Mitigating Your Mitigation

posted on Mar 30, 2015 by Yousif Hussain

The evolution of DDoS throughout 2015 has been unfolding at an alarming rate. Organizations that have DDoS mitigation solutions in place are not immune to these attacks, as each new attack evolves to bypass defenses. This is an example of the evolution of DDoS as well as how DDoS mitigation can fail without the proper…

Cyber-Flood Friday

posted on Mar 27, 2015 by Yousif Hussain

Welcome back to Cyber-Flood Friday. This week I discuss the very popular DDoS attack, through the three articles below. The prominence of DDoS attacks has become more visible over recent months and the risks associated with being a victim has organizations scrambling to begin defending themselves. An interesting topic I visited multiple times throughout the…

Getting out of Handcuffs

posted on Mar 23, 2015 by Geoffrey Vaughan

I’m back at it again, and this time I’m showing you how to get out of handcuffs! This short instructional video discusses everything you need to know about handcuffs including: The reasons why you would be handcuffed (legally, illegally, recreational) The components of handcuffs The types of locks on handcuffs The tools needed to escape How…

Cyber-Flood Friday

posted on Mar 20, 2015 by Yousif Hussain

It’s that time of the week again! Welcome back to Cyber-Flood Friday, this week I will be discussing some interesting articles I came across over the last few days. As always there is some interesting DDoS attacks that took place, and I have all the details for you below. Not only do I discuss DDoS…

Cyber-Flood Friday

posted on Mar 13, 2015 by Yousif Hussain

Hello and welcome back to Cyber-Flood Friday. This week I discuss a large DDoS attack deployed against the largest feminist blog site out there! Not only do I touch on DDoS but there is also some new cyber-security information you need to know. The following three articles I read online will help me deliver all…

Debunking Myths: Penetration Testing is a Waste of Time

posted on Mar 9, 2015 by Rohit Sethi

Suppose you hire a consultancy to perform a black-box assessment of your software. After executing the test, the firm produces a report outlining several vulnerabilities with your application. You remediate the vulnerabilities, submit the application for re-testing, and the next report comes back “clean” – i.e. without any vulnerabilities. At best, this simply tells you…

Cyber-Flood Friday

posted on Mar 6, 2015 by Yousif Hussain

Welcome back to Cyber-Flood Friday! This week I discuss the evolution of DDoS through 5 methods of growth, as well as myths around how to protect against DDoS attacks. After all the DDoS fun, I discuss an article that shows yet another advanced method hackers are using to gain access to your computers! Cyber-crime is…

3 Reasons Why a One-size Fits all Secure SDLC Solution Won’t Work

posted on Mar 2, 2015 by Rohit Sethi

When we ask security contacts at our enterprise clients “What software development methodology does your company use?”, they usually pause for a moment and answer “Everything”. Individual development teams tend to adopt processes that work best for them. Heterogeneous development processes wreak havoc on plans for adopting enterprise-wide secure SDLC efforts. There are at least…

Cyber-Flood Friday

posted on Feb 27, 2015 by Yousif Hussain

This edition of Cyber-Flood Friday discuss articles that break down Mandiants threat report about cyber-crime trends throughout 2014. It’s cool to see which industries are the largest victims of cyber-crime, and then to follow the methods that are used to attack them. Another article discussed, shows the latest victim that has fallen to the Lizard…

DevOps & Software Security: Turning unplanned work into planned work

posted on Feb 23, 2015 by Rohit Sethi

Every IT worker I’ve met  has heard me rave about The Phoenix Project. The book uses an all-too-realistic fictional scenario to discuss the behaviors of a high performing IT organization, with a particular emphasis on the convergence of development and operations (i.e. DevOps). One lesson from the book that really resonated with me was breaking down…