Latest Blog Posts
CIOs: Where Information Technology Meets Management
January 14, 2011 Added by:Rahul Neel Mani
As his responsibilities changed, from long-time CIO at HP to Royal Dutch Shell’s first CIO-from-outside to an EVP with Juniper, Mike Rose found the best way to get the job done is not to preach technology or business. He saw his role as helping people find that middle ground...
Comments (1)
Complete PCI DSS Log Review Procedures Part 9
January 14, 2011 Added by:Anton Chuvakin
The first method considers log types not observed before and can be done manually as well as with tools. Despite its simplicity, it is extremely effective with many types of logs: simply noticing that a new log message type is produced is typically very insightful for security, compliance and operations...
Comments (0)
SyferLock Unveils Superior Two Factor Authentication
January 14, 2011 Added by:Paul Sitar
With the addition of the superior “soft token” solution, SyferLock truly covers the entire authentication spectrum, as well as a myriad of diverse and evolving use cases and business requirements challenging the security and account access of organizations and their users...
Comments (0)
Congressman Wants WikiLeaks on Treasury Blacklist
January 14, 2011 Added by:Headlines
Blacklisting by the Treasury Department is equivalent to marking an individual or group on par with terrorist organizations, and would bar U.S. citizens and companies from doing business or providing any material support whatsoever for the rogue whistleblower organization...
Comments (0)
Medical Server Hacked by Call of Duty Gamers
January 14, 2011 Added by:Headlines
A network server at Seacoast Radiology was illegally accessed by hackers intent on using it to host "Call of Duty: Black Ops" gaming sessions. The server provides storage for records for over 230,000 individuals...
Comments (0)
Left the Back Door Unlocked?
January 14, 2011 Added by:Ben Keeley
Your organization may defend against malware, may defend against password brute forcing, and possibly even be able to detect a port scan but do they defend against something as ‘good-natured’ as someone browsing the domain for open shares from a well placed sensitive server?
Comments (0)
Infosec Island January 2011 Newsletter
January 14, 2011 Added by:Infosec Island Admin
Infosec Island offers unprecedented networking, educational and business development opportunities. The high quality content from our members has spurred a rapid increase in website traffic, with the Island currently averaging over 60k unique visitors and more than 100k pageviews per month...
Comments (2)
Seven Steps to Improve Small Business Data Security
January 14, 2011 Added by:Danny Lieberman
Many consultants tell businesses that they must perform a detailed business process analysis and build data flow diagrams of data and business processes. This is an expensive task to execute and extremely difficult to maintain that can require large quantity of billable hours...
Comments (2)
Charges Pending Against Google in WiFi Sniffing Case
January 14, 2011 Added by:Headlines
"While we have repeatedly acknowledged that the collection of payload data was a mistake, we are disappointed with this announcement as we believe Google Inc. and its employee did nothing illegal in Korea," Google Korea spokesman Ross LaJeunesses said...
Comments (0)
Welcome to the Post Zeus-Stuxnet World
January 14, 2011 Added by:Brent Huston
While we were all focused on the economy last year, the entire information security threatscape suddenly changed, under the watchful eyes of our security teams. To me, the overall effectiveness, capability and tenacity of both Zeus and Stuxnet is an Oppenheimer moment in information security...
Comments (0)
Researcher Links anonops.ru IRC with Cyber Criminals
January 14, 2011 Added by:Headlines
"Whenever a big event occurs around the world cybercrime jumps at the chance to exploit it. And this appears to be the case with WikiLeaks and Anonymous. What an opportunity for criminals to take advantage of a volunteer army eager to take part in a struggle"...
Comments (0)
Security Threats: Face the Danger
January 13, 2011 Added by:Roman Zeltser
Many professionals have revised the entire approach to security. The common denominator for all opinions is the fact that our commonly accepted approach to IT security is not working anymore due to the new and highly sophisticated penetration tools that were developed recently...
Comments (0)
PCI Lessons We Can Learn From the WikiLeaks Debacle
January 13, 2011 Added by:PCI Guru
Requirement 7 of the PCI DSS is all about access to cardholder data and verifying that those users continue to require access. The user management situation with the Net-Centric Diplomacy database is why requirement 7 was put into the PCI DSS...
Comments (4)
Universities Hammered by Data Breaches
January 13, 2011 Added by:Headlines
The breadth and volume of personal data collected by universities, coupled with high turnover and a financially un-savvy population, makes the problem of data loss at these institutions nearly epidemic in nature...
Comments (0)
Is Truly Anonymous Web Browsing Even Possible?
January 13, 2011 Added by:Rafal Los
On one end of the argument you must concede that in order to have an acceptable user experience you must be tracked to some acceptable extent, while the other end of the argument would say that we don't want web sites, vendors and nation-states/organizations tracking us and our browsing habits...
Comments (3)
Information Security Resolutions for 2011
January 13, 2011 Added by:Robb Reck
Security does not exist in a vacuum. We are employed for the express purpose of helping our organization meet its objectives. If we accept that as true, shouldn't we also accept that in order to do our jobs properly we need to understand the company's objective?