Latest Blog Posts


The New CompTIA CASP Certification

July 01, 2011 Added by:Michael Gregg

The CompTIA Advanced Security Practitioner (CASP) is an advanced enterprise level cert for those with 10+ years IT experience and at least five years in security. While there are many entry-level certifications, CASP will be the enterprise-level advanced security certification...

Comments  (0)


What the CISSP Won't Teach You Part Deux

June 30, 2011 Added by:Boris Sverdlik

You should use a layered security model. Port Security should be enabled; IDS Response rules should trigger a port shutdown on multiple ARP responses past a certain threshold. Are you seeing yet how attackers think?? The CISSP will not teach you to think outside the box...

Comments  (0)


Understanding Offensive Security

June 30, 2011 Added by:Danny Lieberman

“National security authorities may not even acknowledge that their interests align with a company that has suffered a cyber attack; therefore, companies must think about retaliation..."

Comments  (17)


Compliance and the Failure to Escalate

June 30, 2011 Added by:Thomas Fox

Failure to escalate means issues are not reaching the right people in the company, and the issue becomes more difficult and more expensive. A company needs to have a culture in place to actively encourage elevation. This requires that both a structure and process for that structure must exist...

Comments  (0)


Anonymous Releases "Super Secret Security Handbook"

June 30, 2011 Added by:Headlines

"Always be cautious when tinkering with systems you don't fully understand, as this may lead to undesirable results, detection, and in extreme cases system failure or legal trouble... You the user are ultimately responsible for the security of your own systems...

Comments  (4)


The Game of Whack-A-Mole: Was Al-Shamukh Hacked?

June 30, 2011 Added by:Infosec Island Admin

Who attacked Shamikh and why? There no evidence cited or even hinted at in the real world that MI6 or MI5 for that matter had anything to do with this. For all they know, it could have been The Jester or someone with like technology that DoS’d them and got them yanked offline by their host...

Comments  (0)


Hacker Attack Disrupts Al-Qaeda Communications

June 30, 2011 Added by:Headlines

“Al-Qaeda's online communications have been temporarily crippled... Hacking attacks by amateur cybervigilantes typically involve one technique, be it DDOS or SQLI. This particular event began as a basic domain hijacking, which does tend to happen every so often..."

Comments  (1)


When a "Phish" is Really Fishy

June 30, 2011 Added by:Christopher Burgess

Phishing is a way of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity. Recently, one slipped through my filters. I've taken the liberty to identify each item within this phish, which seems fishy...

Comments  (0)


Federal Reserve Spam Message Carries Zeus Payload

June 30, 2011 Added by:Headlines

"The attack appears [to] focus on users of online banking services, especially small businesses and corporations. The messages are not well done. They are badly written and don’t really attempt to hide the fact that the attached file has the double extension .pdf.exe..."

Comments  (0)


PCI SSC Nixes Certification for Mobile Payments Apps

June 30, 2011 Added by:PCI Guru

"Until such time that it has completed a comprehensive examination of the mobile communications device and payment application landscape, the Council will not approve mobile payment applications used by merchants to accept and process payment as validated PA-DSS applications..."

Comments  (0)


Researchers Uncover 4.5 Million Device Super-Botnet

June 30, 2011 Added by:Headlines

“The development of TDSS will continue. Active reworkings of TDL-4 code, rootkits for 64-bit systems, the use of P2P technologies, proprietary anti-virus and much more make the TDSS malicious program one of the most technologically developed and most difficult to analyze..."

Comments  (0)


Important Security Tips for Jihobbyists At Majahden

June 29, 2011 Added by:Infosec Island Admin

Majahden have been learning about how psyops, hacking, disinformation, and being pwn3d works. With the new invigoration in the cyber-jihadi community since Osama Bin Laden's demise, they have taken up the gauntlet not only to hack, but to wage a cyber-propaganda campaign like never before...

Comments  (0)


Engaging a Team for a Security Analysis

June 29, 2011 Added by:Bozidar Spirovski

Being involved in a security project requires lot of resources: a good measure of knowledge, a huge measure of experience, some amount of software and personnel. Usually time is in short supply, so this is compensated by more computers or more people...

Comments  (1)


Congress to Use Skype Despite Security Concerns

June 29, 2011 Added by:Headlines

Members of Congress will now be allowed to use Skype video conferencing on government networks. The announcement comes on the heels of revelations that Microsoft had filed a application in 2009 seeking to patent technology that allows for surreptitious recording of Skype transmissions...

Comments  (0)


Federating Identity by Twitter - Am I Just Too Paranoid?

June 29, 2011 Added by:Rafal Los

When I go to see my stats I get this lovely looking pop-up box asking me to provide my Twitter credentials, and telling me all about what capabilities this app will have once is has access to my profile. Maybe I'm just entirely too paranoid - but what to you think... would you allow this?

Comments  (1)


Google is Your Friend - If You're a Lulzer

June 29, 2011 Added by:Kevin McAleavey

There are exploit GUI's readily available for PostgreSQL, MSSQL and Oracle as well as lesser and older databases. If it's there, and they can find it, and they can talk to it, and you're not properly filtering what can get to it, your site could very well be the next breaking news story...

Comments  (5)

« First < Previous | 290 - 291 - 292 - 293 - 294 | Next > Last »