A recently published zero-day exploit was released by TrustWave that allows a remote attacker to take control of a WordPress website and upload malicious content, which can then be used to attack visitors to the site or the server hosting the site itself. All versions of WordPress including the current 3.3.1 are reported as being [...]
Part 3 – Does the network you are connecting to REALLY belong to who you think it does?!? Go to any hotel, and you are liable to see a wireless network that is named after the hotel. Before you connect, consider whether or not that network is REALLY the hotel network. It is trivial for [...]
Part 2 – Who else is connected to that network? This concept applies to a wired network as much as it does to a wireless network, however I still think this needs to be mentioned. I’m sure that the other guests who happen to be staying at Caesar’s Palace during the annual BlackHat convention would [...]
Use of wireless technology has grown exponentially in use in recent years as can be evidenced by performing a quick scan using your WiFi enabled smartphone from just about anywhere. More often than not you are in range of some wireless network. However, before you start surfing from that coffee shop’s WiFi network, you need [...]
Unless you have been living under a rock the last several years, either you are currently using or someone you know is currently using the social networking media tool Facebook on a personal level. Now, thanks to LinkedIn, you have the same type of networking possibilities on a professional level. LinkedIn is a social media [...]
The FDIC released FIL-56-2010 (http://www NULL.fdic NULL.gov/news/news/financial/2010/fil10056 NULL.html) on September 15, 2010, describing the risk posed by sensitive information stored on electronic devices, such as, photocopiers, fax machines and printers, and how financial institutions should mitigate the associated risks. The Financial Institution Letter addresses the security of sensitive information that could potentially be stored on [...]
As reported in an article posted on FFIEC Guru, the current format of service auditor reports, known as SAS 70 reports, are being replaced by SSAE 16 reports. While all of the details are still pending, additional guidance from the AICPA should be available by late fall 2010. The complete article can be found on [...]
The folks over at Safe Systems have put together a website with articles and content focusing on regulatory issues facing financial institutions relating to information technology. “FFIEC Guru” Tom Hinkel (SafeSys’s Director of Regulatory Compliance) is managing the content and writing most of the articles. We think that this will prove to be a valuable [...]
