Blog Posts Tagged with "Infosec"
Who Are You Preaching to Anyway?
May 16, 2012 Added by:Neira Jones
Hard core security conferences continue to happen and continue to be successful, and long may it continue. We still need the techies to make sure we have the right tech to support the people and processes in our businesses. We also need the techies to try and keep ahead of the bad guys...
Comments (1)
Security BSides Detroit Announces its June Schedule
May 15, 2012 Added by:Steven Fox, CISSP, QSA
The BSides conference is billed as a un-conference where practitioners go for clear unfiltered view of the industry. The conference features two tracks and thirty-two talks of local and national experts on a variety technical and non-technical subjects...
Comments (0)
Infosec is Not a Religion
May 15, 2012 Added by:Scot Terban
Infosec is not a religion. There are no Cardinals, there are no Bishops, there are only a bunch of people who want their opinion to be heard and listened to ad nauseum. It’s as simple as that, and if you start clothing it in the robes of ecclesiastical rhetoric, you FAIL...
Comments (1)
Are We Reaching Security Conference Overload?
May 14, 2012 Added by:Tom Eston
We have more security and hacking conferences than ever, but now there is also more overlap. These choices can make it harder for researchers to present new and relevant content and also tough to decide which conferences to attend from a attendee perspective...
Comments (0)
Taming the WWW or Wild Wild West
May 14, 2012 Added by:Jayson Wylie
There is a reason the security world refers to exploitation on the Internet to activity ‘in the wild’. A comparison can be made to the lawless, tough and unforgiving world of the Wild West in American history. You can get your stuffz or scalp taken...
Comments (0)
What Infosec Can Learn from Enron
May 09, 2012 Added by:Beau Woods
Auditors aren't the sole authoritative voice, and they can be fooled or coerced like anyone else. Too often internal and external auditors are trusted as the arbiters of right and wrong. This can fail an organization if executives don't understand the role auditors should play...
Comments (0)
Aren’t all Security Professionals Evangelists?
May 09, 2012 Added by:Andrew Weidenhamer
I often wonder is Evangelist the right title for some individuals. Considering that the main audience for a “Security Evangelist” is the security community, I’m not entirely sure how much conversion is actually happening as we all understand the importance of security...
Comments (2)
Understanding Trust
May 07, 2012 Added by:Kevin W. Wall
In computer security, we should strive to make all trust relationships explicit and leave nothing to chance or misinterpretation. That's one key step in defining a trust model. At its core, information security is largely about the two goals of “ensuring trust” and “managing risk”...
Comments (0)
Information Security is More than Prevention
May 04, 2012 Added by:Brent Huston
One of the biggest signs that an organization’s infosec program is immature is they have an obsessive focus on prevention and equate it with security through knee-jerk reactions to vulnerabilities, never-ending emergency patching situations and a continual fire-fighting mode...
Comments (0)
Fear and Loathing in Infosec: The Black Mass
May 02, 2012 Added by:Scot Terban
Gesticulating and making odd sounds, the hackers milled and jerked around like some strange species of black raptors. Babbling incoherently about arcane knowledge in the hopes of one upping the other hapless technoweens in the room....
Comments (0)
Guide to the OWASP Application Security Top Ten
May 01, 2012 Added by:Fergal Glynn
Operating as a community of like-minded professionals, OWASP issues software tools and knowledge-based documentation on application security. All of its articles, methodologies and technologies are made available free of charge to the public...
Comments (0)
OpenX CSRF Vulnerability Being Actively Exploited
May 01, 2012 Added by:Mark Baldwin
This vulnerability from July 2011 is still present in the latest version of OpenX Source (version 2.8.8). Moreover, this vulnerability is being actively exploited to compromise OpenX Source installations in order to serve malicious content via banner ads...
Comments (2)
ENISA: Cyber Exercise Stocktaking Survey
April 30, 2012 Added by:Infosec Island Admin
As cyber crises occur on larger scales, managing them effectively requires international cooperation. ENISA would like to take stock of national and international cyber exercise efforts worldwide. The result of this project will be a global map of cyber exercises...
Comments (0)
ENISA Seeks Experts for Permanent Stakeholders Group
April 26, 2012 Added by:Infosec Island Admin
The PSG will be composed of 30 leading experts in network and information security, and should represent the information and communications industry, consumer and user organizations, as well as academic and research institutions. Submit applications by April 30, 2012...
Comments (0)
Super Security Guy
April 26, 2012 Added by:Wayde York
While I was talking to the bank operator, I tried to login to my account and when I put in the username/password, I couldn’t get in. The bad guys had changed my login, or so I thought. Red lights were flashing and the bulk of my security expertise poured in to the rescue...
Comments (1)
On the Sustainability of Information Security
April 25, 2012 Added by:Rafal Los
The only way that information security can be a group of outliers is if we're considering ourselves within the entirety of the IT realm. While this would be great for my ego to think that myself and all my peers are just smarter than everyone else in IT, I know this to be false...
Comments (0)
- Not Totally Sure What Just Happened...
- Has Anonymous Infiltrated the US Government?
- Big Opportunities in the Cloud
- Zeus Malware Targeting Facebook, Gmail and Yahoo Users
- Follow Up to the Out of Band Authentication Post
- Skype Malware Campaign Spreading Poison Ivy Trojan
- I Hope Edo is Worth the Privacy Risk
- Dutch MoD Innovation Competition 2012: CYBER Operations 2.0
- NIST Workshop: The Technical Aspects of Botnets
- Security Automation by Hand - Batch/Bash/FOR