Monthly Archives: April 2013

ContraRisk Security Podcast 0010: APTs

» Listen or download now on the podcasts page » The Advanced Persistent Threat (APT) is the bogeyman of information security. Some people say ‘be afraid, be very afraid’ while others laugh and deny its very existence. The problem, of course, is one of definition. Too often the term gets stretched to fit whatever point someone is trying to make, or… Read more »

ContraRisk Security Podcast 0009: Social engineering

» Listen now or download on the podcasts page » Do we focus too much on security and not enough on people? Social engineering is an age-old problem, but it’s not going away. And while many threats that exploit social engineering can be as crude as a badly spelled phishing email, there is a trend toward more targeted campaigns that are… Read more »

Review: Instant Penetration Testing

By Vyacheslav Fadyushin. Published by: Packt Publishing. ISBN: 1849694125. 88pgs. Print & e-book editions. Penetration testing is becoming an increasingly sought-after skill. Greater security awareness, high-profile hacks of major organisations and, above all, growing compliance requirements all mean that more firms than ever are performing security audits. So it’s a skill worth acquiring. And even if you have no ambition to become… Read more »

Always look on the bright side

      No Comments on Always look on the bright side

Are we wasting our time trying to raise security awareness among the general populace? Is it time to simply enforce security upon ordinary computer users? Cryptographer and security pundit Bruce Schneier seems to think that training aimed at raising the awareness of corporate employees “is generally a waste of time”. Some of the analogies Schneier makes don’t really stand up… Read more »