Information Security


Anonymous Now Interested in the Great Firewall of China

February 17, 2012 Added by:Pierluigi Paganini

Why have they not targeted China before? Hypothetically, the structure of Anonymous could have been infiltrated and directed against the Chinese as part of a strategy defined by the West, or perhaps someone is using the name Anonymous to conduct undercover operations...

Comments  (0)


Responsibility vs Capability in the CISO Role

February 17, 2012 Added by:Rafal Los

Capability is often seen as the ability to enforce - whether its corporate politics, budget, or a top-down reporting structure. If you don't have the capability to force people to follow organization-wide decisions it is difficult to have a solid organization...

Comments  (0)


The Differences Between Security Certifications

February 17, 2012 Added by:Joshua Lochner

It seems like certifications have always been a source of contention for IT professionals. What are “The Right” certifications to get? Are they needed? Which ones would someone reap the most benefit from? Who cares?

Comments  (0)


AdiOS: Say Goodbye to Nosy iPhone Apps

February 16, 2012 Added by:Fergal Glynn

I put together a free utility called AdiOS (Addressbook Detector for iOS) that lets Mac users scan the iOS apps in your iTunes directory to see if they have the potential to dump your phone book externally. AdiOS detects apps that access your address book using a binary grep...

Comments  (0)


Best Practices to Prevent Document Leaks

February 16, 2012 Added by:Peter Weger

Unfortunate consequences occur when companies lose control over confidential assets and experience intentional or unintentional disclosure of the information. In some cases, even the possibility of information leakage can damage reputations and stock prices...

Comments  (0)


Lessons from the Nortel Networks Breach

February 16, 2012 Added by:Suzanne Widup

Much is being published about how inappropriate the response to the Nortel incident was, but it demonstrates an important point for companies - how do you know when you’ve done enough? How do you tell when an incident is over, and you should go back to business as usual?

Comments  (0)


Encryption: A Buzzword, Not a Silver Bullet

February 16, 2012 Added by:Danny Lieberman

Encryption, buzzword, not a silver bullet for protecting data on your servers. In order to determine how encryption fits into server data protection, consider four encryption components on the server side: passwords, tables, partitions and inter-tier socket communications...

Comments  (0)


The Truth Behind Data Breaches

February 16, 2012 Added by:Neira Jones

SQLi was the number one attack vector found in both the Web Hacking Incident Database and the number one Web-based method of entry in incident response investigations. SQL injections were the number one Web application risk of 2011...

Comments  (7)


How I Learned to Stop Worrying and Love Cyberwar

February 16, 2012 Added by:Infosec Island Admin

Sure, there are potential issues with regard to infrastructure and hacking/warfare, but, it is not such that we need to frame it and clothe it in the ripped flag of 9/11 do we? Obviously these guys all think so. I would beg to differ, and I find it shameful...

Comments  (1)


Information Security Relief is Spelled ISO-27001

February 15, 2012 Added by:John Verry

No matter the industry or service offering, organizations processing data on behalf of clients are experiencing the pain of proving they are secure and compliant with client standards and the myriad of regulations which their clients are obligated. ISO-27001 spells relief...

Comments  (0)


Disclosures: How Much Sharing is Too Much?

February 15, 2012 Added by:Jack Daniel

What is the point of telling you I was compromised by spear phishing, SQL injection, cross site scripting, cross site request forgery, default credentials, or anything else we’ve know about for years? If you are ignoring all of the well-known risks, it is a waste of time...

Comments  (0)


One in Three Massachusetts Residents’ Records Breached

February 15, 2012 Added by:Robert Siciliano

Massachusetts has one of the most stringent data protection laws on the books. Companies are now reporting when even a single individual’s information has been compromised. Despite strict security requirements, companies are continually being hacked in record numbers....

Comments  (0)


Nortel: From Bankruptcy to Industrial Espionage Victim

February 15, 2012 Added by:Pierluigi Paganini

The damage is incalculable if we consider the enormous amount of data that may have been lost. Information on technological solutions, business reports, and other sensitive documents were stolen for years, seriously compromising the intellectual property of the company...

Comments  (3)


The Dangers of Non-Contextual Pattern Matching

February 15, 2012 Added by:Rafal Los

Even a system inconsistency such as an abnormal page transition velocity on your flagship web application can be overlooked - until you put all those together and realize you're being SQL Injected and someone is stealing your multi-terabyte database out from under you...

Comments  (0)


Researchers Discover Widespread Cryptographic Vulnerabilities

February 15, 2012 Added by:Electronic Frontier Foundation

The consequences of these vulnerabilities are extremely serious. In all cases, a weak key would allow an eavesdropper on the network to learn confidential information, such as passwords or the content of messages, exchanged with a vulnerable server...

Comments  (0)


In Cyber - Losers Ignore, Survivors React, Winners Predict

February 15, 2012 Added by:Richard Stiennon

Every organization has a choice: become a victim of cyber attack and pay the cost of recovery then rely on quick reactions to changes in the threat space to survive the next attack, or predict the escalation in attacks and invest early in the defenses required...

Comments  (0)

Page « < 66 - 67 - 68 - 69 - 70 > »