Preparing For and Mitigating DDoS Attacks

The Distributed Denial of Service (DDoS) attack against Spamhaus, an anti-spam group, has been dubbed the largest DDoS attack to date. According to The New York Times, the impact of the attack extends beyond Spamhaus, affecting other sites and services that rely on the same infrastructure (like Netflix).

But did you know about the DDoS attack on Wells Fargo? Key Bank? TD Bank? PNC? JPMC? Capital One? SendGrid? Free Malaysia Radio? Krebs on Security? All of these sites have recently been victims of DDoS attacks, a list that unfortunately continues to grow.

Simply put, a Denial of Service (DoS) attack overwhelms a system or application by throwing more data at the target than the target can [...]

Did Google Index Your Organization’s WiFi Password?

iPad and iPhone users are no strangers to .mobileconfig files. These are the files that contain customized iDevice configurations unique to your organization. Administrators can create these XML files with the iPhone Configuration Utility, and then send the files to users via email or a download link. When a user installs the .mobileconfig file on their device, the device settings (e.g., passcode, VPN, are automatically updated to match the predetermined configuration.

Pretty cool feature, but what happens when Google indexes .mobileconfig files that it discovers on Internet-facing websites?

The end result is that the wifi password that you thought you had hidden within that .mobileconfig file is now publicly available.

 

The field HIDDEN_NETWORK Password isn’t quite as hidden as it’s supposed to be. To see what .mobileconfig files have [...]

HHS unveils Final HIPAA (HITECH) Omnibus Rule

Last Thursday, HHS published its Final Rule, conclusively settling the conversation about its numerous interim and proposed rules developed in light of the American Recovery and Reinvestment Act of 2009. Our inbox received a  surge of alarming announcements by analysts and vendors telling us how the new rules would impact our way of doing business.  We propose a more measured, analytical approach to the implementation of the changes imposed by the Final Rule.  The Final Rule becomes effective on March 26, 2013.  Those covered by the Rule will have until September 21, 2013 to comply.

Final Omnibus Rule Comprised of Final Versions of Four Proposed or Interim Final Rules

The four rules that combine to create the omnibus final [...]

Disabling Java in Your Web Browser(s)

If you’ve been following the news surrounding the latest Java 0-Day vulnerability, then you’re aware that it is already being exploited. You may also be aware that US-CERT has made an official recommendation that everyone disable Java in their web browsers until this vulnerability has been fixed.

The simplest way to disable Java in all your web browsers at once is as follows:

1. 1.  Open the Java Control Panel
   
   
   
   • In Windows (7), go to Start > Control Panel
   
   
   • In Mac OS X (10.7.3 and above), go to System Preerences > Control Panel
   
   
   
   


2. 2.  Change View by: to Large icons, and then click [...]
   Read More

Jacadis … Bigger. Faster. Stronger.

Change seems constant in information technology and information security.

Eleven years ago we started Jacadis to focus on two key services.  We hardened servers for companies investing in web technologies and we assessed the security of our client’s internet connections against the best practices of the time.

As technology and security challenges change we’ve had to constantly reengineer ourselves.

Moving forward into our second decade, Jacadis is an information risk management solution provider with expanded services and a broadened catalog of safeguards and controls.

Threats to your data never go away. Neither should your security partner.

And we have built a services menu to ensure that is true.

We can help you Assess and Measure your security programs, Build and Deploy secure infrastructure, Manage and Defend critical assets or help you Respond and Recover [...]

Overwatch: Staying on Top of Your Vulnerabilities

If you’re an information security professional, you know that managing your vulnerabilities in your environment isn’t a sprint. It’s a marathon.

New vulnerabilities are discovered each day, and it isn’t enough for us to turn on Windows Updates and hope for the best. Attackers aren’t just looking at OS vulnerabilities. They’re also looking at the software you have on your desktop, that nifty app on your mobile phone, and the scripts you have running on your website.

It’s easy to get behind in your vulnerability management efforts. So how do you get the most out of the vulnerability management system sitting in your datacenter?

Jacadis has the answer: Overwatch.

Overwatch is a service that Jacadis provides to all of our customers who have purchased the QualysGuard Vulnerability Management system. We provide ongoing analysis of your vulnerabilities, and then deliver a concise monthly report summarizes the following:

• The top ten vulnerabilities in [...]
  Read More