Latest Blog Posts


Native Auditing In Modern Relational Database Management

August 03, 2011 Added by:Alexander Rothacker

Modern databases provide powerful built-in auditing capabilities that are often underestimated. There are downsides of native auditing like the ability for a malicious user to manipulate the audit trail. Overall, this feature allows customers to monitor database activity at a very granular level...

Comments  (3)


Software Security for the Cloud - Same Pig, Shiny Lipstick

August 03, 2011 Added by:Rafal Los

The bottom line here is this - migrating to a cloud architecture doesn't magically make your applications secure... although for many SMBs this is a better option than trying to tackle this problem alone. Let's talk this through...

Comments  (0)


Four Questions to Start the Security Discussion

August 03, 2011 Added by:Brian McGinley

Intelligent businesses walk the security journey every day. Discussion prompts action, and I’ve found over my years in corporate management and data security that these four simple questions can often get the ball rolling...

Comments  (0)


Rolling Out the Cloud In Australasia

August 03, 2011 Added by:Ben Kepes

It’s a direct allusion to Government's and corporate’s concerns around location of data – taking advantage of a short term point of difference makes sense for a small provider like that has only a limited window of opportunity to grow before larger and better funded competitors come to market...

Comments  (0)


Interview Lineup for Black Hat in Las Vegas

August 02, 2011 Added by:Anthony M. Freed

While this is a working trip with little leisure time, I do get to enjoy a fabulous view from my hotel room here at Caesars Palace, compliments of the Black Hat event organizers and the wonderful folks over at Qualys - one of the event's premier sponsors. The video interview lineup is as follows...

Comments  (0)


On Broken SIEM Deployments

August 02, 2011 Added by:Anton Chuvakin

In this post, I want to address one common #FAIL scenario: a SIEM that is failing because it was deployed with a goal of real-time security monitoring, all the while the company was nowhere near ready (not mature enough) to have any monitoring process and operations criteria for it...

Comments  (0)


The Benefits of Multifactor Authentication

August 02, 2011 Added by:Robert Siciliano

Specifically the FFIEC states: “Since virtually every authentication technique can be compromised, financial institutions should not rely solely on any single control for authorizing high risk transactions, but rather institute a system of layered security, as described herein...."

Comments  (0)


The Board of Directors and Compliance

August 02, 2011 Added by:Thomas Fox

While generally the role of a Board should be to keep really bad things from happening to a Company, once really bad things have occurred the Board needs to take charge and lead the effort to rectify the situation or perhaps even save the company...

Comments  (0)


Informal Cloud Buyers - A Growing IT Problem

August 02, 2011 Added by:Bill Gerneglia

Without central control of purchases, there is no homogeneous IT solution provider across the organization. This leads to inconsistent service, lack of collective purchasing discounts available at higher user volumes, and lack of standard IT policies, making for an IT management nightmare...

Comments  (0)


Mobile Payment Application PA-DSS Cert Clarification

August 02, 2011 Added by:PCI Guru

The PCI SSC has stated in this latest clarification that Category 1 and 2 applications and devices can continue through the certification process. These mobile applications have been explicitly called out even though they have been part of the certification process in the past...

Comments  (0)


How to Be A Private Sector Cyber Mercenary

August 01, 2011 Added by:Kevin McAleavey

Gen. Michael Hayden, former NSA and CIA Director under President Bush, suggested Friday that mercenaries could be the solution to the growing number of digital break-ins. So what happens if we give the "go order" on these only to find out that they bombed a kindergarten with an infected machine?

Comments  (3)


Juniper SRX Tips: Uniform Security Policy Modification

August 01, 2011 Added by:Stefan Fouant

With a couple of lines of code we can alter all of the existing policies on our device without having to resort to manual configuration of each and every one. This type of functionality is perfect when we want to have a singular set of configuration elements apply to all of our policies uniformly...

Comments  (0)


Log Management at Zero Cost and One Hour per Week?

August 01, 2011 Added by:Anton Chuvakin

CAN one REALLY do a decent job with log management (including log review) if their budget is $0 AND their time budget is 1 hour/week? I got asked that when I was teaching my SANS SEC434 class a few months ago and the idea stuck in my head. The only plausible way that I came up with is...

Comments  (3)


Microsoft Database Tracks Laptops and Smart Phones

August 01, 2011 Added by:Headlines

The data collected includes device MAC addresses and corresponding street addresses, which could be used to identify individual users in what amounts to clandestine tracking of customer movements. In fact, staff at Cnet were able to retrieve very specific device tracking information...

Comments  (0)


On PLC Controllers and Obvious Statements

August 01, 2011 Added by:Infosec Island Admin

Post Stuxnet, this paper and the presentation to follow at DEFCON this year seems more like a call for attention and perhaps a marketing scheme than anything revelatory befitting a talk at DEFCON. Having read the paper, it leaves me nonplussed as to why this s being presented at all...

Comments  (1)


Homemade Spy Drone Cracks WiFi and GSM Networks

August 01, 2011 Added by:Headlines

"WASP is equipped with the tools to crack Wi-Fi network passwords made possible by an on-board VIA EPIA Pico-ITX PC running BackTrack Linux equipped with 32GB of storage to record information. WASP can also act as a GSM network antenna meaning it will be able to eavesdrop on calls/text messages..."

Comments  (6)

« First < Previous | 290 - 291 - 292 - 293 - 294 | Next > Last »