PCI DSS 3.2 Multi-Factor Authentication Clash

Recently the PCI Security Standards Council held their North American Community Meeting.  This annual meeting brings together assessors, payment professionals, card brands, Council members, Acquirers, and other interested parties to discuss the state of our beloved...
More Hacking SQL Servers Without a Password

More Hacking SQL Servers Without a Password

Hacking SQL servers is fun. Early this year, I blogged about hacking SQL servers without a password. I used Ettercap to perform a man-in-the-middle attack between a Microsoft SQL server and client. Using Ettercap filters I showed how you can replace a SQL query with...

Future SOC

Are you waiting for something bad, or going somewhere good? A CEO asked me that once. It is one of those deep questions that we should all ponder at times. In the world of cybersecurity, the conventional thinking for a Security Operations Center (SOC) is to plant...
The Technology You Own, Ends Up Owning You

The Technology You Own, Ends Up Owning You

In a recent article, Rupert Goodwins wrote that Information Security technology is a sham. His thesis is that for all the innovative technologies in the marketplace, they routinely fail to fulfill their fundamental purpose of protecting a business. Every new breach...