Latest Posts
Important Tips for Input Validation
August 10, 2010 Added by:Brent Huston
Input validation is the single best defense against injection and XSS vulnerabilities. Done right, proper input validation techniques can make web-applications invulnerable to such attacks. Done incorrectly, they end up bringing little more than a false sense of security...
Comments (0)
What CXOs Fail to Grasp about Enterprise Security
August 10, 2010 Added by:Richard Stiennon
Government regulations and outside auditors have tremendously distracting effects on IT security people. They got into security because they like the day to day battle with bad guys- the technical challenge of securing networks and applications. They did not sign up for endless meetings and paper work...
Comments (2)
On the BlackHat ATM Hacking Demonstration
August 10, 2010 Added by:Global Knowledge
The presentation at BlackHat demonstrated how simple software designed to exploit a security hole in the authentication mechanism is used to update the firmware on automated teller machines could make an ATM dispense cash on demand...
Comments (0)
Dr. InfoSec's Quotes of the Week (006)
August 10, 2010 Added by:Christophe Veltsos
Who said: "The cybercrime ecosystem continues to thrive without the need for zero day flaws, and it will continue to as long as millions of end users continue getting exploited with 6+ months old flaws..."?
Comments (0)
Capsa Free - The Terminator of Wireshark?
August 10, 2010 Added by:Ray Tan
Wireshark, the world's foremost network protocol analyzer, is well known for its powerful decoding abilities and its multi-platform support. Several days ago one of my friends called me happily wanting me to have a look at a GUI network analyzer: Capsa free...
Comments (2)
100 Million Facebook Profiles Published via P2P
August 10, 2010 Added by:Robert Siciliano
Here’s how it went down: a good guy hacker developed a program that went through all 500 million profiles and was able to skim (scrape) all the data from Facebook that wasn’t locked down via the users Facebook privacy settings...
Comments (1)
Internet Security Alliance on Government and Cybersecurity
August 09, 2010 Added by:Marjorie Morgan
Downloading copyrighted content from YouTube is not a cybersecurity issue, organized gangs systematically exploiting personal data is. One might question if the government is devoting proper attention to the cybersecurity issues that are most in need of national attention...
Comments (0)
Cutting Edge Cyber Security Training
August 09, 2010 Added by:Anthony M. Freed
It seems like every day we hear about another company losing important customer information or data, like social security numbers, to hackers or security breaches. Companies like to be in the news, but not with headlines like this...
Comments (0)
Jailbreak SSH Horrors Strike Back
August 09, 2010 Added by:Rob Fuller
This recent jailbreak was using a website, the individuals running that site now have the IP address of freshly jailbroken iPhones and iPads. I am not saying that they have any ill intentions, but sites have been broken into before, and that would be one hell of a gold mine...
Comments (0)
PCI Feels Like Something is Being Done to Me
August 09, 2010 Added by:PCI Guru
In a lot of these organizations, security has been given the short shrift and has been perpetually on the back burner. In these organizations, senior management sees security, and IT as a whole, as a money pit that does nothing for the organization...
Comments (1)
Surety Bonds as Enterprise Security
August 09, 2010 Added by:Michael O'Connor
I cannot overstate the importance of making sure that any business that you do with companies eligible for bonding is actually licensed and bonded. The financial implications of doing so are just too great otherwise...
Comments (0)
Strategies for Choosing the Right Pen Test
August 08, 2010 Added by:Ron Lepofsky
Pen tests may seem like a security test panacea. However they have been known to go terribly wrong and become vastly expensive. Here’s what you need to know to make sure you get the results you want at the price you expect...
Comments (1)
Proposed Modifications to the HIPAA Rules Part Two
August 08, 2010 Added by:David Navetta
The proposed modifications would require organizations that currently issue notices of privacy practices to make material changes to those notices. The modifications do not appear to change the existing rules as to who is responsible for issuing the notice of privacy practices...
Comments (0)
The Cloud is Not a Product
August 08, 2010 Added by:Rahul Neel Mani
I do not think cloud is a product that a vendor brings to the table. My view of cloud is a modern architecture where you have a choice of various layers that delivers rich and quick application development. By definition, you cannot have cloud in a box...
Comments (0)
School Directors Face Background Checks
August 08, 2010 Added by:Robert Siciliano
A new bill in New Jersey would disqualify school board members from serving if they’ve been convicted of serious crimes. Further, it would require them to pay for the cost to get background checks themselves or with campaign money...
Comments (0)
ByDesign 2.5 Releases – Questions and Answers
August 07, 2010 Added by:Ben Kepes
ByD is a significant improvement and feels like a real cloud product in features and execution. Questions remain about SAP’s ability to speak to the needs of a more agile marketplace, and whether they can gain on-demand scale against the very aggressive earlier entrant NetSuite...
Comments (0)
A System Hardening Process Checklist
August 07, 2010 Added by:Bozidar Spirovski
Hardening is the process of securing a system by reducing its surface of vulnerability. All system hardening efforts follow a generic process. So here is a checklist by which you can perform your hardening activities..
Comments (0)
Army Private Cloud RFP Released
August 07, 2010 Added by:Kevin L. Jackson
Traditionally the Army has used a relatively decentralized approach to provision of information systems and services. This approach has enabled significant innovation and enhanced warfighting capability. The Army is now ready to leverage a more centralized approach...
Comments (0)
Dissection of an Active Malware Campaign
August 06, 2010 Added by:Mark Baldwin
It is clear that whoever is behind this attack is targeting many different search terms and thus all search results should be viewed with care. Also, it appears that there are many compromised servers that are part of this campaign and that this is not an isolated case...
Comments (1)
Feedback on SANS Top 7 Essential Log Reports
August 06, 2010 Added by:Anton Chuvakin
Thanks for overwhelming community response. The list has grown and is on the verge of becoming unwieldy, so I am about to close the comment period, write up the doc - any smokin’ hot log reports to add? Anything I should take OFF the list for not being top and essential?
Comments (0)
Your Own Private Island
December 24, 2011Coming Soon! Build your own Island right here!
Make your home Infosec Island with your own private vanity URL, design options and private network of followers.
Infosec Island v2
December 24, 2011The latest version of Infosec Island is now available. There are more content options and more ways to connect and interact with your peers.
Thanks to everyone for a great year, and we're looking forward to an excellent 2012!