A fine line between ‘Accidental Discovery’ and Hacking

A fine line between ‘Accidental Discovery’ and Hacking

Lets set the scene using a local law (ECT Act of 2002) and set the scene for a few cases and use the following definition for the Act.

Hacking and Cracking Tools

Government using cracking tools to install Windows?

“Access” includes the actions of a person who, after taking note of any data, becomes aware of the fact that he or she is not authorised to access that data and still continues to access that data.

Disclaimer: I do not condone any form of unauthorised access to any system.

I would like to draw attention on two previous newsletters we have raised to the relevant contacts evidence of the website that was hacked many years ago.

  • Government example
    • First public notice August 2012 however evidence of the hack was seen by us on the 9th of May 2011 due to ...
Read More

The enemy from within

The enemy from within

The Enemy within

The enemy from within

How much do you trust those that are entrusted with the accountability of securing your system?  This seems to be a huge problem with all walks of life and it is ‘The enemy from within’!

  1. Internal IT staff colluding with syndication to create remote access points into a bank to commit fraud
  2. Police services being found with hijacked (car-jacked) and stolen motor vehicles at his residence
  3. Anti-poaching spokesman to be charged with rhino poaching

Everyone of these examples has a commonality… and this is an external influence such as syndication organised crime.  Three types of staff exist and they can be qualified as follows:

  1. The first type WILL look for a fraud opportunity and commit it.
  2. The second type WILL NOT look for the opportunity, however whe...
Read More

CISSP Domain Changes for 2015

CISSP Domain Changes for 2015

CISSP Domain Changes for 2015

CISSP Domain Changes for 2015

The number of domains are being reduced from ten to eight with some exciting adaptations.  It is important that the content of any certification is updated to be inline with real-world scenarios.  The last update was in 2012 and for 2015 there are some major changes.  The changes in 2012 were minimal and reflected more on the naming and the weight and importance of the domains.  Here is the table with CISSP Domain Changes for 2015  with 2012 as a reference as well as some personal observations.

The first domain in the list is ‘Security and Risk Management’ which is a nice update which takes many attributes into consideration such as the security function in an organisation to address the Persistent Threat Matrix (PTM)...

Read More

CISSP Boot Camp – March 2015

CISSP Boot Camp – March 2015

Time to up your personal marketability by obtaining a certification in your field.

Join me for a long term evolution on your career. Knowledge is a journey that has to be tackled everyday.   When I wrote my CISSP exam in 1997 there were very few books available to help with studies.

We will be running a instructor led CISSP Boot Camp with online lectures before and after the course with mentoring of students along the way.  This is a longterm relationship going past the boundaries of being just a student.

If you are keen to get up and running visit our CISSP information page and register at the old price and become part of the the evolution of your career.  We will have the following for old and new:

  1. Access to the eLearning site, including future enhance...
Read More

Active vs Passive Policing

Active vs Passive Policing

You may have all the boxes checked on your balance score card.  Bought the latest and greatest security software, firewalls, Intrusion Prevention Systems

cops-800x600

Police ensure that youngsters are inline with the rules

and finally have your security staff complement that you have been fighting for.  The problem you have had all along should be gone now… But is it really?

I have recently travelled to Portugal and have seen active policing in all the main cities I have travelled to.  In Lisbon you have police walking around 24-hours a day.  At night the patrol the streets alone.  Not two or more, one at a time with a radio and visible arms.  In the capital city of Madeira, Funchal, the same type of behaviour.  The end result is a much safer environment for all...

Read More

SACS Assessment Collector V1.1

SACS Assessment Collector V1.1

SACS Assessment Collector is a standalone application which assists in the collection of information on remote workstations and servers and saving this in a compressed and encrypted file which can be analysed centrally.

SACSAss

Download the application <Click Here>

Usage

  1. Copy the application to a USB or to a drive where remote users can execute it.
  2. Execute the Application – this may take a while as detailed analysis are done
  3. When the application execution is complete a .zip (compressed file) with the machine name would have been created.
  4. Send this file to the central body for import and analysis

We recommend any file that you will execute on your environment to be submitted to VirusTotal for a complete analysis on most of the malware scanning engines.

This i...

Read More

SACS CISSP Core Overview

Monday morning ‘quickie’

All 10 domains in a core overview.  Click to go to the YouTube playlist

Regards
Mervin Pearce

Read More

CISSP Domain 7 and 8 podcasts available

CISSP Domain 7 and 8 podcasts available

Another two domains have been added today looking at some podcasts for a quick review.  They are available to listen online or can be downloaded from SoundCloud

More will be added as we go along with reviews.

Read More

New online courses added

New online courses added

The ability to learn at your own pace without breaking the bank has a few advantages.  Any previous learner will get a special discount on any course.   Costs will be kept realistic as we believe electronic delivery should be much more realistic due to the usage of technology.

First courses being delivered with many in the pipeline which will the prioritised… some courses will be available at no cost and we have specials for previous SACS learners.

  1. CISSP Boot Camp – Taking what we have done over more than the last decade into a eLearning solution
  2. Penetration Testing -
  3. Barefoot IT Auditor – From crawling to Running

If  you want any additional details on any of the upcoming courses… make sure you are subscribed to the training list. Subscribe here

An extract fro...

Read More

Law and Ethics Domain Podcast available

Law and Ethics Domain Podcast available

A short podcast which is available as a download covers domain 9 in the CISSP CBK which is Law, Regulations, Investigations & Compliance and is just over 34 minutes long.  This is to cover some information and not be too ‘in-depth’

Listen on SoundCloud (Downloadable)

Read More