Sitemap - 2008 - Security Balance

Some good predictions for 2009

New Kids on the Block Cipher

War and Information Security

Phishing now installing malware...NEW?

Why people stick to IE...or why should they change?

2009 predictions

Can good programmers be part of a SDLC?

VP has taken the red pill

Windows pen testing - access tokens

Simple but dreadful, part 3 - Workstation local administrator

After all, how infosec is related to SOX??

I've never seen my previous CSO role so well explained

Mogull on adaptative Auth and AuthZ

Sarbanes Oxley, good to hear people questioning

The WPA sky is not falling

Virtualization? Give me a better OS instead!

I left this one pass

Financial malware gets smarter? But we've said that many times!

Microsoft MS08-067

Which compliance pill to take?

It is so obvious that it hurts

Wordpress security

Good tip to fight laptop theft

And now, ScribeFire!

Zoundry Raven test

Security by economic obfuscation

Simple but dreadful, part 2 - Network shares

Best Practices - Even Dilbert know what they mean

(ISC)2 Board candidate

Simple but dreadful, part 1 - Logon Scripts

Portknocking, SPA and SOA

The future of mass card theft (and PCI)

Black Hat, Defcon, the basics

PVLANs and DMZs

"Hanging on the wall" posting of the week

VMWare vulnerability

Master dissertation test

Kaminsky and the new vulnerability patching world

Virtualization security, some thoughts about it

Unauthorized reading confirmation on Outlook

SIEM dead, time for search?

Open Group Risk Management "taxonomy"

This is why we asked so much for Server Core

I didn't quit the blogging stuff

The discussion about GRC

Vulnerability Numbers, Q1 2008

Virtualization - there is also a good security aspect

Finally someone said it!

The new security guy

Isn't it an interesting case for business continuity studies?

Windows Server 2008 - Server Core

Have you tried Secunia PSI?

Adobe is the next target - does anyone still doubt?

Polaris - A very interesting research piece from HP

CyberStorm II and languages

Some good quotes from RSA

How many companies are looking into Security as a Marketing feature?

From a RSA vendor leaflet

RSA, final post

RSA post number 2

Looking for job in...Toronto!

RSA post number 1

Content Management, Monitoring and Protection (from Hoff's post)

Article on ISSA Journal

Adobe on Linux - holes are cross platform

If it works for children...

VMWare, the new "unbreakable"?

Macs and the Pwn2Own contest

Disruptive innovation and security, some thoughts

You need to think like this sometimes

ActiveX controls and security

Insider threat in a Auditors Conference

Outlook vulnerability

Cisco patch cycle

Why risk management doesn't always work

Cold boot attacks against disk encryption

RSA, here I go!

Data stolen from Petrobras

Another botnet following our predictions

Security by obscurity, a little more about it

Client software vulnerabilities, watch out

Quickly deploying security: Decision Gates

Mainframe security - finally I found someone talking about my concerns on it

The discussion of the moment: A versus C-I-A

Should we let consultants use their own computers?

Blind spots and JJ's blog

Automated malware analysis

Still believe that insider threat is not that big?

Peterson's method to incite security

French methodology for Information Security Risk Management

Patching Oracle?

Good discussion on OTP/2FA for online banking

Trojan.Silentbanker

SQL Injection worm/bot?

Security Policies organization

Always getting back to basics

The threat from user applications

#nojs-banner { position: fixed; bottom: 0; left: 0; padding: 16px 16px 16px 32px; width: 100%; box-sizing: border-box; background: red; color: white; font-family: -apple-system, "Segoe UI", Roboto, Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; font-size: 13px; line-height: 13px; } #nojs-banner a { color: inherit; text-decoration: underline; } This site requires JavaScript to run correctly. Please turn on JavaScript or unblock scripts