The Gaming Industry is moving at lightening speeds to get mobile content to their players to enhance player in-house experiences, integrate with loyalty programs, and provide new betting opportunities. Whether the applications reside on in-house devices or are downloaded by players to their personal devices, securing these applications is critical. Read Full Article

Not long ago, the cost of doing business seemed to be something most companies had a handle on. Sales, Marketing, Finance, Production, Human Resources, Information Technology (IT), and Legal departments were the building blocks of most successful ventures. As the “Information Age” matures, the cost of doing business is increasing in ways we might not have imagined 5 or 10 years ago. Today it is common to see most companies’ IT departments containing a Security subset. Depending on industry or maturity level, some organizations have even gone a step further and added an Incident Management sub-subset. This latest evolution is the predictable result of a trend as old as civilization itself, ‘the bad guys go where the money is!’ Why walk into a bank to rob it when you can steal it from the comfort of your home computer? The same concept holds true for any other item of value that has been digitized. Read Full Article

I ran into a situation recently where I needed an SSL interception proxy. I was testing a thick client that spoke with a server (not HTTP) over SSL. I couldn’t find anything on the Internet about a female-to-male (relay) non-HTTP SSL proxy. The situations where an SSL interception/relay proxy would be useful are fairly slim, but so are things that I can’t find anything about on the Internet, so here you go. Read Full Article

Sometimes it’s easy to lose the overall security picture when trying to get the latest gaming systems, protocols and networking standards incorporated into your environment. While your company may be primarily focused on getting GSA S2S, G2S and BOB systems integrated, don’t forget to keep the overall system security management in mind as well. Read Full Article

During service discovery, I occasionally run into hosts that will report every single port as open. Obviously this is because something in front or on the target host is replying with SYN, ACKs for every SYN sent (in the case of a typical SYN scan).

This behavior, from my observations, is indicative of a firewall. The only firewall I have ever personally configured that replicates this behavior is netfliter/iptables with the xtables-addons, specifically the TARPIT target. The TARPIT target does more than just make every port appear to be open, but for this write-up that’s all we are concerned about. Read Full Article

While performing security assessments for clients, I occasionally encounter circumstances where I’d like a little more flexibility while using Metasploit. Not to mention, I’m always looking for ways to do cool things with Python. The focus of this post is to lay the groundwork for how you can get Metasploit’s MSGPACK Remote Procedure Call (RPC) interface and the Python programming language to play nicely together while at the same time demonstrating how it could be used in practice. Read Full Article

Whether the need for a Security Information and Event Management (SIEM) is based on requirements for centralized repository and reporting or compliance-driven, clear steps and a strategy can help identify a solution best fit for an organization’s needs.

Read Full Article

I have worked in Identity Management for more than 12 years, constantly monitoring (and at times influencing) its evolution. My employer, FishNet Security, recently acquired my former company, Logic Trends. This acquisition has caused a massive inventory and maintenance of my identities. It has also caused some serious reflection on the number, quality, frequency of use and criticalness of those identities.

Read Full Article

Last month, I wrote about applying a strategic view of security as you move your gaming environment toward GSA/Open G2S standards. While these standards do specify networking standards and some security protocols, particularly for G2S, they don’t really discuss best practices in security in the overall gaming environment. Gaming operators should approach security of their systems and network within a larger view, or framework, of security best practices. Read Full Article

As the gaming industry moves further toward open-source Gaming Standards Association (GSA) standards for lowering costs and risks while increasing interoperability and marketing opportunities, it’s important to not just focus on point solutions to meet the standards for operations, but to identify opportunities to strategically increase security and interoperability. Read Full Article