Latest Blog Posts


The Web Application Security "White Elephants"

March 20, 2011 Added by:Rafal Los

We were both talking about things that aren't necessarily new to the security or app-dev community, but aren't being actively addressed. It hit me that there were two big white elephants in the room, and we happened to be talking about them in an open forum.. Finally...

Comments  (0)


Privacy Enforcement: FTC Settles with Twitter and Chitika

March 20, 2011 Added by:David Navetta

Companies are well advised to take proactive approach to compliance with privacy and information security laws, regulations, guidelines and best practices. The FTC expects businesses to collect, use, disclose and process personal information in a fair and transparent way...

Comments  (0)


Webinar: Can Cloud Computing Enhance HIPAA Compliance?

March 20, 2011 Added by:Jack Anderson

Free Webinar: Rebecca Herold, recently voted the #3 Best Privacy Advisor in the world, and Jack Anderson, CEO of Compliance Helper, will discuss a new use of cloud computing, or Software as a Service (SaaS) to enhance compliance and improve security and privacy...

Comments  (3)


The Ever Present Credit Card Scam

March 19, 2011 Added by:Robert Siciliano

Flaws in the system used to issue credit facilitate new account fraud, since creditors often neglect to fully vet credit applicants with technology as essential as device reputation. Account takeover requires nothing more than access to credit card numbers...

Comments  (1)


Four Fold Increase in eMail-Based Malware

March 19, 2011 Added by:Simon Heron

This increased activity is probably caused by botnet herders attempting to increase the size of their botnets, and this will probably be followed by a corresponding increase in spam levels. It might be that the recent decline in Spam may be reversed...

Comments  (0)


Anonymous vs. Anonymous: Enough Hubris To Go Around

March 19, 2011 Added by:Infosec Island Admin

"A hacker startup calling itself Backtrace Security–made up of individuals who formerly counted themselves as part of Anonymous’ loose digital collective–announced plans Friday to publish identifying information on a handful of active members of Anonymous..."

Comments  (0)


Desktop Virtualization is Becoming Mainstream

March 18, 2011 Added by:Rahul Neel Mani

Research shows that more than $250 billion worth of energy per year is spent on powering computers around the world. As organizations search for practical and immediate ways to save money and reduce the IT impact on global climate change, they are increasingly turning to virtual PCs...

Comments  (0)


Foreign Business Representatives: Some Red Flags

March 18, 2011 Added by:Thomas Fox

Businesses look to the value obtained in the use of a foreign business representative. This simple economic analysis is not sufficient in the FCPA context. There should be a separate analysis on whether the foreign business representative has the substantive skills to perform the services requested...

Comments  (0)


RSA Fail - Security Lessons Unlearned

March 18, 2011 Added by:J. Oquendo

Security pros have to wonder about the security state as a whole when the founders of "two factor" key fobs take a hit. One would believe that in the event someone compromised a machine inside of RSA, their own security - two factor key fobs - would have prevented escalation between other machines...

Comments  (4)


Privacy International Warns of Skype Security Concerns

March 18, 2011 Added by:Headlines

"If the company cannot address and resolve these issues for those who are seeking secure communications, then vulnerable users will continue to be exposed to avoidable risks. Skype's misleading security assurances continue to expose users around the world to unnecessary and dangerous risk..."

Comments  (0)


Why Do Companies Hide From Privacy Regulations?

March 18, 2011 Added by:Andrew Weidenhamer

If you don’t know what processes take PII, you don't know what type of PII you are taking. If you don’t know what PII you are taking, then you don’t know what regulations to adhere to. If you do not know what regulations you need to adhere to, then you will not know what controls are required...

Comments  (0)


Microsoft Instrumental in the Rustock Botnet Take Down

March 18, 2011 Added by:Headlines

Microsoft provided documentation that detailed the botnet's extensive structure in a federal court filing. Acting on the information, federal marshals raided several internet hosting providers across the U.S. and seized servers suspected of being used as command and control units...

Comments  (0)


Beware of Erasure Problems on SSD Drives

March 18, 2011 Added by:Brent Huston

The traditional methods of magnetic cleansing (degaussing), and even file over-write tools that have been in use now for decades in many organizations, have little to no effect on removing sensitive data on these solid state drives...

Comments  (0)


EMC's Security Division Hacked

March 18, 2011 Added by:Headlines

"Our investigation has led us to believe that the attack is in the category of an APT... and revealed that the attack resulted in certain information being extracted from RSA's systems. Some of that information is specifically related to RSA's SecurID two-factor authentication products..."

Comments  (0)


Seven Steps for Implementing Policies and Procedures

March 17, 2011 Added by:Dejan Kosutic

Have you ever been given the task to write a security policy or a procedure, but you don't want your document to end up gathering dust in some forgotten drawer? Here are some thoughts that might help you...

Comments  (0)


Compromises, Budgets and Nonsense

March 17, 2011 Added by:Rafal Los

There is no amount you can spend right now that can make anything better. Software Security Assurance programs, even bare-bones application security testing-only efforts take months to surgically insert into an organization. Generally, money isn't the only part of the equation that's missing...

Comments  (0)

« First < Previous | 290 - 291 - 292 - 293 - 294 | Next > Last »