Information Security

9f19bdb2d175ba86949c352b0cb85572

Incident Response and Risk Management Go Hand in Hand

February 12, 2012 Added by:Neira Jones

Residual risk is inevitable, so incident response becomes a crucial part of managing it. As the risk assessment identifies the assets critical to a business - threats, vulnerabilities and controls - so should the incident response plan concentrate on critical assets...

Comments  (2)

E313765e3bec84b2852c1c758f7244b6

Focusing on Input Validation

February 11, 2012 Added by:Brent Huston

Input validation is the single best defense against injection and XSS vulnerabilities. Done right, proper input validation techniques can make web-applications invulnerable to such attacks. Done wrongly, they are little more than a false sense of security...

Comments  (0)

1a490136c27502563c62267354024cd5

Brad Smith: The Power of the Ultimate Social Engineer

February 11, 2012 Added by:Malgorzata Skora

While we often focus on how social engineering skills can be used to break into companies or otherwise obtain information that is supposed to be protected, Brad demonstrates the positive aspects of these skills, and shows how they can be put to good use...

Comments  (1)

0a8cae998f9c51e3b3c0ccbaddf521aa

Enterprise Security and the Battle Over Productivity

February 11, 2012 Added by:Rafal Los

The trick is, when security can't clearly and absolutely get definition on what employees should and shouldn't be allowed to do, they have to implement the law of least privilege overly aggressively and then things get slow, tedious, and everyone complains about security...

Comments  (0)

68b48711426f3b082ab24e5746a66b36

Security Weekly News Roundup: Tunnel Vision

February 11, 2012 Added by:Fergal Glynn

As security professionals do we all just suffer from “security tunnel vision” or is something major shifting in our industry? Is it all just related to the significant rise in hacktivism or the 24-hour news cycle requiring that every little thing become a news story?

Comments  (0)

A88973e7d0943d295c99820ab9aeed27

Data at Rest: Dormant But Dangerous

February 10, 2012 Added by:Simon Heron

Data is considered to be either ‘at rest’, ‘in transit’ or ‘in use.’ When putting security measures in place, it is important to consider all three states and address risks associated with each. This article examines data at rest and proposes strategies to minimize dangers...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

APT: What It Is and What It’s Not

February 10, 2012 Added by:Infosec Island Admin

They can use the most elegant of solutions and nimbly change their tactics, on the fly create/edit code to defeat the defender's tactics, and use the most simplistic of attacks in the effort to gain access KEEP it as long as possible to succeed in their own ends...

Comments  (0)

03b2ceb73723f8b53cd533e4fba898ee

DDoS Attacks: An Excuse to Talk About IPv6 Security

February 10, 2012 Added by:Pierluigi Paganini

The switchover from the existing address protocol IPv4 to IPv6 will give attackers a great opportunity. With the introduction of the protocol a huge quantity of new internet addresses is available, and those addresses could be used as sources for DDoS attacks...

Comments  (0)

Ba829a6cb97f554ffb0272cd3d6c18a7

Did the 2006 Symantec Breach Expose RSA's SecurID?

February 10, 2012 Added by:Kevin McAleavey

The Symantec leak could pose a risk to RSA's SecurID. Examination of the source code for PCAnywhere turned up something disturbing - numerous header files and several libraries belonging to RSA, and SecurID code is part of the exposed PCAnywhere product source code...

Comments  (23)

4e21f96122846f32545687ad42b271e2

Some "LightReading" about Mobile Application Security

February 10, 2012 Added by:Security Ninja

Developers, project managers and executive officers need to be able to evaluate the risk that they are exposing their customers and their businesses to. They need to know how to measure the security posture of their apps and to make decisions on what changes to make...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Straight Talk about Compliance from a Security Viewpoint

February 09, 2012 Added by:Rafal Los

Odds are, you can usually close out multiple compliance requirements across multiple requirements regulations by doing something singular in a security program. Performing software security audits during various phases of your SDLC solves many compliance requirements...

Comments  (0)

B64e021126c832bb29ec9fa988155eaf

GFI WebMonitor Internet and Web Security Review

February 09, 2012 Added by:Dan Dieterle

Looking for a program that monitors internet use, allows granular control over sites and services they can access, coupled with comprehensive web security and threat detection that includes scanning with three Anti-Virus engines? Look no further...

Comments  (0)

1b061b1cec6b5898e5326992d9461610

Does Offensive Security Really Exist?

February 09, 2012 Added by:Dave Shackleford

I want to refute the concept of offensive vs. defensive security staff. It's not realistic. Reason? Offense really exists for one reason – to inform defense. In my mind, this really means we’re ALL defense. We just accomplish our defensive strategy and tactics in different ways...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

Cyber Preparedness: Paper Tigers... Aren’t We All?

February 09, 2012 Added by:Infosec Island Admin

China, Russia, Israel etc etc are all key players in the espionage world which now includes the 5th battlespace of information warfare carried out on the internet and within computer networks. To think anything else because someone asked them just how prepared “they” were for “cyberwar” is just appallingly stupid...

Comments  (0)

Ca77c9128684f4263450c6d728107608

Starting to Clean Up the Mess from PCAnywhere

February 09, 2012 Added by:Damion Waltermeyer

I realized not everyone was even sure how to go about starting to clean up from the PCAnywhere exploit. To start, I am going to share with you my method for finding machines that are potentially open to this exploit...

Comments  (3)

D8853ae281be8cfdfa18ab73608e8c3f

User Assisted Compromise (UAC)

February 09, 2012 Added by:Rob Fuller

You have to wait for the user to use UAC (this does not work if someone else does, it's only for the current user HKCU). But, as a side benefit, it's a very real form of sneaky persistence as well, as it will execute our evil binary every single time they use UAC...

Comments  (0)

Page « < 66 - 67 - 68 - 69 - 70 > »