Latest Blog Posts


Webapp Scanner Review: Acunetix Versus Netsparker

April 11, 2011 Added by:Mark Baldwin

Review: Two companies have developed commercial webapp scanners that rival the features, the speed, the usability and the accuracy of any commercial tool on the market. And they do it at a price point that just about any small business or independent consultant can afford...

Comments  (5)


What the Epsilon Data Breach Means To You

April 11, 2011 Added by:Alexander Rothacker

Organizations rely on third party providers for numerous responsibilities and often treat them as an extension of their organization. Allowing third party access to ANY information should REQUIRE that they provide the most stringent security measures...

Comments  (0)


She Blinded Me With Infosec...

April 11, 2011 Added by:Infosec Island Admin

One must admit that no matter how many times an assessment is carried out and things are found/exploited there are ALWAYS more vulnerabilities being introduced. You will never get them all and the client, if they understand this, will become inured to it...

Comments  (0)


Digital Certificates Only Provide the Illusion of Security

April 11, 2011 Added by:Headlines

“Right now, it's just an illusion of security. Depending on what you think your threat is, you can trust it on varying levels, but fundamentally, it has some pretty serious problems..."

Comments  (0)


mCrime Takes A Leap Into Profitability For Criminals

April 11, 2011 Added by:Robert Siciliano

As smartphones continue replacing landlines and billions of new applications are downloaded, mobile crime, or mCrime, will inevitably increase. McAfee’s threat report for the fourth quarter of 2010 reveals steady growth of threats to mobile platforms...

Comments  (0)


Completed Tax Forms Inadvertently Posted Online

April 11, 2011 Added by:Headlines

In the majority of the instances where Chapman found sensitive documents that were indexed and searchable, the owners of the information did not realize that by placing the information on family and/or business websites, they were making the information publicly accessible...

Comments  (0)


IETF Provides Guidance on IPv6 End-Site Addressing

April 11, 2011 Added by:Stefan Fouant

Practical conservation may never be needed given the trillions of addresses available in IPv6, but maybe in the very distant future it could very well be due to some of these recommendations being put in place today. After all, 640K did turn out to be a rather small number didn't it?

Comments  (0)


Hyundai Capital Suffers Unprecedented Data Loss Event

April 11, 2011 Added by:Headlines

Estimations indicated that the names, email addresses and telephone numbers of at least 420 thousand clients have been compromised, and that the login credentials, financial information, and credit scores for as many as thirteen thousand accounts may also have been exposed...

Comments  (0)


Advanced Persistent Threats - Blame It On REO

April 10, 2011 Added by:J. Oquendo

We can never stop an attacker from trying to compromise us, it is out of our control. This does not mean that we cannot stop connections from leaving that machine. After all, controlling what leaves a machine will always be more important than what is coming INTO a machine...

Comments  (0)


Epsilon’s Email Breach Should Impact Future SLAs

April 10, 2011 Added by:Allan Pratt, MBA

What were the service level agreements, and did they outline precautions that Epsilon would take to prevent such incursions? If none of this information was included in the SLAs, perhaps, it’s time for data-driven companies to include their information security strategies in SLAs...

Comments  (1)


Guidance on Internal Controls, Ethics, and Compliance

April 10, 2011 Added by:Thomas Fox

A benchmark of the elements of an effective compliance program is the OECD's Good Practice Guidance on Internal Controls, Ethics, and Compliance. This article lists 12 specific instructions for companies to utilize as a basis to construct an effective compliance program upon...

Comments  (0)


Incident Response: Practice Makes Perfect

April 09, 2011 Added by:Brent Huston

Perhaps you will be lucky and never experience a bad information security incident. But if you do, you will be very glad indeed if you have a well practiced information security incident response program in place...

Comments  (0)


Spear-Phishing Season Is Declared Open

April 08, 2011 Added by:PCI Guru

Post-Epsilon breach, it seems every merchant under the sun is notifying their customers of the expected onslaught of electronic mail messages asking for bank account and credit card numbers among other PII. As a result, a lot of credit card numbers will likely get exposed. Be prepared...

Comments  (0)


A Potential Silver Lining in a Government Shutdown

April 08, 2011 Added by:Wayde York

Threats that exploit our systems and target specific information work in the background in a "low and slow" method, and finding them in the din of normal network traffic is difficult. If the shutdown does occur, the layers of noise that protects these threats will be pulled back...

Comments  (0)


Twenty Percent of Online Fraud is “Friendly”

April 08, 2011 Added by:Robert Siciliano

Friendly fraud accounted for twenty percent of fraud affecting merchants. Friendly fraud is when a consumer purchases an item online, receives it, but claims they did not, then requests a refund or chargeback from the merchant or delivery of a duplicate item...

Comments  (0)


Epsilon Breach Deals Another Blow to Cloud Security

April 08, 2011 Added by:Headlines

“Any company that is privileged to manage the information that a company maintains about its customers should be paying attention... Customers will surely start to wonder if they can’t trust these firms with their email addresses..."

Comments  (0)

« First < Previous | 290 - 291 - 292 - 293 - 294 | Next > Last »