Latest Blog Posts
July 12, 2011 Added by:Danny Lieberman
Vendors that use Windows for less critical devices are actually increasing the threat surface for a hospital since any Windows host can be a carrier of malware, regardless of it’s primary mission function, be it user-friend UI at a nursing station or intensive care monitor at the bedside...
July 12, 2011 Added by:Infosec Island Admin
Infosec Island will be conducting a series of video interviews with companies and vendors at the Black Hat USA 2011 conference in Las Vegas, NV. The interviews offer the opportunity for companies to highlight their knowledge of emerging trends in the information security field...
July 11, 2011 Added by:Robb Reck
The difference between security and internal audit is slight, but significant. We are both looking to address risk, but security is considered a part of the business, and audit must be an impartial third party. By working together both teams can become better at what they do...
July 11, 2011 Added by:Jamie Adams
Few people understand how audit records are generated or the difference between a kernel level audit trail and an application event log. It is critical to configure auditing and logging mechanisms to capture the right data to safeguard the data to prevent it from being modified...
July 11, 2011 Added by:Brian McGinley
Data breaches are an everyday occurrence affecting millions of Americans each year. Just ask crafters who shop at Michael’s Stores, Sony PlayStation Network gamers, and investors at Morgan Stanley. They’re all vulnerable to identity theft because their information (PII) was exposed...
July 11, 2011 Added by:Headlines
"They brag about their multi-million dollar partnership with the FBI, Army, Navy, NASA, and the DoJ, selling out their "skills" to the US empire. So we laid nuclear waste to their systems... dropping their databases and private emails, and defaced their professional looking website..."
July 11, 2011 Added by:Kevin McAleavey
The entire industry has been entirely sublimated by people who have no real idea of what the mission is and only count beans. And it shows in the quality of work performed by the numerous products across the board to the detriment of those paying them for a task that they're no longer up to...
July 11, 2011 Added by:Headlines
"Ordering the defendant to enter an encryption password puts her in the situation the Fifth Amendment was designed to prevent: having to choose between incriminating herself, lying under oath, or risking contempt of court..."
July 10, 2011 Added by:Chris Blask
The reality is that there is no way to guarantee that all of the critical systems underpinning modern culture will be safe from cyber attack. There will be more successful and spectacular demonstrations of the fragility of these amazing architectures. There is no need to add drama to the issue...
July 10, 2011 Added by:Ben Rothke
It is the common opinion of industry experts that Evans and his company have little real knowledge beyond pedestrian hacking techniques found in plagiarized books and beginner hacking texts. LIGATT offers products that are simply bloated version of common tools such as ping and nmap...
July 10, 2011 Added by:Rebecca Herold
“Covered entities need to realize that HIPAA privacy protections are real and OCR vigorously enforces those protections. Entities will be held accountable for employees who access protected health information to satisfy their own personal curiosity..."
July 10, 2011 Added by:Robert Siciliano
McAfee’s most unwanted criminals include pickpockets, Trojans, and ATM skimmers, dumpster divers, spies, and wireless hackers and now phishers, shoulder surfers, and keyloggers. The key is awareness, vigilance, and investing in products and services that are designed to protect you...
July 09, 2011 Added by:Danny Lieberman
PCI DSS 2.0 does not require outbound, real time or any other kind of data loss monitoring. The phrases “real time” and “data loss” don’t appear in the standard. In an informal conversation with a PCI DSS official in the region, he confessed to not even being familiar with DLP...
July 09, 2011 Added by:Pete Herzog
The points made in this article reflect the research findings outlined in the OSSTMM 3: operational security controls, security and trust metrics, and the Moebius Defense security model where environmental protection precedes security awareness. You can find OSSTMM research at the ISECOM website...
July 08, 2011 Added by:Dan Dieterle
This process works on a fully patched and updated Windows 7 system. When I checked it last year, it also worked on all of Windows server products. Windows protects these system files from being modified when Windows is booted, but booting in Linux to alter them just takes a couple minutes at most...
July 08, 2011 Added by:Headlines
A new ad-hoc group of hacktivists calling itself "Connexion Hack Team" has published a list of email addresses associated with the US government including account information from the military, the Department of Homeland Security, the National Security Agency, and several state agencies...