Blog Posts Tagged with "Network Security"
January 25, 2012 Added by:Rafal Los
There are two parts to the idea of defense in depth - there is the concept and the implementation. It's easy to talk about the concepts behind defense in depth - but to implement them effectively in today's technology landscape... well that is an entirely different cup of tea...
January 25, 2012 Added by:Simon Heron
The Sipera UC-Sec 100 device is designed to withstand such attacks but many IP-PBX’s are not. If these attacks had been launched against an undefended and vulnerable system, it would have been possible for the hacker to register as an authorized user of the system...
January 25, 2012 Added by:Brent Huston
There are a wide variety of open source tools that can be leveraged around Snort, making it a powerful approach to visibility. Having people in the industry who know how the systems Snort work allows for better development of signatures for nefarious issues...
January 25, 2012 Added by:Bob Radvanovsky
Curran-Gardner: A contractor for a control systems outsourcing company had accessed one of his customer's systems from a foreign country, only to be confused with a foreign-national actor with malicious intent, but one question still remains: What really happened to the pump?
January 25, 2012 Added by:Marjorie Morgan
“Cyber attacks are becoming more serious and more sophisticated. Not only is our nation’s critical infrastructure, but virtually every private or government enterprise which relies on modern information technology is now being subjected to these increasingly advanced attacks..."
January 24, 2012 Added by:Josh Shaul
Advanced systems for protecting databases have been available for several years now, and have become mature and reliable technology. Databases can be locked down with secure configurations, strong access controls, and effective patch management strategies...
January 24, 2012 Added by:Infosec Island Admin
A Pastebin dump alleged to be from Anonymous has forty-nine IP addresses with SCADA systems on them. Furthermore, those systems were claimed to not have any authentication on them whatsoever. I checked the IP’s and I have to say “meh” on this little dump by the skiddies...
January 24, 2012 Added by:Joel Harding
Instead of buying a ship for the relatively cheap price of $15 million, one could simply take control of the ship remotely and guide it into a target from thousand of miles away. Imagine the boom that 135 million cubic yards of natural gas could make if an LNG ship were run aground...
The majority of OIG organizations publish highly sensitive information as if they were assisting the agency. Just the opposite. They are ensuring a more rapid penetration of cyber defenses. Whose side of the equation here are you on? Why does this need to be public information?
January 23, 2012 Added by:Infosec Island Admin
The Cuckoo’s Egg”, which happened in 1986, is the first "documented” case of computer espionage that is not classified. Cliff Stoll was asked to look into an accounting error on a University system and ended up finding and tracking an asset for the KGB...
January 22, 2012 Added by:Rafal Los
Imagine when a kinetic act causing loss of life is falsely attributed to a group, and because of the situation, human nature takes over. Assigning responsibility even when it's false is all the "evidence" we need to go to war or retaliate. Same with a hacked website...
January 22, 2012 Added by:Bob Radvanovsky
Wile I am certain that the majority of this membership knows what Shodan is, honestly, it represents slightly more than an automated port scanner reporting back on some of the more common open ports (HTTP, SNMP, telnet) that appear to be pingable throughout the Internet...
January 22, 2012 Added by:Matthijs R. Koot
In December 2011 the Dutch Advisory Council on International Affairs published an advisory entitled "Digitale Oorlogsvoering" (English: "Digital Warfare") intended for the Dutch government. Below is my translation of the conclusions and recommendations of the advisory...
What we really need in this industry is a complete shake up. We need true innovative thought that uses cyber intelligence, counterintelligence and active defense and offensive measures in our programs. No more sitting around waiting for the penetration...
January 18, 2012 Added by:Alexander Rothacker
This time ere are only TWO fixes. This is the lowest number ever since the CPU program has started in 2005. Oracle, what happened? Did you throw in the towel on DBMS fixes? I know it’s not because the Database is finally fixed for good and is now suddenly secure...
January 16, 2012 Added by:Malgorzata Skora
Smartphones have become much more powerful over the past few years. Combine this power with the right applications and you can scan a network from the inside in seconds, along with performing several other new types of attacks for information gathering...
Paying Lip Service (Mostly) to User Educatio... Electra Melina on 01-29-2015
Digital Reputation: Can’t Buy it, Gotta Ea... Eden Connie on 01-29-2015
Writing Mandatory Procedures for ISO 27001 /... sarakfeely B on 01-29-2015