Latest Blog Posts

6648b1abd4a9b964566c3690613f20a6

Webapp Scanner Review: Acunetix Versus Netsparker

April 11, 2011 Added by:Mark Baldwin

Review: Two companies have developed commercial webapp scanners that rival the features, the speed, the usability and the accuracy of any commercial tool on the market. And they do it at a price point that just about any small business or independent consultant can afford...

Comments  (5)

B451da363bb08b9a81ceadbadb5133ef

What the Epsilon Data Breach Means To You

April 11, 2011 Added by:Alexander Rothacker

Organizations rely on third party providers for numerous responsibilities and often treat them as an extension of their organization. Allowing third party access to ANY information should REQUIRE that they provide the most stringent security measures...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

She Blinded Me With Infosec...

April 11, 2011 Added by:Infosec Island Admin

One must admit that no matter how many times an assessment is carried out and things are found/exploited there are ALWAYS more vulnerabilities being introduced. You will never get them all and the client, if they understand this, will become inured to it...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Digital Certificates Only Provide the Illusion of Security

April 11, 2011 Added by:Headlines

“Right now, it's just an illusion of security. Depending on what you think your threat is, you can trust it on varying levels, but fundamentally, it has some pretty serious problems..."

Comments  (0)

37d5f81e2277051bc17116221040d51c

mCrime Takes A Leap Into Profitability For Criminals

April 11, 2011 Added by:Robert Siciliano

As smartphones continue replacing landlines and billions of new applications are downloaded, mobile crime, or mCrime, will inevitably increase. McAfee’s threat report for the fourth quarter of 2010 reveals steady growth of threats to mobile platforms...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Completed Tax Forms Inadvertently Posted Online

April 11, 2011 Added by:Headlines

In the majority of the instances where Chapman found sensitive documents that were indexed and searchable, the owners of the information did not realize that by placing the information on family and/or business websites, they were making the information publicly accessible...

Comments  (0)

A08e32d2f9a8b78894d964ec7fd4172e

IETF Provides Guidance on IPv6 End-Site Addressing

April 11, 2011 Added by:Stefan Fouant

Practical conservation may never be needed given the trillions of addresses available in IPv6, but maybe in the very distant future it could very well be due to some of these recommendations being put in place today. After all, 640K did turn out to be a rather small number didn't it?

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Hyundai Capital Suffers Unprecedented Data Loss Event

April 11, 2011 Added by:Headlines

Estimations indicated that the names, email addresses and telephone numbers of at least 420 thousand clients have been compromised, and that the login credentials, financial information, and credit scores for as many as thirteen thousand accounts may also have been exposed...

Comments  (0)

850c7a8a30fa40cf01a9db756b49155a

Advanced Persistent Threats - Blame It On REO

April 10, 2011 Added by:J. Oquendo

We can never stop an attacker from trying to compromise us, it is out of our control. This does not mean that we cannot stop connections from leaving that machine. After all, controlling what leaves a machine will always be more important than what is coming INTO a machine...

Comments  (0)

5e402abc3fedaf8927900f014ccc031f

Epsilon’s Email Breach Should Impact Future SLAs

April 10, 2011 Added by:Allan Pratt, MBA

What were the service level agreements, and did they outline precautions that Epsilon would take to prevent such incursions? If none of this information was included in the SLAs, perhaps, it’s time for data-driven companies to include their information security strategies in SLAs...

Comments  (1)

59d9b46aa00c70238bb89056cfeb96c0

Guidance on Internal Controls, Ethics, and Compliance

April 10, 2011 Added by:Thomas Fox

A benchmark of the elements of an effective compliance program is the OECD's Good Practice Guidance on Internal Controls, Ethics, and Compliance. This article lists 12 specific instructions for companies to utilize as a basis to construct an effective compliance program upon...

Comments  (0)

E313765e3bec84b2852c1c758f7244b6

Incident Response: Practice Makes Perfect

April 09, 2011 Added by:Brent Huston

Perhaps you will be lucky and never experience a bad information security incident. But if you do, you will be very glad indeed if you have a well practiced information security incident response program in place...

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

Spear-Phishing Season Is Declared Open

April 08, 2011 Added by:PCI Guru

Post-Epsilon breach, it seems every merchant under the sun is notifying their customers of the expected onslaught of electronic mail messages asking for bank account and credit card numbers among other PII. As a result, a lot of credit card numbers will likely get exposed. Be prepared...

Comments  (0)

00fd6160b9db2d91e663a578d87cbaf3

A Potential Silver Lining in a Government Shutdown

April 08, 2011 Added by:Wayde York

Threats that exploit our systems and target specific information work in the background in a "low and slow" method, and finding them in the din of normal network traffic is difficult. If the shutdown does occur, the layers of noise that protects these threats will be pulled back...

Comments  (0)

37d5f81e2277051bc17116221040d51c

Twenty Percent of Online Fraud is “Friendly”

April 08, 2011 Added by:Robert Siciliano

Friendly fraud accounted for twenty percent of fraud affecting merchants. Friendly fraud is when a consumer purchases an item online, receives it, but claims they did not, then requests a refund or chargeback from the merchant or delivery of a duplicate item...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Epsilon Breach Deals Another Blow to Cloud Security

April 08, 2011 Added by:Headlines

“Any company that is privileged to manage the information that a company maintains about its customers should be paying attention... Customers will surely start to wonder if they can’t trust these firms with their email addresses..."

Comments  (0)


« First < Previous | 290 - 291 - 292 - 293 - 294 | Next > Last »