Since March 1997
Information Security Research and Solutions
20 years of IT and 15 years of Information security
Current focus: Pioneering complex InfoSec research in Security Management and related domains. We do not follow mainstream which essentially serves IT and InfoSec industries giants' interests. Commerce is the engine but should not be the security focus. Our research was, is and will be independent. Contracting us will give you non-biased opinion of leading InfoSec experts

Samsung tablet computer SM-T580 16GB overheates when its lithium-ion battery gets short circuit via flash LED with potential ignition and/or blow up. Samsung is relactant to recognize such vulnerability but it is public safety matter ...
Malicious Hypervisor (aka Root-Kit Hypervisor) loaded via IPMI/BMC can access every bit of your information or kill your computer instantly. It has been discovered in Intel motherboards BMC BIOS around 2008 ...
Can we trust IT vendors manufacturing motherboards with proprietary system management software code, which they NEVER provided for public review? How can we be sure that it does not contain a malicious hypervisor and a back door?
Defense starts with detection. We developed software which is capable of Malicious Hypervisor detection
Nobody's immune to virtualization vulnerability, vendors' firmware and software flaws and hypervisor attacks! In particular - government, financial, technology, power infrastructure, human rights, freedom activists, etc. That is not Big Brother but small software piece which can access any information in your computer! Find it utilizing our HyperCatcher freeware!
MH denies any compliance to any data protection regulations - DSS, US HIPAA, ISO 27000, US NIST SP-800, EU GDPR

Our Non-For-Profit Services (see details):
Detection of Malicious Hypervisor (MH) or Root-Kit Attacks
Information Security Research
Review, Assessment, Independent Opinion
Policies, Compliance, Security Programs

Research, Articles, Presentations Your Questions and Our Answers Contact Us

Cyber Security "Area 51"

Investors and Helpers are welcome!

Unbiased security - As It Is - the answer is on the right:

Every year we see news that budgets for information security country wide will increase for billions of dollars (that is after all your money...) ... but hackers are still more successful than the nation's government and businesses.

From one of our clients asking to comment: "I got four credit cards replaced during 2016; Bank of America letter contained fraudulent transactions using virtual card, which I never used and had no idea about such feature until saw the bank letter".
Our comment: Hackers got into your account at bank of America (that was not explained in the letter) basically knowing your user name and password, and security question(s) if such had been used. Then they were able to create virtual credit card in your account and use it. The question is whether it was only one or millions accounts compromised in such way.

The most common question today is WHY?

So, we asked ourselves more than ten years ago "Why very simple security task had not been finished 60 days?"
Simply, because the security had been managed by IT, which used IT methods and style ... See details in our old article "General misconceptions about information security lead to insecure world"

Here is what we think about major InfoSec problems:

  • InfoSec industry main focus is money not security. The profit is great but mainstream does not invest in new methods, and "security research" now means bug hunting not the research of how to improve nation's security. Quality of product suffers due to shorter development time and savings on cheap H1B labor.
  • Insecure information technologies having "technology vulnerability": so named "cloud services", x86 platform virtualization (i.e. 99% of our servers), out-of-band IPMI-based system management, IPv6, etc.
  • Utilization of IT management methods in InfoSec including the lack of independent line of security management
  • The lack of security in US small businesses; both security related products and consulting cannot be afforded.
  • Security legislative disaster caused by lobbing industry interests - there is no universal security law, and nothing like ISO 27000 is mandatory to use across the US; NIST is mandatory for federal government only
  • The lack of enforcement of security regulations; typical examples are HIPAA and Massachusetts 201CMR17.00 (other states more likely as well). Even where we could improve, we do not do that ...
  • And more ... You can add to the list!

Here we are - the wide spread status of ignorance when federal government does not control anything, even its own area of interest.

Please, review our articles and presentations where we provide details supporting our statements above.

Our consultants have broad experience in private and government sectors, including projects requiring US Government clearance. Most of our consultants are certified security professionals and possess various certifications, including CISSP from (ISC)2 etc.

Thank you for visiting our site!
If you have any comments, questions or concerns, please email to:
Our Gmail account
copy (CC) lead consultant, CISSP
Not a blog yet, but we will put your questions and our answers on Your Questions and Our Answers page

Copyright © Rubos, Inc. 2017