Latest Blog Posts

01c4fd4b99c7e58b46a7156c08e722ea

The New CompTIA CASP Certification

July 01, 2011 Added by:Michael Gregg

The CompTIA Advanced Security Practitioner (CASP) is an advanced enterprise level cert for those with 10+ years IT experience and at least five years in security. While there are many entry-level certifications, CASP will be the enterprise-level advanced security certification...

Comments  (0)

7c5c876d1933023ac375eead04302e1a

What the CISSP Won't Teach You Part Deux

June 30, 2011 Added by:Boris Sverdlik

You should use a layered security model. Port Security should be enabled; IDS Response rules should trigger a port shutdown on multiple ARP responses past a certain threshold. Are you seeing yet how attackers think?? The CISSP will not teach you to think outside the box...

Comments  (0)

959779642e6e758563e80b5d83150a9f

Understanding Offensive Security

June 30, 2011 Added by:Danny Lieberman

“National security authorities may not even acknowledge that their interests align with a company that has suffered a cyber attack; therefore, companies must think about retaliation..."

Comments  (17)

59d9b46aa00c70238bb89056cfeb96c0

Compliance and the Failure to Escalate

June 30, 2011 Added by:Thomas Fox

Failure to escalate means issues are not reaching the right people in the company, and the issue becomes more difficult and more expensive. A company needs to have a culture in place to actively encourage elevation. This requires that both a structure and process for that structure must exist...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Anonymous Releases "Super Secret Security Handbook"

June 30, 2011 Added by:Headlines

"Always be cautious when tinkering with systems you don't fully understand, as this may lead to undesirable results, detection, and in extreme cases system failure or legal trouble... You the user are ultimately responsible for the security of your own systems...

Comments  (4)

7fef78c47060974e0b8392e305f0daf0

The Game of Whack-A-Mole: Was Al-Shamukh Hacked?

June 30, 2011 Added by:Infosec Island Admin

Who attacked Shamikh and why? There no evidence cited or even hinted at in the real world that MI6 or MI5 for that matter had anything to do with this. For all they know, it could have been The Jester or someone with like technology that DoS’d them and got them yanked offline by their host...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Hacker Attack Disrupts Al-Qaeda Communications

June 30, 2011 Added by:Headlines

“Al-Qaeda's online communications have been temporarily crippled... Hacking attacks by amateur cybervigilantes typically involve one technique, be it DDOS or SQLI. This particular event began as a basic domain hijacking, which does tend to happen every so often..."

Comments  (1)

16443e0c6f6e4a400fd0164b3c406170

When a "Phish" is Really Fishy

June 30, 2011 Added by:Christopher Burgess

Phishing is a way of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity. Recently, one slipped through my filters. I've taken the liberty to identify each item within this phish, which seems fishy...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Federal Reserve Spam Message Carries Zeus Payload

June 30, 2011 Added by:Headlines

"The attack appears [to] focus on users of online banking services, especially small businesses and corporations. The messages are not well done. They are badly written and don’t really attempt to hide the fact that the attached file has the double extension .pdf.exe..."

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

PCI SSC Nixes Certification for Mobile Payments Apps

June 30, 2011 Added by:PCI Guru

"Until such time that it has completed a comprehensive examination of the mobile communications device and payment application landscape, the Council will not approve mobile payment applications used by merchants to accept and process payment as validated PA-DSS applications..."

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Researchers Uncover 4.5 Million Device Super-Botnet

June 30, 2011 Added by:Headlines

“The development of TDSS will continue. Active reworkings of TDL-4 code, rootkits for 64-bit systems, the use of P2P technologies, proprietary anti-virus and much more make the TDSS malicious program one of the most technologically developed and most difficult to analyze..."

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

Important Security Tips for Jihobbyists At Majahden

June 29, 2011 Added by:Infosec Island Admin

Majahden have been learning about how psyops, hacking, disinformation, and being pwn3d works. With the new invigoration in the cyber-jihadi community since Osama Bin Laden's demise, they have taken up the gauntlet not only to hack, but to wage a cyber-propaganda campaign like never before...

Comments  (0)

E973b16363b3de77b360563237df7e32

Engaging a Team for a Security Analysis

June 29, 2011 Added by:Bozidar Spirovski

Being involved in a security project requires lot of resources: a good measure of knowledge, a huge measure of experience, some amount of software and personnel. Usually time is in short supply, so this is compensated by more computers or more people...

Comments  (1)

69dafe8b58066478aea48f3d0f384820

Congress to Use Skype Despite Security Concerns

June 29, 2011 Added by:Headlines

Members of Congress will now be allowed to use Skype video conferencing on government networks. The announcement comes on the heels of revelations that Microsoft had filed a application in 2009 seeking to patent technology that allows for surreptitious recording of Skype transmissions...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Federating Identity by Twitter - Am I Just Too Paranoid?

June 29, 2011 Added by:Rafal Los

When I go to see my stats I get this lovely looking pop-up box asking me to provide my Twitter credentials, and telling me all about what capabilities this app will have once is has access to my profile. Maybe I'm just entirely too paranoid - but what to you think... would you allow this?

Comments  (1)

Ba829a6cb97f554ffb0272cd3d6c18a7

Google is Your Friend - If You're a Lulzer

June 29, 2011 Added by:Kevin McAleavey

There are exploit GUI's readily available for PostgreSQL, MSSQL and Oracle as well as lesser and older databases. If it's there, and they can find it, and they can talk to it, and you're not properly filtering what can get to it, your site could very well be the next breaking news story...

Comments  (5)


« First < Previous | 290 - 291 - 292 - 293 - 294 | Next > Last »