by John Poch | Dec 27, 2021 | News, Strategy, Uncategorized, Web
Cybersecurity can be an endless game of cat and mouse, and attackers are constantly looking for ways into your organization. While major Internet and software providers, including the open source community, are constantly improving security technology, a notable area...
by Editor | Nov 10, 2021 | CarveFacts, News, Strategy
Ask any cyber-security professional if using self-signed SSL certificates is acceptable, and they’ll probably say “not really.” Ask why, and we’ll say “we can’t always know who’s behind the screen,” even though we really want to say...
by Jeff Ake | Oct 25, 2021 | CarveFacts, News, Strategy, Techniques
During scoping for penetration tests, customers often say that they want us to perform the engagement exactly as a bad actor would, with no collaboration from the customer’s IT or security teams and no access to inside information. This is known as a black box...
by Editor | Sep 28, 2021 | CarveFacts, News, Strategy, Web
Keeping track of your company’s public IP space is always a good idea. This means maintaining a centralized up-to-date list of: All static IP blocks allocated to you (by an ISP)All VPS instances operated by you in the cloud This makes your life easier by:...
by Jeff Ake | Sep 21, 2021 | CarveFacts, IOT, Strategy
Author: Carve Systems If your user base is primarily IoT devices and your organization doesn’t want to manage passwords for each device, then it seems like a series of unguessable passwords such as “d3v1ce [serial-number]” is the only solution. While that technically...
by Mike Zusman | May 20, 2021 | Featured, News, Strategy, Techniques
There are many different types of security assessment methodologies identified by cute color associations. Here are simple descriptions of the most popular to help you choose which approach is right for you. Your opinion on these descriptions may differ from mine, and...