Or the art of active defense and enemy disorientation “You can ensure the safety of your defense if you only hold positions that cannot be attacked. Hence that general is skillful in attack whose opponent does not know what to defend; and he is skillful in defense whose opponent does not know what to attack.” … Read more

Malware such as Neverquest, Zeus or GameOver Zeus is getting more aggressive every day and the stealth way it steals money makes it even more dangerous. The methods used by Neverquest and similar MITB (man-in-the-browser) attacks are described in the following video: and at the following Wikipedia page: http://en.wikipedia.org/wiki/Man-in-the-browser In short: by obtaining full control … Read more

Business operations may and usually do depend on maintaining control over critical information. You may, however, lose control over this information (whether it would be lost, deleted, stolen, published, etc) – in this case you may need to respond to a security incident. Even though you should be concerned about potentially malicious hackers breaking through … Read more

APT is the new INFOSEC marketing term – every other company / service / product is offering ‘protection from Advanced Persistent Threats” – without even explaining what the term means. Probably because if they do explain, you will lose any interest in their products? APT is not about what – code, viruses, malware, spyware or … Read more

A – Assets – Something of value requiring protection (hardware, software, data, reputation) B – Backup – The three most important safeguards – backup, backup, backup C – Countermeasures and Controls – Prevent, detect, and recover from security incidents D – DAA and Other Officials – Manage and accept risk and authorize the system to … Read more