You can't secure what you don't acknowledge.SM

Thursday, June 17, 2010

Ethical hacking and Windows

I recently recorded a podcast with my esteemed editor at, Brendan Cournoyer, where we talked about ethical hacking, finding the things that matter in your environment, testing tools and my new book Hacking For Dummies, 3rd edition. Check it out:

How ethical hacking fits into Windows security tests

Looking under the hood of the new OWASP Top 10 for 2010

While I'm on a roll posting some recent content I thought I'd list this one as well:

The new OWASP Top 10 for 2010 – Risk and Realities

In this piece I wrote for Acunetix's blog I talk about what the new OWASP Top 10 for 2010 is about, what it's not, and some considerations for leveraging it to help you minimize your business risks.

Using Windows 7's virtual machine for security testing

Outside of those executives who have their heads in the sand over security there's hardly anything that can keep you from getting your work done more than a Windows system junked up with a bunch of security testing tools.

Well, if VMware or VirtualBox haven't been a good fit, perhaps Windows XP Mode in Windows 7 will be. It's a cheap and seamless way to run your security testing tools in an isolated environment while maintaining the integrity of your host computer. Check out this piece I wrote for

Using Windows XP Mode for security testing in Windows 7

Got Domino? Don't forget about security.

Like Novell NetWare, there's plenty of Domino still running out there so we certainly can't be lax on security for that platform. Here are a couple of pieces I wrote regarding Domino security that you may be interested in:

Domino security vulnerabilities to watch for

Getting started with hardening Domino

Wednesday, June 16, 2010

Data Protection and Compliance in Complex Environments

Here's a new guide I just completed aimed at C-level information protection professionals:

The three CREDANT-sponsored pieces cover:
  1. Primary Concerns of Regulatory Compliance and Data Classification
  2. Finding, Classifying and Assessing Data in the Enterprise
  3. Data Protection Reporting and Follow up
Simply click the image above or browse to Realtime Publisher's landing page for this CSO Executive Series and download from there.

By the way, Realtime has a ton of free content practically anyone in our field can benefit from. Check it out the other stuff they have while you're on the site.

Should Windows users have full admin rights?

Here's a piece I wrote recently for where I cover the never-ending debate about whether or not users should have administrative rights on their computers:

Should Windows users have full administrative rights?

If you have additional insight, please let me/us know. It's something every business can benefit from.

Tuesday, June 15, 2010

Oil rigs now, Internet later?

Obama shuts down oil rigs - $330 million in lost wages per month. What's going to happen when he shuts down the Internet?

Who gave this guy such power!?

...elections have consequences.

Monday, June 14, 2010

Survival of the weakest?

I just heard Neal Boortz discussing this Wall Street Journal piece about how people with the least amount of economic knowledge are making all the rules in America right now. Very interesting insight.

Totally reminds me of management and other non-technical people making all the rules for information security and privacy.

Something's backwards here folks. Why is it the tail wags the dog in so many critical situations such as these affecting so many people long term? Is there some sort of reverse Darwinism at work?