Latest Blog Posts

850c7a8a30fa40cf01a9db756b49155a

The Art of Cyber Warfare: Counterattack Fail

April 18, 2011 Added by:J. Oquendo

The sole purpose of Ensatus is deception and it drives the point of "fail" when it comes to counterattacking. If I were performing a sanctioned penetration test, I would be using decoys. In the event counterattacking were legal, you would be counterattacking an innocent victim...

Comments  (2)

67a9d83011f3fbb2cf8503aff453cc24

Information Security Risk Management Programs Part Two

April 18, 2011 Added by:kapil assudani

In many companies, the culture is to embrace security only where it is absolutely necessary, and this usually comes through corporate security policies and industry regulations. Beyond these, security groups hardly have any teeth - unless its a critical security issue...

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

Detailed FISMA Logging Guidance Continued

April 18, 2011 Added by:Anton Chuvakin

Configuring tools needs to happen after the policy is created. Goals first, infrastructure choices second. In case of privacy and other regulations on top of FISMA, the legal department should also have their say, however unpalatable it may be to the security team...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Sophos Shames Facebook over Lax Security

April 18, 2011 Added by:Headlines

"Every day, victims report to us numerous incidents of crime and fraud on Facebook. They have been personally affected and are desperate for advice on how to deal with the consequences. A frequent refrain from users who contact us is, ‘Why doesn’t Facebook do more to protect us?’..."

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Senators Introduce Cyber Security Public Awareness Act

April 18, 2011 Added by:Headlines

“The government keeps the damage we are sustaining from cyber attacks secret because it is classified. The private sector keeps the damage they are sustaining from cyber attacks secret so as not to look bad... The net result of that is that the American public gets left in the dark..."

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Adobe Issues Updates for Flash Zero Day Vulnerability

April 18, 2011 Added by:Headlines

Adobe has issued an update to counter the latest Flash player zero-day flaw which is similar to a vulnerability patched last month that was suspected of playing a critical role in the network breach of security vendor RSA, a division of EMC...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Obama Outlines Strategy for Trusted Identities in Cyberspace

April 18, 2011 Added by:Headlines

This is NOT a government-mandated, national ID program; in fact, it's not an identity 'program' at all. This is a call by the administration to the private sector to step up, take leadership of this effort and provide the innovation to implement a privacy-enhancing, trusted system...

Comments  (0)

37d5f81e2277051bc17116221040d51c

The Rise of Smartphones and Related Security Issues

April 18, 2011 Added by:Robert Siciliano

As more and higher speed networks are built, more consumers will gravitate toward the mobile web. Smartphone users are downloading billions of apps and spending millions via mobile payments. For the younger generation, smartphones are used for a majority of ecommerce transactions...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Iran May Sue Siemens over Stuxnet Virus

April 18, 2011 Added by:Headlines

"Iran's Foreign Ministry should probe into the political and legal aspects of the cyber attack while other Iranian bodies should pursue and complain to international circles... Siemens should explain why and how it provided the enemies with the codes for the SCADA software..."

Comments  (0)

314f19f082e69886c20e31c70fe6dceb

Epsilon: Be Wary of Phishing Attempts

April 18, 2011 Added by:Rod MacPherson

Another scam that they are running is a fake Epsilon breach news update site (copied from the actual press release site) that offers up a downloadable tool that they tell you to run to see if the hackers have your e-mail address. That tool is a Trojan...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Representative Introduces Consumer Privacy Protection Act

April 18, 2011 Added by:Headlines

The legislation will define limits and the fair use of information collected by online marketers and retailers, and set forth provisions for better notifying consumers of their right to opt out of data collection...

Comments  (0)

959779642e6e758563e80b5d83150a9f

Defining the Insider Threat

April 17, 2011 Added by:Danny Lieberman

Mitigating the insider threat requires defining whether or not there IS a threat, and if so, finding the right security countermeasures to mitigate the risk. One wonders whether or not RSA eats their own dog food, and had deployed a data loss prevention system. Apparently not...

Comments  (8)

F520f65cba281c31e29c857faa651872

Mobile Devices Continue to Attract Cyber-Scamsters

April 17, 2011 Added by:Rahul Neel Mani

While it’s only beginning to percolate, a trend is clearly emerging— cyber criminals are looking for new opportunities outside of the PC environment. They are investing more resources toward developing exploits that specifically target users of mobile devices...

Comments  (0)

4c1c5119b03285e3f64bd83a8f9dfeec

Forklifting Apps to the Cloud – Realistic or Not?

April 17, 2011 Added by:Ben Kepes

Aspects of this discussion are little more than cloud elites arguing finer points. There are some issues in the message used to justify the cloud to enterprises. We need to have a consistent story about what the cloud really means for an enterprise – something that is sadly lacking today...

Comments  (0)

B64e021126c832bb29ec9fa988155eaf

SSL Issues: From Man-in-the-Middle Attacks to Hackers

April 16, 2011 Added by:Dan Dieterle

There seems to be little verification before certificates are handed out. When you add in reports of hackers stealing or creating fake certificates and also hardware devices that perform SSL man-in-the-middle attacks, it sounds like SSL is really in need of an overhaul...

Comments  (0)

0dc5fdbc98f80f9aaf2b43b8bc795ea8

Introduction to Security Troubleshooting

April 15, 2011 Added by:Global Knowledge

In diagnosing connection and VPN problems, too often SSL or IPSec VPN client logs don’t provide enough information on why connections fail. Consequently, the receiver frequently provides the detail needed through selective debugging and logging...

Comments  (0)


« First < Previous | 290 - 291 - 292 - 293 - 294 | Next > Last »