Latest Blog Posts
April 18, 2011 Added by:Headlines
The legislation will define limits and the fair use of information collected by online marketers and retailers, and set forth provisions for better notifying consumers of their right to opt out of data collection...
April 17, 2011 Added by:Danny Lieberman
Mitigating the insider threat requires defining whether or not there IS a threat, and if so, finding the right security countermeasures to mitigate the risk. One wonders whether or not RSA eats their own dog food, and had deployed a data loss prevention system. Apparently not...
April 17, 2011 Added by:Rahul Neel Mani
While it’s only beginning to percolate, a trend is clearly emerging— cyber criminals are looking for new opportunities outside of the PC environment. They are investing more resources toward developing exploits that specifically target users of mobile devices...
April 17, 2011 Added by:Ben Kepes
Aspects of this discussion are little more than cloud elites arguing finer points. There are some issues in the message used to justify the cloud to enterprises. We need to have a consistent story about what the cloud really means for an enterprise – something that is sadly lacking today...
April 16, 2011 Added by:Dan Dieterle
There seems to be little verification before certificates are handed out. When you add in reports of hackers stealing or creating fake certificates and also hardware devices that perform SSL man-in-the-middle attacks, it sounds like SSL is really in need of an overhaul...
April 15, 2011 Added by:Global Knowledge
In diagnosing connection and VPN problems, too often SSL or IPSec VPN client logs don’t provide enough information on why connections fail. Consequently, the receiver frequently provides the detail needed through selective debugging and logging...
April 15, 2011 Added by:Robert Siciliano
Twitter’s numbers are astounding. In the physical world, when communities become larger and more densely populated, crime rises. The same applies to online communities. Spammers, scammers, and thieves are paying attention...
April 15, 2011 Added by:Rafal Los
Down-scaling an enterprise security challenge into a smaller fit is more of a challenge than you'd think, because it's just too easy to say 'outsource it all'... but how does that actually help an organization write more secure software? The answer is that it doesn't...
April 15, 2011 Added by:Headlines
Researchers at have identified a Zeus Trojan variant accompanied by a signed digital certificate. The presence of a signed certificate from a legitimate CA makes the task of identifying and defending against the malware more difficult for antivirus software and file scanners...
April 15, 2011 Added by:kapil assudani
In many organizations the CISO reports to the CTO – which usually results in a conflict of interest. The goals of IT groups are performance and speedy implementation, which usually takes precedence over security considerations. As a result, security takes a back seat..
April 15, 2011 Added by:Headlines
While some details seem to jibe with the information contained in the tens-of-thousands of leaked emails, the letter for the most part just comes off as a generic attempt to rewrite the record and further distance HBGary Inc. from the activities of Aaron Barr and HBGary Federal..
April 14, 2011 Added by:Anton Chuvakin
FISMA emphasizes the need for each Federal agency to develop, document, and implement an organization-wide program to secure the information systems that support its operations and assets. Here is what is likely needed for a successful FISMA-driven log management implementation...
April 14, 2011 Added by:Ron Lepofsky
Data leakage prevention technology tackles both data at rest residing within a network and specifically on disk storage and of course when data is in motion. Vendors of these technologies vary in what elements of the problem they wish to tackle. Some try to solve all possible problems...
April 14, 2011 Added by:Lindsay Walker
Every workplace has "super-users," people who can hack into systems and extract sensitive information. Having information stored offsite makes it challenging for anyone inside your organization to get their eyes on information they aren't permitted to see...
April 14, 2011 Added by:Headlines
According to Brenner, thousands of U.S. companies were targeted in the Aurora attacks, a great deal more than the 34 companies publicly identified. Brenner says the scale of the operation demonstrates China's "heavy-handed use of state espionage against economic targets..."
April 14, 2011 Added by:Marjorie Morgan
Economics are driving both industry and government to adopt increasingly sophisticated technologies which raise serious new security issues. It is simply dangerous to suggest that the problems can be managed with a set of government determined technical standards...