Last week Adobe announced yet another vulnerability identified in Flash, affecting Windows, Macintosh, Linux, Solaris, and even Android.

The vulnerability allows an attacker to overtake a system when a user unsuspectingly opens an Excel file with an embedded flash animation. As a part of the announcement, Adobe explained that they are finalizing the fix and intending to release this patch during the week of March 21, 2011. read more »

I recently performed a penetration test for a large company with a mature security program in place. They regularly get audited and have multiple companies perform security assessments and penetration tests. So, I was unsure how successful I would be given their strong security posture. During our internal penetration test we found strong controls in place and it wasn’t looking good for our team to break in. Then I noticed that when I went to the Internet, an account attempted to connect to my computer. This was the break I needed! read more »

Here at the IT Security blog, it is easy for us to say things such as, “…you need to make strong passwords! You know, with numbers, and letters, and symbols, lots of characters! Things like “Kd03E#L0(@.” Yes, that’s a good password.”

As a reader, it is easy to sit in your chair, roll your eyes, and think, “…but that’s so impractical! How could I remember that? How could I ever use that?” I know, I know. I was you, rolling my eyes, not that long ago. read more »

Finders keepers. Depending on your place in the pecking order, you either heard or recited that adage at recess. It was written somewhere in the playground Magna Carta. Usually the “lost” item wasn’t really lost at all, but more likely lifted by an instigator during a moment of opportunity. read more »

Last week, when Apple hired David Rice as the new Director of Global Security interest in this question once again was renewed. David Rice is very well educated and widely known industry expert. He graduated from the U.S Navel Academy with a degree in Information Warfare. Aside: This is really cool stuff that we on the private side don’t get the opportunity to do or at least are not supposed to do. He also served in the Navy and worked at the National Security Agency (NSA). read more »

Today, more than ever, data and network security is a critical component of any organization. The last thing you want your clients to read or hear about is a breach in security that caused confidential information to be exposed to outsiders. With heightened activity malware and spyware attacks that have taken place over the last 30-60 days, now it is more critical than ever to make sure your corporate networks are secure and confidential data is protected. However, many organizations do not have the bandwidth internally-- or worse, confidence in their current provider. read more »

Recently the Wall Street Journal published an article about a new security flaw found in the PayPal iPhone application. read more »