In God We Trust, but Security Vendors Need to Sign the Papers

December 26th, 2011

If Anonymous, LulzSec et al. can pwn security vendors, who can protect us? Here’s help on how to rate security vendors on the sitting-duck scale.

In this two-part look at how to vet security vendors, my first article—In God We Trust, but Security Vendors Need to Sign the Papers—focuses on assessing a vendor. This is done at arm’s length by simple online research as well as by holding security vendors accountable for not living up to various agreed-upon levels of service, similar to what’s being done increasingly by the industries Veracode notes.

The second article, In God We Trust, but It’s Nice to Do a Physical Walk-Through on Security Vendors, features input from Infosec professionals on what to watch for if you can conduct an on-site visit to a security vendor.

Anonymous shifts anti-Zetas operation to safer channels

November 2nd, 2011

Following the murder of multiple bloggers and reports that the Mexican drug cartel has hired narcohackers to help track Anonymous members for violent retaliation, the hacktivists have put into play a process that will hopefully shield Anonymous identities. Check out the story on Naked Security.