April 11, 2007
ISM-Community NYC Chapter Board Established
The NYC ISM-Community is proud to announce that we will be serving the tri-state area initially and not just NYC. This chapter we will be open to scheduling meetings in New Jersey, NYC, and CT if the attendance validates the need. In the opening stages of this chapter our first major task is to establish a chapter board with the overall responsibility of operating the chapter. Therefore, as the chair of the NYC ISM-Community chapter I am proud to announce our newest addition as a board member Rohyt Belani. Rohyt is a well know security professional in the tri-state area and brings a great deal of experience to the leadership of this chapter.
Welcome aboard Rohyt!
In the next few weeks we should be announcing additional board members and provide the schedule for the kick off meeting.
March 6, 2007
Enemy 1 & 2: Passwords and Patches
I could not help reading the Security 2.0 posts by Mark Curphey and I especially liked the Business Activity Monitoring discussion. However, I see 2 major enemies that cause us pain every day and put organizations at great risk. In my mind neither of these has been addressed properly.
Enemy #1: Many internal penetration tests obtain the admin or root access by guessing passwords.
Enemy #2: What do I say? Unpatched systems are an initial point of entry for many attacks both internally and externally. Tools like Metasploit make it even easier.
Of course I’m not throwing out statistics, but I see first hand the results weekly. One can only hope that the Security 2.0 solution addresses the problems with passwords and patches.
