Latest Posts
Antivirus Ban for Iran: A Controversial Penalty
February 20, 2012 Added by:Pierluigi Paganini
Iran will be banned from the purchase of antivirus systems, a technological embargo with clear implications for the Stuxnet virus attacks and the need to prevent further infections to control systems for critical infrastructures, namely their nuclear programs...
Comments (0)
Waledac Spam Botnet Evolves into Password Sniffer
February 20, 2012 Added by:Headlines
Researchers form Palo Alto Networks have detected a new variation of the briefly defeated Waledac spamming botnet, but this version is able to sniff out login credentials for several email protocols as well as files with the .dat extension related to BitCoin and FTP...
Comments (0)
A Better Path for Applications: Respecting Users
February 20, 2012 Added by:Electronic Frontier Foundation
Even with industry standard security practices in place, data is still vulnerable to a breach or a subpoena. Companies collecting personal data have an obligation to keep as little personally identifiable data as necessary to provide their services...
Comments (0)
Planned Anonymous Attack on the Internet Likely to Fail
February 20, 2012 Added by:Headlines
"The attack is no longer practical. It's such a common idea that Wikipedia has a page devoted to it. For something so obvious, defenders have spent considerable time devising solutions. There are many reasons why such an attack won't cause a global blackout..."
Comments (1)
Infosec: Where is Our “Long Tail”?
February 20, 2012 Added by:Dave Shackleford
The “long tail” concept illustrates the subtle, often overlooked 20% market that tends to be more niche. We need those organizations that are desperate to find unusual solutions that are not available at all right now. And we need small startups to provide them...
Comments (2)
ICS-CERT: 7T AQUIS DLL Hijacking Vulnerability
February 20, 2012 Added by:Infosec Island Admin
An uncontrolled search path element vulnerability, commonly referred to as DLL Hijacking, in the 7-Technologies (7T) AQUIS software could lead to arbitrary code execution with successful exploit...
Comments (0)
The Security Impact of Putting it in the Cloud
February 20, 2012 Added by:Robb Reck
nd. Information security must not be the roadblock that prevents the adoption of such technology. By thinking ahead about the kinds of risks that outsourcing our systems will involve, we can be ready to quickly and securely lead our organization into the cloud...
Comments (1)
Cybersecurity Act of 2012 - Cybersecurity Collides with Risk
February 20, 2012 Added by:Rafal Los
This is just a chance to create some new regulatory-agency office, hire a bunch of new auditors, attorneys, experts, and waste more time rather than actually making critical infrastructure more risk-averse...
Comments (0)
Application Software and Security: A Tale of Two Market Sizes
February 20, 2012 Added by:Fergal Glynn
We spend 0.3% of what we pay for software on ensuring that it is secure. Now you can argue that manual testing is not included. However, even when you account for this variance, the gap in what we spend to buy software and what we spend to secure it is huge...
Comments (0)
Google Wants to Get to Know You Better... Uh-Oh
February 20, 2012 Added by:Kelly Colgan
The company that started out as a little search engine has grown into a behemoth that dabbles in everything from social networking to picture sharing to 3D modeling. And it plans to integrate information pulled from all of those Google services you use to learn more about you...
Comments (0)
Infosec Island's Javvad Malik and Black Hat Europe 2012
February 19, 2012
Infosec Island's Javvad Malik will be on site at the Black Hat Europe conference in Amsterdam conducting video interviews and - no doubt - interjecting his trademark brand of humor while exploring cutting edge infosec trends and developments...
Comments (0)
Log Management: Debugging Security
February 19, 2012 Added by:Danny Lieberman
Logs are key to security management not only for understanding what and why an event happened but also in order to prove regulatory compliance. The business requirements are that security logs should be both relevant and effective...
Comments (0)
Metadata: A Pentester’s Best Friend
February 18, 2012 Added by:Jake Garlie
Most modern productivity software will automatically insert this information into documents for benefits such as collaboration. However, if not removed before being published to a website, metadata can put an organization at risk...
Comments (0)
Anonymous Now Interested in the Great Firewall of China
February 18, 2012 Added by:Pierluigi Paganini
Why have they not targeted China before? Hypothetically, the structure of Anonymous could have been infiltrated and directed against the Chinese as part of a strategy defined by the West, or perhaps someone is using the name Anonymous to conduct undercover operations...
Comments (0)
NLRB Issued Second Report on Social Media Enforcement
February 17, 2012 Added by:David Navetta
As we have previously noted in prior posts about the NLRB’s social media enforcement actions, employers should carefully review and adjust their social media policies and practices in light of the NLRB’s guidance and enforcement...
Comments (0)
Auditor IV: The Card Data Breach
February 17, 2012
When the unthinkable happens to a company, there's only one person they need to get to the bottom of the matter. The Auditor is back, but this time it's different...
Comments (0)
Intelligence Committee Continues Probe into Chinese Telecoms
February 17, 2012 Added by:Headlines
Chairman Rogers initiated the probe last fall after a preliminary inquiry into Chinese espionage operations determined the need for further investigation into threats aimed at the U.S. technology supply chain, critical infrastructure, and proprietary information...
Comments (0)
Responsibility vs Capability in the CISO Role
February 17, 2012 Added by:Rafal Los
Capability is often seen as the ability to enforce - whether its corporate politics, budget, or a top-down reporting structure. If you don't have the capability to force people to follow organization-wide decisions it is difficult to have a solid organization...
Comments (0)
Anonymous Hacks and Defaces FTC Websites
February 17, 2012 Added by:Headlines
The rogue hacktivist collective Anonymous has claimed credit for hacking and defacing several Federal Trade commission (FTC) websites in protest of the US government's support of the Anti-Counterfeiting Trade Agreement (ACTA)...
Comments (0)
The Differences Between Security Certifications
February 17, 2012 Added by:Joshua Lochner
It seems like certifications have always been a source of contention for IT professionals. What are “The Right” certifications to get? Are they needed? Which ones would someone reap the most benefit from? Who cares?
Comments (0)
Your Own Private Island
December 24, 2011Coming Soon! Build your own Island right here!
Make your home Infosec Island with your own private vanity URL, design options and private network of followers.
Infosec Island v2
December 24, 2011The latest version of Infosec Island is now available. There are more content options and more ways to connect and interact with your peers.
Thanks to everyone for a great year, and we're looking forward to an excellent 2012!