Information Security

959779642e6e758563e80b5d83150a9f

Build Your Security Portfolio Around Attack Scenarios

February 14, 2012 Added by:Danny Lieberman

In the current environment of rapidly evolving types of attacks - hacktivisim, nation-state attacks, credit card attacks mounted by organized crime, script kiddies, competitors and malicious insiders and more - it is essential that IT and security communicate effectively...

Comments  (1)

F29746c6cb299c1755e4087e6126a816

Your Name and SSN - All a Thief Needs for Tax Fraud

February 14, 2012 Added by:Kelly Colgan

The IRS has seen a significant increase in the number of fraud cases involving identity theft, according to Steven Miller, IRS deputy commissioner for services and enforcement. Addresses don’t mean anything. All a thief needs is your name and Social Security number...

Comments  (0)

7ddc1f3000a13e4dfec28074e9e7b658

What Actually Changed in Google’s Privacy Policy

February 14, 2012 Added by:Electronic Frontier Foundation

Google did a great job of informing users that the privacy policy had been changed through emails and notifications. Unfortunately, while the policy might be easier to understand, Google did a less impressive job of publicly explaining what in the policy had actually been changed...

Comments  (0)

01ceb9281b3fb3dbb90c3efbe327717e

Security Flaw in eBanking Affects Over 100 Million Users

February 14, 2012 Added by:Alan Woodward

CAPTCHAs. You've all had to use them at some point - those funny, distorted versions of a piece of text that only a human can decipher. I was shocked to learn that CAPTCHAs were being used in eBanking and could successfully be attacked nearly 100% of the time....

Comments  (2)

0a8cae998f9c51e3b3c0ccbaddf521aa

Difference Between Spreading Information and Enabling Crime

February 14, 2012 Added by:Rafal Los

Most people don't get prosecuted or charged for distributing or re-tweeting a link to an Anonymous pastebin dump. Where is the line drawn then, and why are some incidents bigger than others? The question ultimately goes to the contents of the cache of information...

Comments  (2)

68b48711426f3b082ab24e5746a66b36

FBI Bitten by Operational Security

February 13, 2012 Added by:Fergal Glynn

Employees forward confidential calendar events and messages to personal calendars and personal email accounts. This may make their jobs easier but it can put their companies at risk. A recent security incident involving the FBI can teach us something about corporate security...

Comments  (0)

Bbb285308604bc5fbb9b43590d0501f6

Security BSides San Francisco: Presentation Schedule

February 13, 2012 Added by:Security BSides

Each BSides is a community-driven framework for building events for and by information security community members. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening. You don’t want to miss it...

Comments  (0)

03b2ceb73723f8b53cd533e4fba898ee

KPN Hack: Why was Customer Notification Delayed?

February 13, 2012 Added by:Pierluigi Paganini

The login credentials were stored in plain text in the repository that had been exposed, and that is absurd. This is a failure of the basic security procedures that should be recognized internationally, and is an offense for which there should be heavy penalties...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Will the Real IT Security Researcher Please Stand Up?

February 12, 2012 Added by:Rafal Los

Most security researchers are comfortable with identifying flaws and racing to be the first to find zero-day vulnerabilities. Is this productive? Isn’t erring human? If that is the case, why is it surprising to find flaws in new software or applications?

Comments  (2)

Fc152e73692bc3c934d248f639d9e963

Encryption Key Management Primer – Requirement 3.5

February 12, 2012 Added by:PCI Guru

The problem with the manual option is that encryption keys are typically needed to boot the secure server or start an application that needs access to encrypted data. The security surrounding the keys becomes problematic as operations personnel need regular access...

Comments  (0)

9f19bdb2d175ba86949c352b0cb85572

Incident Response and Risk Management Go Hand in Hand

February 12, 2012 Added by:Neira Jones

Residual risk is inevitable, so incident response becomes a crucial part of managing it. As the risk assessment identifies the assets critical to a business - threats, vulnerabilities and controls - so should the incident response plan concentrate on critical assets...

Comments  (2)

E313765e3bec84b2852c1c758f7244b6

Focusing on Input Validation

February 11, 2012 Added by:Brent Huston

Input validation is the single best defense against injection and XSS vulnerabilities. Done right, proper input validation techniques can make web-applications invulnerable to such attacks. Done wrongly, they are little more than a false sense of security...

Comments  (0)

1a490136c27502563c62267354024cd5

Brad Smith: The Power of the Ultimate Social Engineer

February 11, 2012 Added by:Malgorzata Skora

While we often focus on how social engineering skills can be used to break into companies or otherwise obtain information that is supposed to be protected, Brad demonstrates the positive aspects of these skills, and shows how they can be put to good use...

Comments  (1)

0a8cae998f9c51e3b3c0ccbaddf521aa

Enterprise Security and the Battle Over Productivity

February 11, 2012 Added by:Rafal Los

The trick is, when security can't clearly and absolutely get definition on what employees should and shouldn't be allowed to do, they have to implement the law of least privilege overly aggressively and then things get slow, tedious, and everyone complains about security...

Comments  (0)

68b48711426f3b082ab24e5746a66b36

Security Weekly News Roundup: Tunnel Vision

February 11, 2012 Added by:Fergal Glynn

As security professionals do we all just suffer from “security tunnel vision” or is something major shifting in our industry? Is it all just related to the significant rise in hacktivism or the 24-hour news cycle requiring that every little thing become a news story?

Comments  (0)

A88973e7d0943d295c99820ab9aeed27

Data at Rest: Dormant But Dangerous

February 10, 2012 Added by:Simon Heron

Data is considered to be either ‘at rest’, ‘in transit’ or ‘in use.’ When putting security measures in place, it is important to consider all three states and address risks associated with each. This article examines data at rest and proposes strategies to minimize dangers...

Comments  (0)

Page « < 66 - 67 - 68 - 69 - 70 > »