Latest Blog Posts
New California "Right to Know" Act Would Let Consumers Find Out Who Has Their Personal Data -- And Get a Copy of It
April 03, 2013 Added by:Electronic Frontier Foundation
A new proposal in California, supported by a diverse coalition including EFF and the ACLU of Northern California, is fighting to bring transparency and access to the seedy underbelly of digital data exchanges.
Comments (0)
ICS-CERT Alerts of Mitsubishi MX SCADA Vulnerability
April 03, 2013 Added by:Steve Ragan
ICS-CERT has issued a warning this week after vulnerability details concerning Mitsubishi’s MX Component started to gain attention online.
Comments (0)
MongoDB Remote Command Execution Vulnerability: Nightmare or Eye-Opener?
April 03, 2013 Added by:Rohit Sethi
The March 24th public disclosure of a MongoDB zero-day vulnerability (CVE-2013-1892) has been raising eyebrows and initiating discussion among IT security and developers alike. Here’s why we think it stands out...
Comments (0)
Deconstructing Defensible - Defensible is not the Same as Secure
April 02, 2013 Added by:Rafal Los
This post and the few that follow will go through the five basic ideas behind defensibility and why defensible is a state we should be striving for as enterprise security professionals.
Comments (0)
The Driving Forces in Cyberspace are Changing the Reality of Security
April 02, 2013 Added by:Jarno Limnéll
Every second the cyber domain expands and becomes more complex. This means that there is an incredible scope of possibilities and the means develop new things. The integration of the online world with the physical world brings a new dimension to human life. It is vital to understand that cyberspace should not be treated as a separate domain but as one that is entwined with the physical space.
Comments (0)
The Threat to Industrial Control Systems from Physical Persistent Design Features (PPDF)
April 01, 2013 Added by:Joe Weiss
Industrial control systems (ICSs) were designed for reliability and safety and to enable system operability and functionality. Many ICSs were originally designed before networking was commonplace. Consequently, cyber security was not a design consideration.
Comments (0)
Managing Risk and Information Security: Protect to Enable
April 01, 2013 Added by:Ben Rothke
In Managing Risk and Information Security: Protect to Enable, author Malcolm Harkins deals with the inherent tension of information security – that between limitations and enablement.
Comments (0)
China Women Dating
March 30, 2013 Added by:Joel Harding
Then, two weeks ago, an unusual event happened. First, since I have a Mac running some unusual browsers, I seldom get a pop-up screen. But one popped up. Imagine my surprise when the popup window was an ad for Chinese dating site called ChineseWomenDating.com
Comments (9)
Bit9 Releases 2013 Server Security Survey Report
March 30, 2013 Added by:Mike Lennon
Security vendor Bit9, best known for its application whitelisting solutions, recently released its second annual server security survey of nearly 1,000 IT and security professionals worldwide.
Comments (0)
Digital Natives, Digital Immigrants, Exo-Nationals and The Digital Lord of The Flies
March 29, 2013 Added by:Krypt3ia
There seems to be a disconnect within the psyche for kids where their actions are just not real because it happens online. Some of these kids that I tracked online due to recent events with the attacks on Brian Krebs that leads me to believe some of them may in fact be on the road to sociopathy.
Comments (1)
Brian Honan on Hacking Senior Management
March 28, 2013 Added by:Tripwire Inc
What are security professionals doing wrong that they can’t connect and communicate with their businesses’ senior management, asked Brian Honan, Principal of BH Consulting in our conversation at the 2013 RSA Conference in San Francisco.
Comments (4)
SSL Wars – Little New Hope
March 28, 2013 Added by:Gary McCully
I thought it was time to write an update regarding the current state of websites that are using SSL/TLS to protect their web applications. Sadly, the current state of SSL/TLS is pretty pathetic. As of March 19, 2013 the SSL Pulse Project reported that many of the most popular sites on the Internet are still struggling with correctly implementing SSL!
Comments (0)
Defending the Corporate Domain: Strategy and Tactics
March 27, 2013 Added by:Rafal Los
Strategy without accompanying tactics is a lost cause. Tactics without a solid footing in strategy is an expensive lost cause. The maturity of an organization's security team is directly proportional to their ability to have a foundational strategy and be able to implement tactical measures and feedback to adjust to changing conditions in order to defend adequately.
Comments (0)
New Malware Targets POS Systems and ATMs, Hits Major US Banks
March 27, 2013 Added by:Infosec Island
A new malware targeting point-of-sale (POS) systems and ATMs has stolen payment card information from several US banks, researchers say. The author behind the malware appears to have links to a Russian cyber-crime gang.
Comments (0)
The Five-Step Privilege Management Checklist for Financial Organizations
March 27, 2013 Added by:Paul Kenyon
Financial institutions sit at the top end of the scale for security and reputational risk, with their databases of customer information making them especially vulnerable to criminal interception and subject to regulatory obligations.
Comments (0)
SCADA and ICS Security Patching: The Good, the Bad and the Ugly
March 26, 2013 Added by:Eric Byres
Let's examine the good, the bad and the ugly details of patching as a means to secure SCADA and ICS systems. And to begin, let’s suppose patches could be installed without shutting down the process...