Latest Blog Posts
Complimentary IT Security Resources [May 13, 2013]
May 13, 2013 Added by:InfosecIsland News
As an Infosec Island reader, we are pleased to offer you the following complimentary IT security resources for the week of May 13, 2013.
Comments (0)
Steps Toward Weaponizing the Android Platform
May 13, 2013 Added by:Kyle Young
In this article I will be covering ways that one can turn their Android based device into a powerful pocket sized penetration testing tool.
Comments (1)
Mobile Security Processes Could Be Applied to Medical Devices: Bluebox
May 10, 2013 Added by:Steve Ragan
Before malware could become a threat to medical devices, Adam Ely said attackers would have to write malware specifically targeted to these devices and organizations; or the devices would have to adopt a standard platforms and software.
Comments (1)
The Emperor Is Naked!
May 09, 2013 Added by:Krypt3ia
Last week a report came out on Wired about how the ACE (Army Corps of Engineers) database was hacked by China and "sensitive" dam data was taken.. By China, let that sink in for a bit as there was no real attribution data in the story
Comments (1)
Infographic: Keeping Web Applications Safe
May 09, 2013 Added by:Mike Lennon
Continuing the security industry trend of publishing infographics, the folks at Enterprise Strategy Group published an infographic that illustrates some of the challenges associated with web application security.
Comments (0)
Do You Have a Vendor Security Check List? You Should!
May 09, 2013 Added by:Michael Fornal
A security check list is a list of security controls that a vendor or application must meet. These controls can range from how storage back up is to be done, to password complexity requirements. Having a checklist can help you in deciding if the application or vendor conforms to your company’s security requirements.
Comments (0)
The Year of the Security Standard
May 09, 2013 Added by:Anthony M. Freed
Often in the security field we hear the question asked, “Who’s watching the watchers?” It occurred to me recently that one might make a similar rhetorical quip about other aspects of our field – in particular, the question of “Who’s standardizing the standards?”
Comments (0)
Three Reasons Why a One-Size-Fits-All Secure SDLC Solution Won’t Work
May 08, 2013 Added by:Rohit Sethi
Forcing a security process on development teams that doesn’t take into account the way they develop software is a recipe for disaster. A good goal to have for secure SDLC is to minimize the impact on the team’s existing software development practice.
Comments (0)
Bore Them With Death-by-Awareness: That’ll Teach em!
May 08, 2013 Added by:Lee Mangold
As security professionals, we have to understand that not everyone has a passion for security. In fact, most people don’t. Given that we know “they” don’t share our passion, and we know they are the most vulnerable attack vector, why do we continue to bore them with homogenous and irrelevant training?
Comments (0)
Seven “Sins” of Cyber Security
May 07, 2013 Added by:Rick Comeau
While some of the cyber attacks making news lately are the result of sophisticated methods, many are not: they often take advantage of a lack of basic security protections. Let’s take a look at seven “sins” that organizations and users are committing that are leaving them vulnerable.
Comments (0)
Resilience ‒ The way to Survive a Cyber Attack
May 07, 2013 Added by:Jarno Limnéll
In reality, a well-prepared cyber attack does not need to last for 15 minutes to succeed. After preparations it takes only seconds to conduct the attack which may hit targets next door as well as those on the other side of the world.
Comments (0)
Pentagon Ups Cyber Espionage Accusations Against China
May 07, 2013 Added by:InfosecIsland News
A new report from the Pentagon marked the most explicit statement yet from the United States that it believes China's cyber spying is focused on the US government, as well as American corporations.
Comments (0)
What Should I Know about Mobile Cybercrime?
May 06, 2013 Added by:Robert Siciliano
Mobile devices run on different operating systems and use different apps from PCs and Macs, which presents opportunities to create new device-specific attacks.
Comments (0)
What Security Risks Do Healthcare Organizations Face?
May 06, 2013 Added by:Michael Fornal
Today, hospitals and healthcare organizations face many risks that they didn’t have to deal with until few years ago. This ever growing list of risks includes social engineering, redundant applications, within a network and keeping patient files secure and confidential but yet available and escalation of privileges.
Comments (1)
SCADA and ICS Cyber Security - Facing the Facts
May 05, 2013 Added by:Eric Byres
In the past, the main reason for securing a SCADA/ICS network was to protect against inadvertent network incidents or attacks from insiders. The risk of an external malicious cyber-attack was considered minimal.
Comments (0)
Thoughts on THOTCon & Bsides Chicago
May 02, 2013 Added by:Scott Thomas
Well I've had a few days to recover from the awesomeness that is the Chicago Con Weekend including GrrCon and THOTCon.