the exclamake! blog

An article in Channel Insider explains that state legislation that requires companies to report data breaches stengthens the case for MSPs (Managed Service Providers). Mike Rothman provides a viewpoint in Security Incite Rants.
My thoughts on this are… who are we talking about here, the enterprise or SMB’s? If the enterprise, I think this […]

Mike Rothman posted an article on Skype and the need to control it in many environments.  His opinion is that will be very difficult to control it on the network side of thing and he recommends controlling at the endpoint.  I thought it would be a good time to bring out that SonicWALL is very […]

Here’s the deal. I do get irritated with the ‘media’ and ‘hype’. Because I’m in the network security arena, I frequently ask myself, is all the press about network attacks legitimate? Are the fears justified? Then I see something like this that settles it in my mind.
Some of you may remember […]

Another week, another Highly Critical IE vulnerability published by Secunia.
Secunia - Advisories - Microsoft Internet Explorer “createTextRange()” Code Execution
I recommend monitoring SANS for exploits of this vulnerability and Microsoft patch announcements.
SANS Internet Storm Center - New IE Vulnerability

Great post here by Alan Shimel that highlights how business owners are perceiving cybercrime from inside and outside the internal network.
According to a survey by Braun Research on behalf of IBM, out of over 2,400 IT managers, nearly 60% said that in their opinion cyber-crime was more costly than traditional physical crime.  Of even more […]

Keith Schultz of Infoworld has a good review of UTM appliances from Astaro, Fortinet, SonicWALL, and WatchGuard.  The encouraging thing is that all the devices operate very well.
The biggest distinction, in my opinion, is that only the SonicWALL and the ServGate allow for deep packet inspection through all types of traffic.  The other devices rely […]

The Privacy Rights Clearinghouse has a Chronology of Data Breaches since the first ChoicePoint incident in February 2005.  I spent some time grouping the breaches into some similar categories and analyzing the cause of the breaches.  This analysis covers the report incidents from February 15, 2005 through March 14, 2006.
The categories I used are:

Backup Loss […]

Darknet has compiled a list of the 10-best livecd security tools.  Some of them are intended more for forensics, but most are for penetration testing.  Nice list!
10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery)

And along with the BC Government problems, we see that a Chinese bank server network was compromised as a launching pad for a phishing scam.  Again, it wasn’t the Chinese bank data wasn’t the primary target.  The phishers just wanted to use their network to host the phishing site, which then relayed your personal info […]

This article in the Vancouver Sun describes how 78 computers inside British Columbia’s government network were compromised.  The important thing to note here is that they were not attacked for the data that they held.  In fact, it appears that no information was stolen from these servers.
They were used to store downloaded movies and “‘hacker’ […]