Network Access Control
Trojans for the Bundestag – German PD acquired Finfisher
January 29, 2013 Added by:Don Eijndhoven
German political platform NetzPolitik.org has now uncovered secret documents belonging to the Ministry of Finance, that the Ministry of the Interior sent to the Bundestag (the political seat of Germany) that reveals the German Federal Police’s intention to use Gamma Group’s Finfisher spyware...
Comments (0)
Common Sense Cybersecurity
January 13, 2013 Added by:Larry Karisny
We start with one big problem. Internet architecture was never made for security. One of my earliest articles quoted the father of the Internet Vint Cerf by saying, "One of things incumbent on all of us is to introduce strong authentication into the fabric of the smart grid. We did not do that with the Internet."
Comments (0)
Defending Your Digital Domain Redux: Take 2
November 21, 2012 Added by:Rafal Los
I'll start with I'm not an expert on 'cyber warfare' or a lawyer offering legal advice, in fact I'd simply rather not touch that whole angle at all. I'm much more comfortable addressing this issue as it came up today from a more sensible perspective. What follows in this post is an editorial opinion...
Comments (0)
Unconventional Defense - Taming a wild environment with CCRM
November 15, 2012 Added by:Rafal Los
Configuration, Change and Release Management is crucial to being an effective information security organization in an enterprise large, or small. If you don't have a handle on the rate of change in your enterprise, you have absolutely no hope of effectively securing anything...
Comments (0)
Why Least Privilege Management is Essential to the new NIST Risk Assessment Guidelines
November 13, 2012 Added by:Paul Kenyon
NIST guidelines that were updated last mont, make multiple references to privileged users and/or administrators, who are deemed both major threat sources and enablers of risky events. When it comes to these standards, taking a least privilege approach to security is a major step towards protecting organizations...
Comments (1)
BYOD savings may be lost by security and admin costs
November 12, 2012 Added by:Rainer Enders
Companies need to mobilize, that is without question -- but for too long BYOD has become nearly synonymous with this effort. In reality, BYOD is just one of the ways enterprises can mobilize, and in many cases, it is not the most secure, or necessarily the most cost-efficient way to do so...
Comments (0)
Six Sneaky Ways to Bring Down Your Company
November 08, 2012 Added by:Pete Herzog
This article will give you some ideas on how you can quickly put yourself out of a job using the Internet. If you're careful and a little lucky, you won't end up in jail either! At the very least, this article shows how doing things that are good for an office may not necessarily be good for the security of your company...
Comments (0)
On Password Hell
November 06, 2012 Added by:Joel Harding
I had one sysadmin a few years ago who demanded we all use 64 character passwords and every other character had to switch type. It was something like ^y?M3aI`B[a/ and so on... It took two minutes to type it in and I had to carry a paper with the password written on it. I was so glad when he left...
Comments (1)
Does it Make Sense to Keep Changing Your Passwords?
October 31, 2012 Added by:Rafal Los
I'm running a small experiment on myself in which I've set up an account on a public, high-traffic web-based system out there that has a ton of my personal information. I've not changed my password in almost 6 months, but I still feel relatively good and certain that I am the only one who has access to my stuff...
Comments (0)
Why doesn't your VPN work on the road?
October 29, 2012 Added by:Rainer Enders
With the ubiquity of mobile devices, staying securely connected to work - in theory - should require nothing more than an internet connection, and seemingly everywhere you travel, whether that be in hotels, airports, or conference trade shows, offer such connections. But the reality is more complicate...
Comments (0)
Is it really so simple to crack your password?
October 29, 2012 Added by:Pierluigi Paganini
The numerous attacks and data breaches occurred during the last 12 months demonstrate that despite attention to security, the principal causes of the incidents are leak of authentication processes, absence of input validation on principal applications, and of course the human factor...
Comments (0)
The Undervalued Security Benefits of IPsec
October 26, 2012 Added by:Rainer Enders
For too long, IPsec struggled with a reputation of being cumbersome to implement and manage. However, even amid the harshest of its critics, its ability to secure data has rarely, if ever, come into question. Now, through advancements in the technology's infrastructure, IPsec has become easy to use...
Comments (0)
Paying Lip Service (Mostly) to User Education
October 24, 2012 Added by:Fergal Glynn
The connection between improved security and user education is so well-established as to be almost axiomatic. Better technology, coding practices and testing can only accomplish so much. So what’s being done about the dearth of solid user education?
Comments (1)
The Balancing Act: How Universities Can Prevent Malware and Enable Information Access
October 21, 2012 Added by:Paul Kenyon
Considering most universities must accommodate a network of thousands of desktops and laptops, in addition to end-users ranging from students, developers, researchers, academics and admin staff – it’s no wonder balancing security and productivity is such a complex endeavor...
Comments (1)
Landmark Ruling: Insiders Aren't Hacking if You Gave them Access
October 08, 2012 Added by:Rafal Los
What happens if you go perusing through your corporate file-share lists, applications directories and such... and find some interesting stuff that you aren't technically supposed to have access to yet the controls in place have no problem giving you permission? Does anyone notice?
Comments (0)
SMTP Dialects: How to Detect Bots Looking at SMTP Conversations
October 03, 2012 Added by:Gianluca Stringhini
We need new techniques to detect and block spam. Current techniques mostly fall in two categories: content analysis and origin analysis. Content analysis techniques look at what is being sent, and typically analyze the content of an email to see if it is indicative of spam...
Comments (6)
- Five Things Your InfoSec Team Should Do in the Next 30 Days
- The Disclosure Debate Continues….. (part 1,453, 769) to be Continued
- The Danger of Mixing Cyber Espionage with Cyber Warfare
- Improving Security by Failing Faster
- BYOD: Should It Be the Wave of the Future?
- Trend Micro Discovers "SafeNet" - a New Targeted Espionage Operation Online
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)