Following the Wh1t3 Rabbit - Practical Enterprise Security

Enterprise Security organizations often find themselves caught between the ever-changing needs of the agile business, and the ever-present, ever-evolving threats to that business. At the same time – all too often we security professionals get caught up in “shiny object syndrome” which leads us to spend poorly, allocate resources unwisely, and generally de-couple from the organization we’re chartered to defend. Knowing how to defend begins with knowing what you’ll be defending, why it is worth defending, and who you’ll be defending from… and therein lies the trick. This blog takes the issue of enterprise security head-on, challenging outdated thinking and bringing a pragmatic, business-aligned, beyond the tools perspective … so follow the Wh1t3 Rabbit and remember that tools alone don’t solve problems, strategic thinkers are the key.

Rafal (Principal, Strategic Security Services)

Analysis: Flash Player in a Chrome Sandbox

On December 1st, the Google Chrome development team announced they would support running Adobe Flash in the development releases of Chrome browser.  This is no doubt an interesting development in the continuing saga of Adobe Flash, but I like to think what it all means in the bigger picture of things.

Labels: HTML 5| plug-in| sandbox

Vulnerable "Out of the Box" ...the problem with plug-ins?

As I was digging through my cache of old whitepapers, industry reading material and other such things on a plane ride recently (and I do a lot of those these days), I stumbled upon the "Invisible Things - Quest to the Core" presentation.  If you've not seen or read it - it's scary research and proofs coming from some of my fellow Polish researchers!  Anyway ... slide 18 of 209 just caught me for a moment was a screen capture of a ZDNet article Ryan Naraine had written on September 2nd, 2009 titled "Snow Leopard ships with vulnerable Flash Player".  I just sort of sat there for a moment ...and contemplated.

Labels: 0day| plug-in
About the Author(s)
Follow Us
Twitter Stream

Community Announcements
HP Blog

Technical Support Services Blog

The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation