by Jesper Kråkhede, Sweden
Posted in Security Architecture on Mar 4th, 2008
Last week there was still another site hacked in Sweden. This time it was Dataföreningen (in English Computer Association) who lost quite a lot of user accounts (mine included) out to the internet. Within hours I saw several attempts to log on to my mail and my website (everything was logged and remediation actions have […]
Posted in Compliance, Computer Forensics, Security Architecture on Feb 23rd, 2008
Encrypting the hard drive on a computer has for long been a way to secure the contents of a laptop. Today I saw an video and read a rather disturbing whitepaper here on how to break different encryption schemes like Microsoft Bitlocker, Truecrypt and Applecrypt by simply rebooting the computer with an attached USB drive […]
Posted in Security Architecture on Feb 21st, 2008
Today I attended a very interesting seminar regarding Business Intelligence (BI) held by Ronny Seehus, Vice President and Head of Business Intelligence Consulting in Capgemini Norway. As a very skilled business manager Ronny easily explained how the BI business should be focused on information and information usage rather than from the technology perspective. In several […]
Posted in Security Architecture on Jan 30th, 2008
In todays newspaper there was an article regarding a fraud attempt using a remote access device physical connected to the computer. Thanks to a resourceful employee the attempt failed. This still opens up for questions regarding where you have your boundries for your trusted computing base. Could you trust your clients anymore when they have […]
Posted in Security Architecture on Jan 27th, 2008
During the last weeks there have been reports of several sites beeing hacked and having lost their account database and all personal information. Today there was an article in a swedish newspaper of a site adminstering a discount card for about 1 000 000 students. Lets take a look at the information that was lost. […]
Posted in Security Architecture on Jan 25th, 2008
There is a rather mean and hard to detect infection spreading on different linux servers. Finjan have released a pressrelease regarding this issue. One thing that it states is that the infecton constatly renames and changes itself to keep it from detection of anti-malware applications. It have been known for quite some time that the […]
Posted in Security Architecture on Jan 13th, 2008
In the last days an interesting story has been published in a swedish newspaper regarding a site that has been hacked and lost the whole account database. A lot of passwords and connected emailadresses was later posted in a forum and that was when the bad things started to happend. In a following article a […]
Posted in Security Architecture on Dec 30th, 2007
In a swedish newspaper a police has vented his thoughts regarding the easy way to commit identity fraud in sweden. The fraud was commited in a very simple way. A person had registered a mobile phone number in another persons name and then applied for SMS-loans that should be transfered to any bank account. The […]
Posted in Compliance, Security Architecture on Dec 16th, 2007
A customer asked me today how they should argument with their auditor to make them compliant even if they do not have firewalls. It is a very intriguing question due to the fact that firewalls are regarded as the only thing that actually hinders every system from beeing included as System Components. But where there […]
Posted in Compliance, Security Architecture on Dec 3rd, 2007
In the same article and point as in my previous entry risk management is mentioned. This is a very important function in any kind of security architecture. Without sound risk analysis you cannot produce any kind of security due to the fact that you do not know what the risks are. The directive in this […]