Blog | InfoSec

Indicators of Poor Assessment Work

Posted on January 08, 2018Link 

In the 11+ years Depth has been in business we've had the opportunity to see some less than stellar work as far as assessment services go. Our clients often send us assessment reports they've received from other security firms. Sometimes they want us to check remediation status on a single item. Other times they aren't sure whether a given vulnerability is...Continue reading 

Pins and Staples: Enhanced SSL Security

Posted on November 16, 2017Link 

With Chrome backing away from HTTP Public Key Pinning and other industry thought-leaders calling for its death, I figured I'd take some time to review some existing and upcoming (and tedious) controls that aim to fix some of the many shortcomings within the SSL/HTTPS ecosystem. In so doing I figured I’d summarize some of these concepts into a...Continue reading 

New Details on CitiGroup Compromise

Posted on June 14, 2011Link 

The Daily Mail has a short article about how the recent compromise of 200,000+ Citigroup accounts occurred. Of course there is not much technical detail but the vulnerability and exploit are pretty obvious if what the article says is correct: "They simply logged on to the part of the group's site reserved for credit card customers - and substituted their account...Continue reading 

Have Questions?
Get Answers