-
IT Security Horror Story #2: A Tale of Spooky Hosted Images
October 29, 2013, Brandon Edmunds, Senior Security Consultant, Coalfire Labs
Image manipulation madness causes a near disaster for a popular web site. READ MORE…IF YOU DARE -
Read more
-
IT Security Horror Story #1: The Case of the Phantom Blood Red Team
October 29, 2013, Andrew Barratt, Managing Director, Europe
An unsuspecting Fortune 100 company allows horrible creatures into their building and systems during a Red Team engagement. READ MORE…IF YOU DARE -
Read more
-
BYOD Survey 2013: Employees and Companies Remain Lax with BYOD Security
September 18, 2013, Mike Weber, Vice President, Coalfire Labs
Despite a dramatic increase in mobile device sales in the past year, BYOD security among employees remains static. Gartner forecasts 2013 tablet shipments to grow 67.9 percent, with shipments reaching 202 million units, while the mobile phone market will grow 4.3 percent, with volume of more than 1.8 billion units.
Read more
-
Whether you are a large or small business, beware of these 5 common security problems
March 11, 2013, Mike Weber, Vice President, Coalfire Labs
Every January, the trade press if full of new year’s resolution-like advice… things to do in the coming year, even Coalfire made a few predictions for 2013. I work at Coalfire Labs, and since our business is IT security and testing, we want to share some advice on how to avoid your systems and accounts from being breached. While larger companies may feel they can skip some of these steps, and still remain safe, TJX, the parent company of T.J. Maxx and Marshalls learned the hard way the damages a breach can cause. Information from up to tens of millions of credit and debit cards was stolen costing TJX millions of dollars to get the problem under control. With this in mind, here is a list of five issues companies are prone to make, and ways to avoid negative ramifications.
Read more
-
Creative Ideas for Replacing Passwords
March 08, 2013, Mike Weber, Vice President, Coalfire Labs
Passwords have been the de facto manner of providing security for IT systems. They’ve got a bad reputation, but it’s not the passwords themselves that deserve the reputation – it’s the individuals using them and the weak standards to which these passwords are managed. In fact, a password system implemented in a secure manner – long and complex passwords that change periodically – can be (virtually) uncrackable. However, a typical user isn’t apt to embrace a system that requires 15 characters or more (including numbers, upper and lower case, and special characters) and needs to change every two to four weeks.
Read more