Blog Posts Tagged with "Network Security"
January 31, 2012 Added by:Gary McCully
Many companies that configure web application firewalls do not truly understand the web application attacks they are trying to prevent. Thus, in many cases, we have poorly coded web applications with poorly configured web application firewalls "protecting" them...
January 30, 2012 Added by:Ben Rothke
The Metasploit Project is an open-source security project that provides information about security vulnerabilities and assists those performing the penetration tests in building a framework in which to carry out the testing...
January 27, 2012 Added by:Fergal Glynn
January 15th was the 10th anniversary of Gates Trustworthy Computing memo. I asked a mixed group of my colleagues at Veracode to answer this question. The group has a wide age range, and come from many different backgrounds. Some of the answers are really funny. I hope you enjoy...
January 26, 2012 Added by:Danny Lieberman
In preparing to implement an application for financial management, CRM, data mining or ERP, something in the back of your mind probably says the vendor’s development organization is not a lot different than yours - though you hope they’ve thought through the security issues first...
January 26, 2012 Added by:Headlines
Three new draft reports published by the NIST are designed to help both public and private organizations improve the security of their information management systems by developing capabilities for continuous monitoring of security...
January 25, 2012 Added by:Rafal Los
There are two parts to the idea of defense in depth - there is the concept and the implementation. It's easy to talk about the concepts behind defense in depth - but to implement them effectively in today's technology landscape... well that is an entirely different cup of tea...
January 25, 2012 Added by:Simon Heron
The Sipera UC-Sec 100 device is designed to withstand such attacks but many IP-PBX’s are not. If these attacks had been launched against an undefended and vulnerable system, it would have been possible for the hacker to register as an authorized user of the system...
January 25, 2012 Added by:Brent Huston
There are a wide variety of open source tools that can be leveraged around Snort, making it a powerful approach to visibility. Having people in the industry who know how the systems Snort work allows for better development of signatures for nefarious issues...
January 25, 2012 Added by:Bob Radvanovsky
Curran-Gardner: A contractor for a control systems outsourcing company had accessed one of his customer's systems from a foreign country, only to be confused with a foreign-national actor with malicious intent, but one question still remains: What really happened to the pump?
January 25, 2012 Added by:Marjorie Morgan
“Cyber attacks are becoming more serious and more sophisticated. Not only is our nation’s critical infrastructure, but virtually every private or government enterprise which relies on modern information technology is now being subjected to these increasingly advanced attacks..."
January 24, 2012 Added by:Josh Shaul
Advanced systems for protecting databases have been available for several years now, and have become mature and reliable technology. Databases can be locked down with secure configurations, strong access controls, and effective patch management strategies...
January 24, 2012 Added by:Infosec Island Admin
A Pastebin dump alleged to be from Anonymous has forty-nine IP addresses with SCADA systems on them. Furthermore, those systems were claimed to not have any authentication on them whatsoever. I checked the IP’s and I have to say “meh” on this little dump by the skiddies...
January 24, 2012 Added by:Joel Harding
Instead of buying a ship for the relatively cheap price of $15 million, one could simply take control of the ship remotely and guide it into a target from thousand of miles away. Imagine the boom that 135 million cubic yards of natural gas could make if an LNG ship were run aground...
The majority of OIG organizations publish highly sensitive information as if they were assisting the agency. Just the opposite. They are ensuring a more rapid penetration of cyber defenses. Whose side of the equation here are you on? Why does this need to be public information?
January 23, 2012 Added by:Infosec Island Admin
The Cuckoo’s Egg”, which happened in 1986, is the first "documented” case of computer espionage that is not classified. Cliff Stoll was asked to look into an accounting error on a University system and ended up finding and tracking an asset for the KGB...
January 22, 2012 Added by:Rafal Los
Imagine when a kinetic act causing loss of life is falsely attributed to a group, and because of the situation, human nature takes over. Assigning responsibility even when it's false is all the "evidence" we need to go to war or retaliate. Same with a hacked website...
Hacker to Release Symantec's PCAnywhere Sour... Jerry Shaw on 10-05-2015
PoS Malware Kits Rose in Underground in 2014... on 03-17-2015
New PCI Compliance Study... on 03-17-2015