Information Security
Usernames and Passwords Are Facilitating Fraud
September 30, 2011 Added by:Robert Siciliano
Here we are in 2011 and well over half a billion records have been breached. While not all of the compromised records were held by financial institutions or were accounts considered “high-risk”, many of those breached accounts have resulted in financial fraud or account takeover...
Comments (0)
Hacker Halted: 10% Discount plus Get a Free iPad2 and 2 Nights Accommodations
September 30, 2011 Added by:Infosec Island Admin
Special for Infosec Island Members: Attend EC-Council's signature event in Miami - Hacker Halted USA - and get a free iPad2 + two nights hotel + an additional 10% discount when signing up for the conference pass or for selected training. Offer ends September 30, 2011...
Comments (0)
Microsoft is Waging Cyberwar
September 30, 2011 Added by:Joel Harding
A federal court judge taps his gavel and the request for taking down a domain and all sub-domains is approved. This indicates to me that a corporation is taking care of me, a private citizen. It also indicates that the government cannot or will not protect me...
Comments (0)
Smarter Security Steps Part 3: Safe and Secure Technology
September 29, 2011 Added by:Brian McGinley
We have moved from being a computer-assisted society to one that is computer-dependent. Control is critical to maintaining a secure operation. That requires assistance from technical experts. But good control begins with a company’s employees, an area you can’t afford to ignore...
Comments (0)
Should You Fear the BEAST?
September 29, 2011 Added by:f8lerror
BEAST is a Man-In-The-Middle (MitM) attack that injects plain text into the encrypted stream sent by the victim's browser via JavaScript during a MitM attack. Using injected plain text and the encrypted results, BEAST can eventually decrypt the entire HTTPS request and cookies...
Comments (0)
Insider Threats: Ghostwriter Gone Rogue
September 29, 2011 Added by:Javvad Malik
Consider what assets the employee has had access to during their time. Do you need to get a laptop back from them? A mobile phone perhaps, revoke their access maybe? What you don’t want is someone who is no longer employed by you to still have access to your systems or information...
Comments (0)
Anonymous: OSINT and Leaking of Corporate Corruption
September 28, 2011 Added by:Scot Terban
Anonymous came up with a new splinter organization that claims to be looking into corporate wrongdoing. This group is called Anonymous Analytics and claims that they are using open source information as well as soliciting leaks/whistleblowers to reveal corporate malfeasance...
Comments (0)
DerbyCon Talks You Don’t Want to Miss
September 28, 2011 Added by:Gary McCully
When people think of PenTesting, they immediately think of Buffer Overflows, Weak Passwords, and SQL Injection. What people fail to realize is that in many cases it is easier to use “features” of applications already installed to get a foothold into a corporation’s network...
Comments (0)
Digital Evidence and Computer Crime
September 28, 2011 Added by:Ben Rothke
When it comes to digital crime, the evidence is often at the byte level, deep in the magnetics of digital media, invisible to the human eye. That is just one of the challenges of digital forensics, where it is easy to destroy crucial evidence and often difficult to preserve it correctly...
Comments (0)
Hacker Halted: Register for Training - Get a Free iPad
September 27, 2011 Added by:Infosec Island Admin
Hacker Halted offers more than 70 speakers and a very comprehensive agenda covering major hot topics surrounding information security across four dedicated tracks. Receive a free iPad and 2 nights accommodations when you sign up for selected training or a conference pass...
Comments (0)
Data Breaches - Beyond the Impact of Fines
September 27, 2011 Added by:Emmett Jorgensen
With several high profile breaches this year, regulators have proposed data breach notification bills and heavy fines for organizations that fail to keep sensitive information safe. The real concern for organizations that have experienced a data breach, however, is customer confidence...
Comments (8)
SCADA: Air Gaps Do Not Exist
September 26, 2011 Added by:Craig S Wright
There are a multitude of systems that simply need to be crashed, not controlled using an automated tool without human interaction. A human with control of a RAT does not need to write a variant for each system. They simply need to take control of the underlying operating system...
Comments (1)
How to Prepare for the ISO 27001 Certification Audit
September 26, 2011 Added by:Dejan Kosutic
In Stage 1 audit (called Documentation review) the certification auditor checks whether your documentation is compliant with ISO 27001; in Stage 2 audit (also called Main audit) the auditor checks whether all your activities are compliant with both ISO 27001 and your documentation...
Comments (0)
Populating Your Virtual Victim Domain
September 26, 2011 Added by:Rob Fuller
Adding users to a domain for learning, training, or for testing things out on can be tedious. Most of the time I just put a few users , however that doesn't give someone in training much, i.e.: It's really easy to identify the 'interesting' users when there are only a couple to pick from...
Comments (1)
MAC versus DAC in SELinux
September 25, 2011 Added by:Jamie Adams
This simple real-world example demonstrates how MAC rules supersede DAC settings. I encourage you to read the system documentation and experiment on lab systems. Too often system administrators become frustrated by "AVC Denial" messages and resort to disabling this enhanced security...
Comments (0)
Firefox Add-On Cocoon – Strengths and Weaknesses
September 25, 2011 Added by:Kyle Young
Using tools like ettercap, sslstrip, webmitm, dnsspoof, and wireshark, I was not able to retrieve the login credentials that were used to sign on to Cocoon’s privacy service. The way they have implemented SSL with this plugin is probably one of the best SSL implementations I’ve seen in my opinion...
Comments (0)
- Five Things Your InfoSec Team Should Do in the Next 30 Days
- The Disclosure Debate Continues….. (part 1,453, 769) to be Continued
- The Danger of Mixing Cyber Espionage with Cyber Warfare
- Improving Security by Failing Faster
- BYOD: Should It Be the Wave of the Future?
- Trend Micro Discovers "SafeNet" - a New Targeted Espionage Operation Online
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)