Clik here to view.
HIPAA’s Breach Notification Listing
Imagine this: you go to your mailbox and pull out the assorted letters and circulars. One of the letters is from your doctor’s office, informing you that the office was broken into and an unsecured...
View ArticleClik here to view.
SSL Wars – Little New Hope
More of the Same In 2010 I wrote a small series of blogs (A New Hope, The SSL Strikes Back, The Return of the SSLi and Web Application Security) regarding certain vulnerabilities in many of the SSL...
View ArticleClik here to view.
Introducing: SecureState’s SecBlanket+
With terms such as hackers, malware, cyber war, and identity theft being thrown around in the media, it can be downright scary. Whether you are a large corporation worried about protecting trade...
View ArticleClik here to view.
SecureState’s SecBlanket+ Receives Celebrity Endorsement
One time Disney child star, hard-partying socialite, and overall famous train-wreck Lindsay Lohan has been seen enjoying the Hollywood nightlife while sporting her new SecBlanket+! When asked about her...
View ArticleClik here to view.
APT: If It Ain’t Broke….
In our previous blog we detailed the bait, functionality, and command and control of past APT attacks and how they are applicable even today. We know that the encoding, payloads, encryption, and even...
View ArticleAPT: If It Ain’t Broke….
Just assume you are compromised and your data is being stolen… there, we said it. A ton of blogs, videos, whitepapers, tech articles, etc. have been written and broadcasted lately surrounding the...
View ArticleClik here to view.
Mr. President, NIST… We Don’t Need Another Security Framework!
As directed by the February Executive Order from President Obama, the Federal Government issued a Request for Information to receive feedback regarding the National Institute of Standards and...
View ArticleClik here to view.
NERC CIP Version ‘Free’
Much buzz as been flying around the air waves this past month regarding NERC’s release of CIP version 4. Most of this discussion is centered on two major concepts I have seen with nearly every security...
View ArticleClik here to view.
Building a Cloud Security Framework
Through regular discussions with a client in the utilities industry, the director of security at a large utilities provider approached SecureState with a problem. The CIO had decided to move a number...
View ArticleClik here to view.
Introducing: Termineter 2
C12.22 is an ANSI protocol enabling smart meters to exchange data via TCP/IP networks. This is good news for penetration testers looking to attack meters remotely; however C12.22 implements key...
View ArticleClik here to view.
How To Get Default Login Credentials
While conducting a recent assessment, I discovered a number of Dell Remote Access Cards (DRACs) on the client’s internal network. In the past, whenever I have encountered these systems, the default...
View ArticleClik here to view.
The Best Way to Secure Your Company
At the core of SecureState’s philosophy is the timely transition businesses need to make from their CurrentState (CS) security environment to a DesiredState (DS) security environment, consistent with...
View ArticleClik here to view.
Migrating to a Cloud Environment
As the Cloud moves from hype to initiation and growth, organizations are considering larger migrations of systems that have wide-reaching effects on IT and security departments. Clearly, there have...
View ArticleClik here to view.
Back to School Online Safety
Like many parents, we’ve sent our kids back to school and we discuss among ourselves how quickly kids grow up. What some parents don’t realize is that their kids, especially those in middle school and...
View ArticleClik here to view.
Data Breaches Continue Unabated
Why do organizations keep suffering from relentless massive data breaches? Weak security, executive management ambivalence, increasing hacker prowess? Maybe all of the above, but the more cogent reason...
View ArticleClik here to view.
What Happens When Your MSSP Fails?
SecureState was recently called in to help a client who experienced a data breach. When we arrived on site, everyone at the company was in disbelief that anything could have happened, since they hired...
View ArticleClik here to view.
Stolen Vendor Credentials? What You Should Do Now
A little more than a month after Target announced it suffered one of the largest data breaches in history, we now know that stolen vendor credentials were the keys to the kingdom. So what does this...
View ArticleClik here to view.
Why Your Investment may not be Secured:
If you follow the start-up industry, specifically crowd-funding, you may have noticed that Kickstarter.com was breached. In a letter sent out to their customers, Kickstarter stated, “While no credit...
View ArticleEU Directive Provides No Safe Harbor for US Firms
Earlier this year, 12 United States (US) business were identified as having violated their EU Safe Harbor attestations; essentially these companies had falsely claimed compliance (or allowed their...
View ArticleClik here to view.
What We Do Series: Find Egress in PCAP Files
What We Do When Waiting for Windows to Boot… Welcome to the new series-based blog that provides our consultants something to do when powering up lab and analysis systems running *certain versions of...
View Article