October 22, 2011 Added by:Dan Dieterle
This includes everything from bypassing authentication & cracking encryption, to advanced techniques like man-in-the-middle attacks and attacking WPA-Enterprise, with discussions Wireless penetration methodology, testing and reporting...
October 21, 2011 Added by:Rafal Los
When a problem that has been ignored for years suddenly causes immense pain, the result is an often a rash reaction that is grounded in fear and 'the need to do something' rather than a sane approach to securing assets, leading mostly to inconvenience and not better security....
October 21, 2011 Added by:Kanguru Solutions
Kanguru Solutions has teamed up with Cyber Data Risk Managers LLC to host a FREE webinar on cyber security and infosec entitled “How to Minimize the Risks of a Data Breach/Cyber Attack.” This free webinar will discuss data security, privacy and measures to take in the event of a data breach...
October 20, 2011 Added by:Joel Langill
Though this does not reflect true "source code", it does provide high-level language which can be re-compiled for another purpose. I reviewed much of the code, and though it did not contain 100% of the Stuxnet functionality, it did contain a large portion of the working malware...
October 20, 2011 Added by:David Sopata
Compliance in many cases is one of the biggest drivers for security. Compliance may not exactly require you to secure your Multi-Function printers or other devices, but since most organization generally want to do the right thing, it may be required to go beyond compliance...
October 20, 2011 Added by:Infosec Island Admin
Occasionally it comes to our attention that material submitted for publication by a member may contain instances of unattributed content. Infosec Island's policy is to immediately remove the offending content to preserve the original author's copyright...
October 20, 2011 Added by:Scot Terban
Due to the nature of the site and its being in the hidden wiki (DarkNet) it is tough to know exactly where the systems sit that house/host the content, but, it seems that through certain techniques using TTL, they pretty much have a good idea of where the server may sit in the continental US.
October 20, 2011 Added by:Headlines
“My first question is always to ask executives ‘do you really know how safe your own organization is?’ Some do reply confidently. Most do not. Fraud can happen anywhere, anytime, but it is relatively straightforward to deter or discover at an early stage with the right systems..."
October 20, 2011 Added by:Joel Harding
An attention grabbing report recently by Norton reveals that cybercrime nets more than marijuana, heroin and cocaine combined. Even worse, over 1 million people per day are victimized by online crime. In spite of this, 41% of us do not have adequate up to date virus or malware protection...
October 20, 2011 Added by:john melvin
This article is not an analysis of the backdoor, but instead describes the methodology and techniques used to decipher malicious code embedded and encoded in a seemingly normal web page. The following is a snippet of the PHP code that caught my attention and began my investigation...
October 19, 2011 Added by:Ron Baklarz
The new malcode has so much in common with Stuxnet, it is purported to have been written by the authors. W32.Duqu's primary purpose is intelligence gathering by focusing on industrial control system manufacturers with likely intent on future attacks against targeted victims...
October 19, 2011 Added by:Scot Terban
And therein lies the rub. DUQU has a 36 day shelf life. Now, this is good from a foot-printing level AND could be excellent for setting up the next attack vector that could include the component of sustained access. It was a recon mission and that was all...
October 19, 2011 Added by:Kevin McAleavey
Speculation about Duqu is that it's a precursor to another attack against embedded systems, and has been gathering information already about industrial systems, particularly engineering data and other design information...
October 19, 2011 Added by:Infosec Island Admin
Due to the rapid escalation of threats affecting wireless operations, TakeDownCon Las Vegas now brings you a highly technical platform which addresses highly technical knowledge which focuses on securing your channels, your data, and ultimately and most importantly – your very own privacy...
October 18, 2011 Added by:David Sopata
Acquisitions, mergers, and new services may introduce new regulations within an organization. If they are not properly maintained they can fluctuate from compliant to non compliant within any given day. So the question is: Does your organization show due care and due diligence?
October 18, 2011 Added by:Robert Siciliano
Now as companies leverage the power of the web, information security has evolved yet again: We are in the application security era. And as big companies get better at locking down their software and protecting their data, criminals are targeting the little guy...
NSA Surveillance Is Legal And Not Targeting ... John Smith on 06-13-2013
Vulnerability Management and Root Cause Anal... Ian Tibble on 06-12-2013
Vulnerability Management and Root Cause Anal... Koen Van Impe on 06-11-2013