Law and Ethics Domain Podcast available

Law and Ethics Domain Podcast available

A short podcast which is available as a download covers domain 9 in the CISSP CBK which is Law, Regulations, Investigations & Compliance and is just over 34 minutes long.  This is to cover some information and not be too ‘in-depth’

Listen on SoundCloud (Downloadable)

Read More

Corruption – how can this be stemmed?

Corruption – how can this be stemmed?

Listening to the radio one morning dropping of my son at school, there was a prank call to a lady that said she was offered a bribe by a police officer for not stopping properly at a stop sign.  The overwhelming results from the listeners in the area was phoning in, tweeting, emailing and text message sharing their experiences with corrupt traffic officers in the area.  One phoned in to complain that this has been an article in the local news paper about two years ago and NOTHING has been done to address this.

I have been stopped once and I was told I was speeding and was offered to make up my own amount to pay as the actual fine is R800 (approx $80)...

Read More

Ransomware – A Real Threat

Ransomware – a real threat

I have seen the ‘Ransomware’ increasing as a persistent threat and although there is a simple solution, in the event of the threat realisation, which is backups.   As soon as you lose access to your data, you can retrieve a backup copy.  The problem exists which

The following video is a small example of a file that came into my email and how you can use a free service such as VirusTotal to check for a possible threat.  The video is 6min long and just shows some tricks that the fraudsters use to see if they can get users to click on the file.

The ‘ransomware’ in this case was sent from an email server in Mauritius however, this most certainly is also compromised.

VirusTotal

Practice SAFE HEX!

Read More

OpenSSL Heartbleed Security Vulnerability – My 2c

OpenSSL Heartbleed Security Vulnerability  - My 2c

I have been involved with developed for a very good part of my life and have advocated the following statements when delivering Information Security Training mostly to solicit reaction from the converted.

“Heartbleed,the hole in the internet’s security that exposed countless encrypted transactions to any attacker who knew how to abuse it.”

“Open Source software is software that failed elsewhere”  When I get a lot of reaction from the audience I will explain my reasoning with examples which I feel strongly are:

  1. Open Source is an excellent way for start-ups or developers to get the public to beta test their software without forking out actual $ for testers.
  2. Once you have a great following, take you software from Open Source to a commerci...
Read More

CISSP Assessment – 250 Questions Online – Creative Commons

CISSP Assessment – 250 Questions Online – Creative Commons

I have looked around and found a document of 250 questions created by Alfred Ouyang and it is licensed under  ‘Creative Commons: Attribution, Non-Commercial, Share-Alike’.  So you can either do it via grabbing the document however, we have decided to put this up onto a web front-end and in the spirit of Creative Commons, giving it a nice push

This is available at no cost however you need to create a User ID that has to be verified by yourself in an email.

http://sacs.co.za/elearning/

You can have as many attempts as you like, and we are busy adding more at the back-end.  Make sure you subscribe to the SACS CISSP Question-A-Day to make you get notification as we roll out new items.

Practice Safe HEX!
Mervin Pearce (CISSP-ISSAP)

Read More

CISSP – Physical (Environmental) Review – Podcast

CISSP Domain 10 – Physical (Environmental) Security  34 minute Review , available on Soundcloud.

CISSP Physical (Environmental) Security Review

 

Read More

Digital Forensics – 101

Digital Forensics – 101

Evidence Collection

We have seen that digital forensics is getting a lot of attention and many want to dabble in the process.  A very important fact to remember is that the evidence is critical as well as the steps taken to make sure it is admissible as evidence.  The last thing you want is to have your evidence ‘tainted’ and thrown out due incorrect procedures taken.  This means that the evidence needs to be collected using tested and proven procedures… and documented all the time.

Evidence is Volatile

You need to collect evidence in the order of volatility starting with those that are most volatile.  This means if it is RAM content you need you will start there as it will disappear as soon as you switch the workstation or server off...

Read More

Web Attack – Persistent Threat Vector

Web Attack – Persistent Threat Vector

Monitoring your web logs it is easy to spot an attack vector taking place.  In this sample, I have taken a snapshot of a web server which shows the visitor vs. visit graph.  The ratio between the two can be an indication of an attack occurring.  In this example the last day there are 9 visitors to the sites and 1,263 visits.  The visit(s) is an indication of the number of sessions created.  The following video clip is an attack on WordPress sites monitored by Wordfence (a plugin)

In real-world terms if a user visits your site you get a visitor and a visit statistic, when he clicks on another link, the visitor number stays the same but the visit number gets incremented by one...

Read More

Quick overview on CISSP

A 90 minute overview of a CISSP course… Have fun!

https://www.dropbox.com/s/966rnvkh3h562eq/SACSCore41.rar

If you have any problems due to download limitations send me an email and I will create a direct link for the download moc.ecraepnivremnull@nivrem

Read More

A CISSP Question a Day

A CISSP Question a day

We are launching a question a day with detailed answers for you to receive in your mailbox.  The questions are based on the 10 CISSP domains and develop to test your knowledge and allow you to enjoy a daily refresher.

Subscribe using the SACS subscription page

 

Read More