Posted on November 16, 2017
With Chrome backing away from HTTP Public Key Pinning and other industry thought-leaders calling for its death, I figured I'd take some time to review some existing and upcoming (and tedious) controls that aim to fix some of the many shortcomings within the SSL/HTTPS ecosystem. In so doing I figured I’d summarize some of these concepts into a...Continue reading
Posted on June 14, 2011
The Daily Mail has a short article about how the recent compromise of 200,000+ Citigroup accounts occurred. Of course there is not much technical detail but the vulnerability and exploit are pretty obvious if what the article says is correct: "They simply logged on to the part of the group's site reserved for credit card customers - and substituted their account...Continue reading
Posted on May 20, 2011
Expose unnecessary ports via NAT and firewall rules to your DMZ. I'm talking SSH, telnet, HTTP/S, SNMP, MS-SQL, MySQL, YourSQL, NetBIOS.... everything. If you're really serious about getting compromised, NAT public addresses to your internal Active Directory servers and database.If you don't have a firewall or a DMZ, all the better.Make sure no effective firewall policies exist...Continue reading
