A collection of articles and posts pulled from some of our favorite bloggers across the Internet.
Do you have an IT/Infosec Security blog that we can display here? Suggest a Link, otherwise Contact Us about getting blogging rights here on the Island!
Latest From the Web
From the Web
Afraid of the Cloud..? You just need to ask the right questions…
February 12, 2010 from: Greg George
I’ve been receiving more and more inquiries from my social media circles and from clients regarding various security risks associated with using Software as a Service (SaaS): the Cloud, so I thought I’d share a few thoughts on the current status of things.
Comments (1)
From the Web
Customer Sues Bank After Phishing Attack
February 11, 2010 from: Office of Inadequate Security
A Michigan-based metal supply company is suing Comerica Bank, claiming that the bank exposed its customers to phishing attacks.
Comments (3)
From the Web
Phishing With Google Wave
February 10, 2010 from: Rsnake's blog at ha.ckers.org
...a good article on how to phish Google Wave users using malicious gadgets. This is precisely what Tom Stracener and I were talking about in our presentation at DefCon and Blackhat a few years back - except this is for Wave instead of iGoogle. Either way the point is the same - when you let other people control content that is embedded in your site, you are at the mercy of whatever they chose to ...
Comments (0)
From the Web
Fixing security holes without introducing new bugs
February 10, 2010 from: Mozilla Security Blog
When fixing any bug, there is a risk of introducing new bugs, which we call regressions. Regressions caused by security fixes can be especially problematic because shipping a buggy security update can erode user trust for future updates.
Comments (0)
From the Web
China Shut Down Biggest Hacker Training Site
February 09, 2010 from: Saumil's Infosec Blog
What is believed to be the country's biggest hacker training site has been shut down by police in Central China's Hubei province. Three people were also arrested, local media reported yesterday. The three, who ran Black Hawk Safety Net, are suspected of offering others online attacking programs and software, a crime recently added to the Criminal Law. A total of 1.7 million yuan ($249,000) in asse...
Comments (2)
From the Web
Today’s threat: computer network terrorism
February 08, 2010 from: Saumil's Infosec Blog
“Carry out all my demands or the entire country’s electricity will be cut off.” Is this another line from a suspense film, or is it a palpable threat made possible with a computer keyboard? “Today, there is a growing trend amongst hackers around the world to threaten national infrastructures for ransom,” says Dr. Yaniv Levyatan, an expert in information war at the Uni...
Comments (1)
From the Web
Defending Against Advanced Persistent Threats
February 08, 2010 from: AEON Security Blog
Google and other major companies and the report is both interesting and questionable. I have no reservations about the levels of expertise coming out of Mandiant or their findings; I do however, have reservations about the explanations and interpretation of what was summarized in the Wired article.
Comments (0)
From the Web
Heartland Payment Systems and Visa Inc. Announce Acceptance Rate of Over 97 Percent for Data Security Breach Settlement Agreement
February 05, 2010 from: Office of Inadequate Security
Financial institutions representing more than 97 percent of eligible Visa-branded credit and debit cards have accepted the Alternative Recovery Offers they received pursuant to the settlement entered into by Visa Inc. (NYSE:V), Heartland Payment Systems® (NYSE: HPY) and Heartland’s sponsoring acquirers last month. This level of acceptance fulfills the 80 percent opt-in condition that was...
Comments (0)
From the Web
The Web won’t be safe, let alone secure, unless we break it
February 03, 2010 from: Jeremiah Grossman's Blog
There are several security issues affecting all major Web browsers that have remained unaddressed for years (probably because the bad guys haven’t leveraged them aggressively enough, but the potential is there). The problem is that the only known ways to fix these issues (adequately) is to “break the Web” -- i.e. negatively impact the usability of a significant and unacceptable p...
Comments (1)
From the Web
Accuracy and Time Costs of Web Application Security Scanner Report
February 03, 2010 from: Rsnake's blog at ha.ckers.org
Larry Suto is back with another report outlining the differences between some of the top web application scanners on the market....he took a different approach this time, and instead of running the scanners against something he had devised up to be used only in his own lab, he turned all the scanners on each other’s public test sites.
Comments (1)
From the Web
HIPAA complaints decreased significantly in 2009
February 01, 2010 from: Office of Inadequate Security
Dennis Melamed provides monthly HIPAA complaint statistics based reports by the HHS Office for Civil Rights (OCR). It seems that not only did breach reports in general decline in 2009 relative to 2008, but privacy and security complaints to HHS also declined.
Comments (1)
From the Web
New Data Breach Report: Malicious Attacks Doubled in 2009
January 25, 2010 from: Office of Inadequate Security
The number of malicious or criminal attack-related breaches was 24 percent — double the 12 percent of the 2009 study. “They are the most costly, and the types of attacks we found included botnet attacks and data-stealing malware,” Ponemon says. “There is more to worry about because I see this as a growing category. This number of criminal attacks will continue to increase i...
Comments (0)
From the Web
Forget Blaming Microsoft or Google – Blame Yourself
January 22, 2010 from: AEON Security Blog
People from all walks of life including influential decision makers are quickly firing off ye ole “Blame Microsoft” rants this week after another debacle involving Google and China. The debacle involved so-called State Sponsored (from China) “hacktivities” to compromise Gmail accounts. The attacks were – as we’re told – targeted towards Internet Explorer v...
Comments (2)
From the Web
Heartland lawsuit plaintiffs go after acquiring banks’ deep pockets
January 21, 2010 from: Office of Inadequate Security
The $60 million settlement offer announced by Visa and Heartland Payment Systems seems in jeopardy of falling apart as lawyers for some of the banks file a new lawsuit against Heartland’s acquiring banks and urge rejection of the settlement offer.
Comments (1)
From the Web
Proposed VISA/Heartland Data Breach Settlement May Pay Banks and Credit Unions Pennies on the Dollar – plaintiffs
January 20, 2010 from: Office of Inadequate Security
Banks and credit unions that issued VISA payment cards compromised by the Heartland Payment Systems data breach, the largest data breach in history, should carefully review the proposed settlement between Heartland and VISA.
Comments (0)
From the Web
Taken to the Cleaners
January 20, 2010 from: Office of Inadequate Security
Earlier this month, CSO reported on a worldwide recall on several hardware-encrypted USB sticks from multiple vendors because they contain a flaw which could allow hackers to easily gain access to the sensitive information contained on the device. With the quality of security questionable in many USB drives, it would stand to reason that losing any stick carrying sensitive information now carries ...
Comments (0)
- Five Things Your InfoSec Team Should Do in the Next 30 Days
- The Disclosure Debate Continues….. (part 1,453, 769) to be Continued
- The Danger of Mixing Cyber Espionage with Cyber Warfare
- Improving Security by Failing Faster
- BYOD: Should It Be the Wave of the Future?
- Trend Micro Discovers "SafeNet" - a New Targeted Espionage Operation Online
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)