DotSec – Dot com Security

DotSec is a professional information security organisation. Since the late 20th century, DotSec has provided professional information security services to a wide range of customers including those in the financial, legal, transport, on-line payments, retail, property-management and on-line services sectors, as well as to all tiers of government. 

DotSec provides information security services in three main areas: Security testing and assessment, development and integration of secure systems, and managed security services.

DotSec maintains a number of certifications. In particular, DotSec is a GITC (number Q-2554) and QAssure (number 11818) accredited company in Queensland, Australia. DotSec is also Payments Card Industry (PCI) Qualified Security Assessor (QSA) company and is therefore certified by the PCI Standards Security Council as being qualified to assist organisations to achieve PCI compliance.

Once more unto the breach!

And so it came to pass that another giant compromise took place… again… The strange case of the OPM The Office of Personnel Management is a US government body that is responsible for a range of workforce-management roles. Of particular interest at this time is the fact that OPM is responsible for conducting background investigations

Read More…

Cheap and easy! 2FA with Active Directory

Dotsec has recently implemented a two factor authentication (2FA) system using Yubikey with Active Directory (AD). The implementation allowed AD to natively understand HOTP token values generated by Yubikey without replacing native Windows login screens and domain controllers for authentication. The advantage of this implementation? It’s secure of course, but it’s also very cost-effective and

Read More…

Laughing too hard… can’t breath!!! :-)

We’ve all seen this kind of password-on-sticky badness, under keyboards, inside diaries, or even inside the lids of the laptops that the passwords are intended to protect. But this is taking it to the next level! Really, the screen cap is priceless! Apparently investigators are trying to figure out how yet another large-scale breach took

Read More…

Cirrus Mail Gateway
CirrusMail-Report- Small

One of the most effective ways that attackers manage to infiltrate internal networks is by way of email: Send crafted email to prospective victim. Victim opens email and clicks on a link within the email. Link redirects victim to site hosting malware which is then silently downloaded. Compromise the victims desktop and extend the attack

Read More…