May 09, 2013 Added by:Michael Fornal
A security check list is a list of security controls that a vendor or application must meet. These controls can range from how storage back up is to be done, to password complexity requirements. Having a checklist can help you in deciding if the application or vendor conforms to your company’s security requirements.
April 05, 2013 Added by:Simon Moffatt
As the devices becomes smarter, greater emphasis is placed on the data and services those devices access. Smartphones today come with a healthy array of encryption features, remote backup, remote data syncing for things like contacts, pictures and music, as well device syncing software like Dropbox. How much data is actually specifically related to the device?
March 28, 2013 Added by:Gary McCully
I thought it was time to write an update regarding the current state of websites that are using SSL/TLS to protect their web applications. Sadly, the current state of SSL/TLS is pretty pathetic. As of March 19, 2013 the SSL Pulse Project reported that many of the most popular sites on the Internet are still struggling with correctly implementing SSL!
February 19, 2013 Added by:Ben Rothke
When the IBM PC first came out 31 years ago, it supported a maximum of 256KB RAM. You can buy an equivalent computer today with substantially more CPU power at a fraction of the price. But in those 31 years, the information security functionality in which the PC operates has not progressed accordingly.
December 20, 2012 Added by:f8lerror
On to the fun stuff, to capture a hash we want to use the Metasploit capture SMB auxiliary module, which is located in auxiliary/server/capture/smb. Leave the default settings with the exception of the CAINPWFILE. Set this to output the file where ever you like...
December 17, 2012 Added by:Randall Frietzsche
We need a well-conceived set of administrative and technical controls - our policy, while still acknowledging that every living creature on the planet is organically attached to a smart device, must dictate that the user will follow the policy at risk of termination...
December 11, 2012 Added by:Kelly Colgan
Though it could create procedural challenges for the IRS and the U.S. Postal Service, Congress could solve the problem by simply refusing to issue refunds before April 15. That way they could see who has duplicate returns filed, and investigate before signing over checks to the bad guys...
December 04, 2012 Added by:Kelly Colgan
I’m a South Carolina taxpayer, and therefore, a potential victim of the massive South Carolina Department of Revenue Breach. I work in the identity theft and data risk industry, so when I heard about how everything was being handled and what was being offered, I was upset...
November 20, 2012 Added by:gaToMaLo r. amores
By denying terrorist and criminals groups access to their money, authorities can stop them buying munitions and paying for suicide bombers. This approach has been highly successful in identifying and dismantling terrorist networks. Now they need to adapt and learn how this new DC works because it cannot be stopped...
November 20, 2012 Added by:Ben Rothke
Key management is one of the most important aspects of cryptography and often the most difficult. Part of the difficulty around key management is at the user level, with key updates, passphrase management and more. Ultimately, effective key management is essential to the underlying security of the cryptosystem...
November 19, 2012 Added by:Bill Mathews
That’s right, I got an email with my username and password listed right there. That probably doesn’t anger normal people (let alone drive them to write an article about it), but I have never been accused of being normal so I’m pretty annoyed. Here, in no particular order, are my reasons for the anger and frustration...
November 14, 2012 Added by:Infosec Island Admin
Sure, the schadenfreude is fun, and there are many gawkers and rubber necks out there watching with glee but in the end there is much more to this debacle. The bigger picture issues are multiple and, but to start lets just sit back and watch the calamitous demolition of those who partook and their hubris...
November 12, 2012 Added by:Electronic Frontier Foundation
Full Disk Encryption (FDE) is one of the best ways you can ensure all of the private information on your laptop stays private in case it's lost, seized, stolen, or if you choose to sell or give away your computer in the future. This feature has been built-in to many GNU/Linux distributions, including Ubuntu...
November 12, 2012 Added by:Pierluigi Paganini
The major concerns are related to the use of cameras of video devices such as PC, mobile devices and TVs to identify the user and verify its rights for vision and of course to determine his habits with the purpose to pack it for the best offer in terms of contents...
November 09, 2012 Added by:Mikko Jakonen
Criminals or 'adversaries' do not care about your papers. Period. Only a skilled set of controls, wisdom, and discipline in management secures the environment. Attackers will utilize every means to gain access your beloved environment...
October 31, 2012 Added by:Electronic Frontier Foundation
We released version 3.0 of HTTPS Everywhere, which adds encryption protection to 1,500 more websites, twice as many as previous stable releases. Our current estimate is that HTTPS Everywhere 3 should encrypt at least a hundred billion page views in the next year, and trillions of individual HTTP requests...
PoS Malware Kits Rose in Underground in 2014... on 03-17-2015
New PCI Compliance Study... on 03-17-2015
PCI Security Standards Council Statement on ... on 03-17-2015