Blog Posts Tagged with "Network Security"


Roadmap to Exploitation: The OIG Imperative to Publish or Perish

January 23, 2012 Added by:

The majority of OIG organizations publish highly sensitive information as if they were assisting the agency. Just the opposite. They are ensuring a more rapid penetration of cyber defenses. Whose side of the equation here are you on? Why does this need to be public information?

Comments  (9)


Cyber Espionage: A Buzzword-Term Often Overused

January 23, 2012 Added by:Infosec Island Admin

The Cuckoo’s Egg”, which happened in 1986, is the first "documented” case of computer espionage that is not classified. Cliff Stoll was asked to look into an accounting error on a University system and ended up finding and tracking an asset for the KGB...

Comments  (0)


The Criticality of Attribution in Volatile Situations

January 22, 2012 Added by:Rafal Los

Imagine when a kinetic act causing loss of life is falsely attributed to a group, and because of the situation, human nature takes over. Assigning responsibility even when it's false is all the "evidence" we need to go to war or retaliate. Same with a hacked website...

Comments  (1)


More Exposure to SCADA Devices Through Shodan

January 22, 2012 Added by:Bob Radvanovsky

Wile I am certain that the majority of this membership knows what Shodan is, honestly, it represents slightly more than an automated port scanner reporting back on some of the more common open ports (HTTP, SNMP, telnet) that appear to be pingable throughout the Internet...

Comments  (3)


Dutch Council on Int'l Affairs' Advice on Digital Warfare

January 22, 2012 Added by:Matthijs R. Koot

In December 2011 the Dutch Advisory Council on International Affairs published an advisory entitled "Digitale Oorlogsvoering" (English: "Digital Warfare") intended for the Dutch government. Below is my translation of the conclusions and recommendations of the advisory...

Comments  (0)


The Proliferation of Cyber Janitors

January 20, 2012 Added by:

What we really need in this industry is a complete shake up. We need true innovative thought that uses cyber intelligence, counterintelligence and active defense and offensive measures in our programs. No more sitting around waiting for the penetration...

Comments  (3)


TeamSHATTER: Analysis of the January 2012 Oracle CPU

January 18, 2012 Added by:Alexander Rothacker

This time ere are only TWO fixes. This is the lowest number ever since the CPU program has started in 2005. Oracle, what happened? Did you throw in the towel on DBMS fixes? I know it’s not because the Database is finally fixed for good and is now suddenly secure...

Comments  (0)


That a Phone in Your Pocket or Are You Scanning My Network?

January 16, 2012 Added by:Malgorzata Skora

Smartphones have become much more powerful over the past few years. Combine this power with the right applications and you can scan a network from the inside in seconds, along with performing several other new types of attacks for information gathering...

Comments  (1)


Kolmogorov Complexity, Natural Language Programming and the Bash Shell

January 15, 2012 Added by:Kyle Young

In this post we will be treating strings as objects in a similar sense of Kolmogorov complexity. Then we will apply an alias name or function name to the object which then the alias/function name can be perceived as a natural language sentence...

Comments  (0)


First Documented Case of Cyber Espionage?

January 15, 2012 Added by:Richard Stiennon

Thanks to a hacker group in India, Infosec Island has source material that demonstrates wide spread cyber espionage on the part of the Indian Government which the hackers may publish. This is a historically significant development for those of us who track cyber espionage...

Comments  (12)

69dafe8b58066478aea48f3d0f384820 Hack: 24 Million Customer Records Breached

January 15, 2012 Added by:Headlines

A source has provided Infosec Island with a copy of a message they received while logging in to their account regarding a "security update". The message advises customers to change their password, but makes no mention of the massive data loss event...

Comments  (2)


The Next Generation Search Engine Hacking Arsenal

January 14, 2012 Added by:Pierluigi Paganini

LulzSec and Anonymous use Google Hacking as a means of identifying vulnerable targets, as it provides a complete and regularly updated source of sensitive info. Developers and sysadmins who want to deploy applications on cloud infrastructures should be aware...

Comments  (0)


Hash Types for John the Ripper

January 14, 2012 Added by:Rob Fuller

Pentest Monkey is a great resource for a lot of things. You can take this a step further and create a hash mangler script that takes a clean hash and adds the few prefixes and suffixes that are common on Pentest Monkey's list to get the most odds at John picking it up...

Comments  (1)


Exclusive: Interview With Hacker YamaTough

January 13, 2012 Added by:Anthony M. Freed

Update: “The Lords of Dharmaraja” claim to have released the source code for Symantec's Norton Utilities as was threatened earlier today. The alleged data dump has not been confirmed, and company officials have not yet released a statement. Exclusive interview with YamaTough here...

Comments  (3)


Why Do We Pen Test?

January 13, 2012 Added by:Robb Reck

When we get deep into the weeds of any pentest, the results are not going to be pretty. Some systems don’t get patched like they should. Some servers get stood up outside proper change controls. These types of exceptions cause pentest findings and look bad. They are gotchas...

Comments  (0)


On Defending Networks

January 13, 2012 Added by:Gabriel Bassett

If we can secure areas of the world existing in at least 3 domains (land, air, and space) if not four (adding sea), then we should easily be able to train to defend networks existing in a single domain (digital)...

Comments  (0)

Page « < 26 - 27 - 28 - 29 - 30 > »