Blog Posts Tagged with "Protocols"
Ninety Percent of HTTPS Websites Insecure
May 08, 2012 Added by:Dan Dieterle
Of the 200,000 HTTPS websites tested, only about 10% are properly secured. Changes need to be made to the secure online transaction system. Several of the issues have already been addressed, sadly it seems that the appropriate measures to secure SSL have just not been taken...
Comments (5)
NIST: Secure Biometric Acquisition with Web Services
May 04, 2012 Added by:Headlines
Researchers at the NIST have developed a new protocol for communicating with biometric sensors over wired and wireless networks, called WS-Biometric Devices (WS-BD), allows desktops, laptops, tablets and smartphones to access sensors that capture biometric data using web services...
Comments (0)
CISSP Reloaded Domain Three: Telecoms and Network Security
March 19, 2012 Added by:Javvad Malik
Network security is so important yet because it’s complex, a lot of companies end up doing it wrong. Not as many people properly understand the security implications of the network and most companies don’t even know what their network is comprised of...
Comments (0)
Snort and SCADA Protocol Checks
January 26, 2012 Added by:Brent Huston
There are a wide variety of open source tools that can be leveraged around Snort, making it a powerful approach to visibility. Having people in the industry who know how the systems Snort work allows for better development of signatures for nefarious issues...
Comments (0)
Stratfor Hack Proves a Few Things
January 03, 2012 Added by:Jeff Bardin
How many more companies believe they can get by with half-baked security? Why are budgets being cut for information security by CIOs who just don’t get it? Why is it that organizations do business with other organizations without performing due diligence on the entity?
Comments (0)
Closing the Gate Before the Horse Bolts – On Passwords for the Cloud
December 12, 2011 Added by:Ben Kepes
Passwords it seems are both the bane of our existence and, apparently, the most important thing in our lives. Unfortunately the Cloud doesn’t really change this, good password protocols are as important in the Cloud as they were in an on-premise world and potentially even more so...
Comments (0)
DHS Cyber Security Audit FAIL
October 20, 2011 Added by:Headlines
"Adequate security controls have not been implemented on the [Mission Operating Environment] to protect the data processed from unauthorized access, use, disclosure, disruption, modification, or destruction," the Inspector General concluded...
Comments (1)
Companies Using Secure Protocols in an Insecure Manner
September 16, 2011 Added by:Cor Rosielle
I only looked at the Fortune 500 companies with knowledgeable IT and security staff, and with a board and directors who should care about security and have sufficient budget to get these basic things right. Let's hope the companies are as disappointed about these results as I was...
Comments (8)
Railgun Error Checking
August 31, 2011 Added by:Rob Fuller
One important thing to note about Railgun is that you are querying the API, and just as if you were using C++, the API you are calling just might not be there on the system. So here is a quick trick to find out if a the function (API) that you are trying to call is available to you...
Comments (0)
Red Hat 5 STIG: Network Settings
August 24, 2011 Added by:Jamie Adams
I would caution administrators from rushing to add all because most are defaults. The settings must be implicitly set in the sysctl.conf config file. My recommendation is to review the entire STIG in order to define a complete sysctl.conf file, so that it can be deployed and tested all at once...
Comments (0)
Pentagon Fails to Deliver Cyber War Policy Brief
July 22, 2011 Added by:Headlines
"The continued failure to address and define the policies and legal authorities necessary for the Pentagon to operate in the cyberspace domain remains a significant gap in our national security that must be addressed," wrote Senators Levin and McCain to Defense Secretary Panetta...
Comments (0)
VoIP and PCI Compliance
June 16, 2011 Added by:PCI Guru
When you start talking to security people about VoIP security, their knee-jerk response is to tell you that VoIP is secured by the corporate firewall. However, given that the VoIP protocols are stateless, even being behind a firewall really does not provide any protection...
Comments (1)
The History Behind EIGRP
April 23, 2011 Added by:Global Knowledge
IGRP scales better than RIP, as internetworks continued to grow in size a D-V protocol such as IGRP required excessive amounts of router CPU power and link bandwidth to support periodic advertisements. To overcome these limitations, EIGRP was developed...
Comments (0)
ZRTP Voice Encryption is Finally a Standard RFC
April 14, 2011 Added by:Fabio Pietrosanti
A new wave is coming to the voice encryption world, erupting to fill a gray area where most of the companies doing phone encryption have been implementing custom systems. Now a standard has been setup and there are few reasons left to continue implementing anything different...
Comments (0)
MITM Attack Exploits Windows IPv6 Protocols
April 06, 2011 Added by:Headlines
“All these Windows boxes will default connect to the evil router instead of the legitimate router when this parasitic overlay is running. If Microsoft didn't have that configuration by default, it would negate a lot of the effects of the attack..."
Comments (0)
The WebSocket Protocol: Past Travails To Be Avoided
March 25, 2011 Added by:Robert Gezelter
The WebSocket protocol is a new facility; originally conceived as part of the HTML5 effort. Together with its applications programming interface (API), the WebSocket protocol provides a standard framework for ongoing communications between web clients and servers...
Comments (0)
- Not Totally Sure What Just Happened...
- Has Anonymous Infiltrated the US Government?
- Big Opportunities in the Cloud
- Zeus Malware Targeting Facebook, Gmail and Yahoo Users
- Follow Up to the Out of Band Authentication Post
- Skype Malware Campaign Spreading Poison Ivy Trojan
- I Hope Edo is Worth the Privacy Risk
- Dutch MoD Innovation Competition 2012: CYBER Operations 2.0
- NIST Workshop: The Technical Aspects of Botnets
- Security Automation by Hand - Batch/Bash/FOR