Security

RDS and the Case of the Mistaken PKI OID

Earlier this morning, I was working with our support team to work out an issue they were having in an environment where Remote Desktop Services had stopped working. Trying to connect to a server via RDS simply failed with a Network Level Authentication warning, strange, given it was a domain environment and everything should be […]

Working Hard on Web Security

As anyone who visits my site on a regular basis may have noticed, I’ve been working hard on securing up this blog to make it follow more best practices and more in keeping with modern web security given it’s been quite a while since I’ve touched that side of the site, and there have been […]

Public Cloud Security Verses On-Premise

Our MD at Fordway authored an article on freshbusinessthinking.com back in November 2014 which I was drawn to today which for me really hits the nail on the head about security and how public cloud addresses it and the simple fact is, is your organisation fully PCI DSS compliant or do you hold an ISO 27001 certification? How about the myriad of other industry security certifications such as SOC, FIPS 140-2, HIPAA or EAL?

Nextgenhacker101 Is the Best

I got sent a link to a Microsoft Blog yesterday by a friend who had posted a link to a funny YouTube video. The blog posting is at http://blogs.msdn.com/larryosterman/archive/2010/01/29/nextgenhacker101-owes-me-a-new-monitor.aspx but I’ll also just link directly to the video below: This script kiddie (if we can call him that) is so ‘leet that he’s managed to […]

DNS Exploit Now Officially Breeched

Recently a DNS exploit was discovered by Dan Kaminsky. This exploit was reportedly so big that he decided to keep the details close to hand until everyone had a chance to plug their DNS servers, however this plan failed somewhat and details of it got online. Whilst most people fixed their DNS some major players […]