Latest News
- Warnings made of vulnerability in the 3Com Intelligent Management Centre that could result in lack of consumer control
- Why have Adobe hacks become more popular lately? Are there any special measures I should take to protect against them?
- Why is restricting access to cardholder data the biggest challenge of PCI DSS compliance?
- PCI compliance may be bitter pill to swallow, but it's for merchants' own good
- PCI DSS regulations should not be written off as being unsuitable, as an understanding of the terms and options are often ignored
Click here to see more news.
Vulnerabilities
Click here to see more of ProCheckUp's published vulnerabilities.
Case Study
Stolen Laptop
A large independent clearing house were reviewing the security of their laptops and considering various security and encryption options. Due to an on-going relationship ProCheckUp had a few conversations to discuss their options. As there were various options we both decided a Stolen Laptop Test would be of interest, the brief was simple, what can be done if one of our laptops was stolen or got into the "wrong hands".
The laptop was from a senior employee so the stakes were high, all the security consultants wanted to try different methods, whilst most failed ProCheckUp were able to:
- Access the BIOS of the laptop which meant it was theoretically possible to boot the laptop from another device such as a USB drive, this was an easy fix for the clearing house and their security policy now enforces a BIOS password.
- We also discovered that the laptop allowed a malicious user to access the local drive which contained sensitive files and hashes, it was possible to disable critical applications such as anti-virus's and firewalls. We knew there were plans to implement encryption so this vulnerability was confirmed the requirement. Encryption is now installed on all company laptops as standard.
Contact Us to discuss your specific laptop testing needs.