You can’t have failed to notice the media storm in the IT and security press around the recent vulnerability in the bedrock of the internet – SSL. The service designed to be protecting our data when sent over the big bad public wire has been wide open since early 2012 within many OpenSSL deployments (unpatched OpenSSL 1.01 or 1.02beta).
There has been a lot of talk both at Nettitude and all over the world over the last 24-hours regarding the Heartbleed bug. This is possibly the biggest kink in the armor of SSL ever found, due to the fact that it affects such a large portion of hosts on the internet1.
Here at Nettitude, we have been delivering penetration tests for clients for more than a decade. Over the last 10 years we have really seen the industry mature. Many organisations understand what penetration testing is, and as a consequence it has become an integral part of many organisations information security program. However, more often than not, organisations ask us to focus on the technical aspects of a penetration test, and ignore the social aspects. In many instances, we are told that ‘management’ don’t want to look at social engineering, and as a consequence, can we provide services that focus on the technology only?
Nettitude were strongly represented at the AKJ Associates PCI London event at the Victoria Plaza Hotel on Thursday 24th January 2013. The PCI event allowed Nettitude to exhibit some new services such as our Forensic capabilities and incident response as well as showcasing our P2PE QSA accreditation.
“Networks are no longer safe if a company takes the egg-shell approach of simply using perimeter-centric hardware devices, anti-virus and anti-malware software and other approaches to keep intruders out" - William Boni, VP and CISO T-Mobile USA – Jan 2012.
With the clamour for ‘Bring Your Own Device’ (BYOD) solutions increasing dramatically in the corporate workplace; IT departments are facing the dilemma of potentially unsecure personal devices connecting to the corporate network and threat of compromise to the once secure environment.
A new year started and why change good habits - or maybe this is a New Year’s resolution? I’m just back from the second New York Metro ISSA Chapter meeting of 2012. Here is my quick wrap-up.