and too small to be a true tablet), but many of these tips can help you protect laptops and other devices as well. The list certainly should not be considered all-inclusive, but applying it is a strong step in the right direction.
Nine Tips for Mobile Device Security
1. Enable Total-Device Encryption
Despite the ... read more >
In in a recently-released report, a leading technology research and advisory firm recognized Solutionary as a Managed Security Services Provider (MSSP) leader in North America.
Analyst reports like this are extremely useful for enterprises that are considering vendors to provide a service, giving them advice and perspective on a range of potential vendors.
For this research, the firm chose participants based on their ability to deliver enterprise managed security services to clients in North America. Participating companies were evaluated based on 26 criteria grouped into the following three categories:
- Current offering
- Market presence
To learn more about the MSSP market and how Solutionary was evaluated, download the full report... read more >
Why Your Website May be Hacked Once Google Indexes It
The attack methodology usually follows these lines:
- Identify SQL input locations.
- Determine capability of injection.
- Use SQLi to exfiltrate data/install backdoor.
How do attackers identify vulnerable targets?
Top 5 FAQs for Transitioning From PCI DSS 2.0 to 3.0
As the January 1, 2015 submission date for moving from Payment Card Industry Data Security Standard (PCI DSS) 2.0 to 3.0 quickly approaches, organizations and security assessors have been diving into the details of assessments and new requirements. Many organizations are faced with challenges during this conversion phase.
As a security assessor, I am frequently asked questions about PCI DSS 3.0. Here are my top five FAQs:
When should I officially begin a PCI DSS 3.0 assessment?
There has been a lot of confusion about when to move to a PCI DSS 3.0 assessment, especially as assessments are kicking off in 2014. If an assessment begins in 2014, but the submission date is in 2015, then... read more >
Why Veterans are a Good Fit for IT Security Careers
Happy Veteran’s Day to all of you who are currently serving or have served previously in the U.S. military. Veteran’s Day gives all of us who didn’t serve an opportunity to honor those who did. Thank you for your service!
Honoring Those Who Serve
In his 1954 proclamation to commemorate November 11 as Veteran’s Day (known before as Armistice Day), President Eisenhower said,
I, DWIGHT D. EISENHOWER, President of the United States of America, do hereby call upon all of our citizens to observe Thursday, November 11, 1954, as Veterans Day. On that day let us solemnly remember the sacrifices of all those who fought so valiantly, on the seas, in the air, and on foreign shores, to preserve our heritage of freedom, and let us reconsecrate ourselves to the task of promoting and enduring peace so that their efforts shall not have been in... read more >
Will tap to pay actually be used by the public?
As described in my previous blog, "Apple Pay vs. Other Tap to Pay Providers," Google and Apple are essentially equal when it comes to security, with both of them outpacing SoftCard by a good bit. It’s important to note that they are all better and safer than traditional magnetic strip plastic cards, making the use of credit cards more secure. For more information on the different platforms, please see the first part of the Apply Pay series blogs, posted on Tuesday, October 28.
With the industry reeling from... read more >
With a rogue access-point (AP) in place, the attackers exited the building and made their way to a vehicle parked adjacent the location. Once inside, one attacker surveys the area while the other pivots a high-gain antenna toward the location of the malicious device. Connecting to the device and establishing a foothold into the internal network, he cracks a wicked smile and announces, “I’m in.”
There are several tools available for penetration testers that aid in a successful physical security assessment. These tools are widely available, and if used properly with solid social engineering tactics, can... read more >