tag:blog.ncircle.com,2011:/blogs/the-lens/4 2011-06-28T02:46:30Z Movable Type 3.38 tag:blog.ncircle.com,2011:/blogs/the-lens//4.612 2011-06-28T02:34:04Z 2011-06-28T02:46:30Z Tim Erlin http://blog.ncircle.com/the-lens One of the metrics collected and shared in the Vulnerability Management Benchmark is Average Days Since Last Scan, otherwise known as scan frequency. It's available for free as part of the Basic package. This metric was a fairly surprising one... tag:blog.ncircle.com,2011:/blogs/the-lens//4.600 2011-06-07T18:50:00Z 2011-06-07T18:55:00Z Tim Erlin http://blog.ncircle.com/the-lens Until now, the information security community has relied on rumors, conversations and sparse breach reports to develop some kind of consensus on what vulnerability management metrics should look like. The metrics themselves haven't been hard to come by, but how... tag:blog.ncircle.com,2011:/blogs/the-lens//4.599 2011-05-26T21:27:21Z 2011-05-26T19:37:39Z Tim Erlin http://blog.ncircle.com/the-lens We're thrilled to announce that Configuration Compliance Manager version 5.10 is available now. While there are a whole bunch of useful features in this release, the integration with Cyber-Ark's Application Identity Manager, part of their Privileged Identity Management Suite, is... tag:blog.ncircle.com,2009:/blogs/the-lens//4.564 2009-12-09T16:11:15Z 2009-12-09T17:03:34Z Tim Erlin http://blog.ncircle.com/the-lens ABC news reports today that the TSA screening manual was accidentally posted online with formerly redacted information included. "This is an appalling and astounding breach of security that terrorists could easily exploit," said Clark Kent Ervin, the former inspector general... tag:blog.ncircle.com,2009:/blogs/the-lens//4.554 2009-07-27T14:13:46Z 2009-07-27T14:15:43Z Tim Erlin http://blog.ncircle.com/the-lens WhitehatWorld organized this vulnerability management thought leaders panel discussion. I was lucky enough to participate as a panelist. You can listen to the recording here.... tag:blog.ncircle.com,2009:/blogs/the-lens//4.538 2009-04-23T14:37:24Z 2009-04-23T14:42:35Z Tim Erlin http://blog.ncircle.com/the-lens ... superheros by night, or trade show at least. These guys were close enough to our booth that I managed a snapshot. I'm sure I wasn't the only one, given how proficient they were at striking this pose. I wonder... tag:blog.ncircle.com,2009:/blogs/the-lens//4.536 2009-04-22T03:34:31Z 2009-04-22T03:56:55Z Tim Erlin http://blog.ncircle.com/the-lens (This post is a taste of my presentation at the nCircle booth at RSA. Come by and see it if this is interesting). Web application risk is a hot topic these days, but there's something missing from the discussion. Vendors... tag:blog.ncircle.com,2009:/blogs/the-lens//4.533 2009-04-21T14:15:14Z 2009-04-21T14:30:40Z Tim Erlin http://blog.ncircle.com/the-lens I'm lucky enough to get to San Francisco more than once a year, but for many folks the RSA conference is an annual trek. There are probably a few missing out this year because of restricted travel budgets as... tag:blog.ncircle.com,2009:/blogs/the-lens//4.524 2009-03-13T15:54:18Z 2009-03-13T16:02:57Z Tim Erlin http://blog.ncircle.com/the-lens Did you donate to Norm Coleman? Well, your credit card and donor information has been floating around the dark side of the internet. Wikileaks has published evidence of the data breach. The Minneapolis Star-Tribune has a piece on how... tag:blog.ncircle.com,2009:/blogs/the-lens//4.521 2009-03-09T00:53:22Z 2009-03-09T01:59:21Z Tim Erlin http://blog.ncircle.com/the-lens California pioneered laws around data breach disclosure with SB-1386, requiring that companies inform consumers when their data has been compromised. Now, state senator Joe Simitian wants to update the law with SB-20. The primary change is greater specificity around... tag:blog.ncircle.com,2009:/blogs/the-lens//4.520 2009-03-04T00:25:26Z 2009-03-04T01:05:13Z Tim Erlin http://blog.ncircle.com/the-lens You have to love a study run by a vendor where the results clearly demonstrate a problem that very vendor solves. What a pleasant surprise! Sarcasm aside, Damballa concluded that anti-virus misses a whole bunch of malware. We've seen this... tag:blog.ncircle.com,2009:/blogs/the-lens//4.518 2009-02-27T21:11:32Z 2009-02-27T21:19:29Z Tim Erlin http://blog.ncircle.com/the-lens More Than 500,000 Websites Hit By New Form Of SQL Injection In '08 It's new because it's automated and run from botnets. I'm not sure that really counts as a "new form of SQL injection," but I won't quibble. This... tag:blog.ncircle.com,2009:/blogs/the-lens//4.517 2009-02-26T15:04:55Z 2009-02-26T15:10:21Z Tim Erlin http://blog.ncircle.com/the-lens There's a short interview I did on PCI compliance over at Practical eCommerce. It's about fees that merchant account providers are charging their merchants. Although not part of the interview, these fees are clearly part of the distributive nature of... tag:blog.ncircle.com,2008:/blogs/the-lens//4.479 2008-06-10T20:13:31Z 2008-06-10T20:59:49Z Tim Erlin http://blog.ncircle.com/the-lens There's nothing quite as effective for illustrating a point than a top n list. Here are the top 4 reasons that the new iPhone is less secure than the previous version. 4. The Price How could the price make the... tag:blog.ncircle.com,2008:/blogs/the-lens//4.478 2008-05-28T17:24:25Z 2008-05-28T17:43:12Z Tim Erlin http://blog.ncircle.com/the-lens First, the article. Second, the salient quote so that you don't really have to read said article: "If you are getting any benefit from Microsoft's software, you need to have a license, whether that benefit is for physical machines or...