Blog Posts Tagged with "Network Security"

7e364bbac217114a59e547b354e7f7ad

What’s Wrong with WAFs and How to Hack Them - Part 1

January 31, 2012 Added by:Gary McCully

Many companies that configure web application firewalls do not truly understand the web application attacks they are trying to prevent. Thus, in many cases, we have poorly coded web applications with poorly configured web application firewalls "protecting" them...

Comments  (3)

3e35900ae6facc6c146a85c435c71d82

Metasploit: The Penetration Tester's Guide

January 30, 2012 Added by:Ben Rothke

The Metasploit Project is an open-source security project that provides information about security vulnerabilities and assists those performing the penetration tests in building a framework in which to carry out the testing...

Comments  (1)

68b48711426f3b082ab24e5746a66b36

Tenth Anniversary of Gates Trustworthy Computing Memo

January 27, 2012 Added by:Fergal Glynn

January 15th was the 10th anniversary of Gates Trustworthy Computing memo. I asked a mixed group of my colleagues at Veracode to answer this question. The group has a wide age range, and come from many different backgrounds. Some of the answers are really funny. I hope you enjoy...

Comments  (0)

959779642e6e758563e80b5d83150a9f

Security is in the Cracks

January 26, 2012 Added by:Danny Lieberman

In preparing to implement an application for financial management, CRM, data mining or ERP, something in the back of your mind probably says the vendor’s development organization is not a lot different than yours - though you hope they’ve thought through the security issues first...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

NIST Draft Guidance for Monitoring IT System Security

January 26, 2012 Added by:Headlines

Three new draft reports published by the NIST are designed to help both public and private organizations improve the security of their information management systems by developing capabilities for continuous monitoring of security...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

The Myth of Defense in Depth

January 25, 2012 Added by:Rafal Los

There are two parts to the idea of defense in depth - there is the concept and the implementation. It's easy to talk about the concepts behind defense in depth - but to implement them effectively in today's technology landscape... well that is an entirely different cup of tea...

Comments  (5)

A88973e7d0943d295c99820ab9aeed27

VoIP: The Danger of Open Ports

January 25, 2012 Added by:Simon Heron

The Sipera UC-Sec 100 device is designed to withstand such attacks but many IP-PBX’s are not. If these attacks had been launched against an undefended and vulnerable system, it would have been possible for the hacker to register as an authorized user of the system...

Comments  (0)

E313765e3bec84b2852c1c758f7244b6

Snort and SCADA Protocol Checks

January 25, 2012 Added by:Brent Huston

There are a wide variety of open source tools that can be leveraged around Snort, making it a powerful approach to visibility. Having people in the industry who know how the systems Snort work allows for better development of signatures for nefarious issues...

Comments  (0)

5cbe1364caf51f95cac6484a832d66d0

Curran-Gardner: A Smoking Gun, But Where's the Body?

January 25, 2012 Added by:Bob Radvanovsky

Curran-Gardner: A contractor for a control systems outsourcing company had accessed one of his customer's systems from a foreign country, only to be confused with a foreign-national actor with malicious intent, but one question still remains: What really happened to the pump?

Comments  (0)

509ea0c1f4a210534eb004d35c10aa2d

Clinton Unanimously Elected as Chair of the ITSCC

January 25, 2012 Added by:Marjorie Morgan

“Cyber attacks are becoming more serious and more sophisticated. Not only is our nation’s critical infrastructure, but virtually every private or government enterprise which relies on modern information technology is now being subjected to these increasingly advanced attacks..."

Comments  (0)

3750d420f6c2a9844b529978894dc0be

It's Time to Evolve How We Protect Our Data

January 24, 2012 Added by:Josh Shaul

Advanced systems for protecting databases have been available for several years now, and have become mature and reliable technology. Databases can be locked down with secure configurations, strong access controls, and effective patch management strategies...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

Cyberwar Comes to a Mall in Fresno? Not so Much...

January 24, 2012 Added by:Infosec Island Admin

A Pastebin dump alleged to be from Anonymous has forty-nine IP addresses with SCADA systems on them. Furthermore, those systems were claimed to not have any authentication on them whatsoever. I checked the IP’s and I have to say “meh” on this little dump by the skiddies...

Comments  (5)

94ae16c30d35ee7345f3235dfb11113c

Maritime Cybersecurity Low to Non-Existent

January 24, 2012 Added by:Joel Harding

Instead of buying a ship for the relatively cheap price of $15 million, one could simply take control of the ship remotely and guide it into a target from thousand of miles away. Imagine the boom that 135 million cubic yards of natural gas could make if an LNG ship were run aground...

Comments  (12)

0ff0a77035f9569943049ed3e980bb0d

Roadmap to Exploitation: The OIG Imperative to Publish or Perish

January 23, 2012 Added by:

The majority of OIG organizations publish highly sensitive information as if they were assisting the agency. Just the opposite. They are ensuring a more rapid penetration of cyber defenses. Whose side of the equation here are you on? Why does this need to be public information?

Comments  (9)

7fef78c47060974e0b8392e305f0daf0

Cyber Espionage: A Buzzword-Term Often Overused

January 23, 2012 Added by:Infosec Island Admin

The Cuckoo’s Egg”, which happened in 1986, is the first "documented” case of computer espionage that is not classified. Cliff Stoll was asked to look into an accounting error on a University system and ended up finding and tracking an asset for the KGB...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

The Criticality of Attribution in Volatile Situations

January 22, 2012 Added by:Rafal Los

Imagine when a kinetic act causing loss of life is falsely attributed to a group, and because of the situation, human nature takes over. Assigning responsibility even when it's false is all the "evidence" we need to go to war or retaliate. Same with a hacked website...

Comments  (1)

Page « < 25 - 26 - 27 - 28 - 29 > »