Search:

Latest Blog Posts

69dafe8b58066478aea48f3d0f384820

McAfee Report: No Immunity from Targeted Attacks

February 22, 2012 Added by:Headlines

“The threat landscape continued to evolve in 2011, and we saw a significant shift in motivation for cyber attacks. Increasingly, we’ve seen that no organization, platform or device is immune to the increasingly sophisticated and targeted threats..."

Comments  (0)

44fa7dab2a22dc03b6a1de4a35b7834a

A Security Resolution for Developers

February 22, 2012 Added by:Bill Gerneglia

You can’t understand how applications will be attacked if you don’t know how they work. Applications ultimately transmit data and operate on hardware in a network. Developers need to understand protocols, dependencies, communications, encryption, and more...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

IPv6 Protocol Implementation is Not a Security Panacea

February 22, 2012 Added by:Headlines

"The same thing that made the IPv6-enabled Internet valuable has also made it an increasingly valuable venue for attacks. While the frequency of attacks is relatively modest on IPv6 today, we expect that accelerated adoption will be followed in-kind by an accelerated pace of attacks..."

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

The CISO as a Capable Catalyst

February 22, 2012 Added by:Rafal Los

"If a CISO initially receives any capability when starting the position, that was capability that was left over from their predecessor. It is now the CISO's responsibility to earn more capability and solidify what may already exist..."

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

NIST Pursues Health Record System Usability Testing

February 22, 2012 Added by:Infosec Island Admin

The National Institute of Standards and Technology (NIST) seeks manufacturers of electronic health record (EHR) systems to participate in a research effort to develop methods for assessing the usability of health information systems...

Comments  (0)

Baed7cd90281d85b6943e9bf3cfc9fe0

Anonymous, NSA, Power Grids and False Flags

February 22, 2012 Added by:Scot Terban

Anonymous has never officially made a statement about attacking the power infrastructure at all. Sure, there were some drops of IP addresses in the recent past that they claimed were SCADA systems, but were only for HVAC systems. So where is the NSA getting this?

Comments  (1)

69dafe8b58066478aea48f3d0f384820

US and Netherlands Expand Cybersecurity Coordination

February 22, 2012 Added by:Headlines

The Letter of Intent recognizes expanded coordination between the US and the Netherlands, and outlines several areas to further collaborate on cybersecurity including incident management and response activities, control systems security, and cybersecurity exercises...

Comments  (0)

01ceb9281b3fb3dbb90c3efbe327717e

Algorithms: When is Random Really Random?

February 22, 2012 Added by:Alan Woodward

The fact that we rely upon pseudorandom numbers is a potential problem for IT security. If a machine is using a known algorithm to generate a number that your system then treats as random, what is to stop an attacker from calculating that same number if he knows your algorithm...

Comments  (0)

201d6e4b7cd0350a1a9ef6e856e28341

Is ICS-CERT Focused on the Right Issues?

February 22, 2012 Added by:Joe Weiss

Analysis of the incident database shows the most significant events from an impact perspective were control system related - yet they represent only 24 of the 203 advisories ICS-CERT put out in the last year. It appears ICS-CERT is focusing on the less important issues...

Comments  (2)

65be44ae7088566069cc3bef454174a7

Is Information Online Legally Fair Game to Use for Marketing?

February 22, 2012 Added by:Rebecca Herold

Social media sites are booming. The amount of personal information posted to them, such as photos, videos, original stories, thoughts, gossip, is exploding. Marketers are drooling at the prospect of using all that “free” information. Well, it’s really not free, folks...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

NSA Wary of Potential Hacktivist Threat to Power Grid

February 21, 2012 Added by:Headlines

"Grid officials said their systems face regular attacks, and they devote tremendous resources to repelling invaders, whether from Anonymous or some other source. The industry is engaged and stepping up widely to respond to emerging cyber threats..."

Comments  (0)

E313765e3bec84b2852c1c758f7244b6

Stealth Code for New Mutation of PHP Bot Infector

February 21, 2012 Added by:Brent Huston

I found a new mutation of a PHP bot infector, with zero percent detection by AV software. When I decoded the PHP backdoor I got 17 AV hits on it. This leads to the question about evasion techniques and how effective anti-virus applications are at doing code de-obfuscation...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

FTC Removed Security Protocols from Website Contract

February 21, 2012 Added by:Headlines

The events appear to be a comedy of errors, where during the long process involved in awarding contracts, critical security requirements were not enforced. As the federal government races to outsource in an effort to cut costs, the risk of oversights become more probable...

Comments  (0)

Baed7cd90281d85b6943e9bf3cfc9fe0

Social Media Monitoring: A Rubric for Control

February 21, 2012 Added by:Scot Terban

We have become a watched commodity via all means of communication. Programs have been put together with the veneer of protecting us from another 9/11 and perhaps some of them were made with the best of intentions, but this idea of monitoring social media is half baked...

Comments  (1)

B64e021126c832bb29ec9fa988155eaf

The Need for a Special Forces Offensive Cyber Group

February 21, 2012 Added by:Dan Dieterle

Nation State hackers are active in attacking and compromising military, government and defense contractor sites. Terrorists are using social media sites to recruit, train and spread their poison. In essence we are in a Cyber Cold War. We need a Cyber Special Forces group...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: 7Technologies TERMIS DLL Hijacking

February 21, 2012 Added by:Infosec Island Admin

The 7T TERMIS software is vulnerable to DLL Hijacking. An attacker may place a malicious DLL in a directory where it will be loaded before the valid DLL. This vulnerability may allow execution of arbitrary code and may be exploitable from a remote machine...

Comments  (0)


« First < Previous | 1 - 2 - 3 - 4 - 5 | Next > Last »
Popular Topics
Anonymous  Application Security  Attacks  Authentication  China  Cloud Computing  Cloud Security  Compliance  Cyber Crime  Cyber Security  Cyberwar  Data Loss Prevention  Encryption  Enterprise Security  Government  Hacking  Hacktivist  Headlines  Information Security  Infosec  Infrastructure  Legal  Mobile Devices  National Security  Network Security  PCI DSS  Passwords  Privacy  SCADA  Security  Stuxnet  Training  Vulnerabilities  breach  breaches  fraud  hackers  internet  malware  report 

Your Own Private Island

December 24, 2011
Coming Soon! Build your own Island right here!

Make your home Infosec Island with your own private vanity URL, design options and private network of followers.

Infosec Island v2

December 24, 2011
The latest version of Infosec Island is now available. There are more content options and more ways to connect and interact with your peers.

Thanks to everyone for a great year, and we're looking forward to an excellent 2012!
Latest Survey Results
2011 will be most likely be remembered for:
results