InfoSec Tools, Tips and Thoughts

William McBorrough

Subscribe to William McBorrough: eMailAlertsEmail Alerts
Get William McBorrough via: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn

Top Stories by William McBorrough

As more vendors dive into the cloud computing market, every possible claim regarding the supposed benefits of moving to a cloud-based service is being made. I ran across an article titled ” Why Cloud-based Monitoring is more reliable and secure than Nagios. ” The auth0r, who represented a cloud-based network monitoring company, contended that the Software-as-a-Service (SaaS) model offered by his company was better for companies than Nagios and other open source products. The question is not  Cloud Computing vs. Open Source.  In fact, there are open source SaaS providers like MindTouch out there.  If considering a product like Nagios, a better comparison would be open source vs. commercial.  In many cases, cost is the determining factor for companies to look  to open source technologies. Other considerations include flexibility and security. The more relevant  comp... (more)

How Steganography Can Be Used to Steal Your Financial Data

Steganography is the means of "hiding" information within a larger file of data. It poses a risk to ecommerce security because it allows data or malicious programming instructions to be hidden in other media. In the case of the former, malicious insiders (i.e. employees, contractors, etc) with access to customers financial data may improperly access that data and use steganography to forward it to their accomplices without being detected. In the case of the latter, hackers can embed malicious code in other files, such as images, audio and video files. These files can be forwarded... (more)

Pause Your Google History

Have you ever used your Google search history? If you are logged into any Google service, Google automatically keeps a history of your search queries ad web activities. According to Google, Web History allows the following: View and manage your web activity. You know that great web site you saw online and now can’t find? From now on, you can. With Web History, you can view and search across the full text of the pages you’ve visited, including Google searches, web pages, images, videos and news stories. You can also manage your web activity and remove items from your web history a... (more)

Pentagon and Congress Want Control of Your Network During Cyber Attack

There has been a lot of chatter in the news lately about the possibility of a “widespread coordinated” cyber attack against our critical infrastructure  and our ability to successfully defend against it.  Most of this infrastructure ( eg. utilities, finance, transportation, etc) is owned by private companies. Those currently responsible to protecting these networks will tell you that we are already under attack.  Is there a cyberwar going on?  Howard Schmidt, the White House’s Cyber Czar says “No”. But let’s not argue semantics. War, skirmish, tomfoolery…call it what you may. M... (more)

The Values Proposition for Allowing Users Access to Social Networks

What is the values proposition for allowing employees access to web 2.0 resources such as social networks? Every other day, we hear about the risks. Compromised Twitter accounts, phishing via LinkedIN,  malicious Facebook apps were only a sample of an every growing landscape. Most enterprises, appreciating the threats these pose to an environment, simply deny access to social networks from company systems and networks. Even within such organizations, there are user who need to access social networks to perform their job functions. LinkedIn has become a great tool for recruiting... (more)