Search:

Latest Posts

959779642e6e758563e80b5d83150a9f

Mobile Device Security Challenges

February 23, 2011 Added by:Danny Lieberman

Deploying line of business or life science applications on mobile Android tablets or an iPad has a different set of security requirements than backing up your address book. It requires thinking about the software security and privacy vulnerabilities in a systematic way...

Comments  (1)

485f5553442ebdfbfa4926166697c319

Authentication: Balancing Security, Usability and Cost

February 22, 2011 Added by:Roman Yudkin

The burden of so many complex passwords is too high, especially if the user believes the odds of their credentials being stolen are small. Advice on choosing strong passwords and never re-using them is rejected as a poor cost/benefit tradeoff. No wonder users have bad password practices...

Comments  (0)

Dd9902bc56a9d85cdc62c00083ea4871

Preventing Online Fraud: Assumptions versus Awareness

February 22, 2011 Added by:Katie Weaver-Johnson

Experts (and vendors) are recommending banks increase their security measures and implement expensive fraud detection solutions. Unfortunately this is merely reacting to a symptom rather than preventing the problem. The root of the problem is uneducated consumers and lack of situational awareness...

Comments  (4)

Ebb72d4bfba370aecb29bc7519c9dac2

Complete PCI DSS Log Review Procedures Part 15

February 22, 2011 Added by:Anton Chuvakin

Finally, it is useful to create a “PCI Compliance Evidence Package” based on the established and implemented procedures to show it to the QSA. It will help establish your compliance with three key of PCI DSS logging requirements...

Comments  (0)

9259e8d30306ac2ef4c5dd1936e67634

ISO 27001 Foundations Part 3: Annex A Overview

February 22, 2011 Added by:Dejan Kosutic

Annex A provides a catalog of 133 security measures (controls) for decreasing risks. Knowing what controls Annex A offers, how they can be used, and how the documentation is to be structured is very important both when carrying out risk treatment, and when planning to implement the controls...

Comments  (0)

314f19f082e69886c20e31c70fe6dceb

Using Ninja to Monitor And Kill Rogue Privilege Escalation

February 22, 2011 Added by:Rod MacPherson

Once a hacker (if they have malicious intent we'll call them crackers) has found a way onto a system s/he then usually needs to jump to the Administrator or system or root account. Ninja is a program for Linux (and presumably most Unix like OSes) that monitors for such privilege escalation...

Comments  (4)

44a2e0804995faf8d2e3b084a1e2db1d

The Evolution of Endpoint Attacks

February 22, 2011 Added by:Don Eijndhoven

Endpoint protection will remain the name of the game, and what software vendors are doing right now isn't working. Its a failing approach that’s becoming increasingly obvious with each new report of a major breach. A change needs to be made before Organized Crime realizes its full potential...

Comments  (3)

B44a73900ca3197c2d8f148e303b3faa

Changing Infosec Perceptions by Being 'Nice'

February 22, 2011 Added by:Brad Bemis

Pardon my language, but in my experience you don’t have to be a prick to be an effective security professional – in fact, being a prick is counterproductive in almost every way imaginable. Being nice however, will serve you in ways that I can’t even begin to explain...

Comments  (1)

6d117b57d55f63febe392e40a478011f

RSA: Matt Alderman of Qualys Talks App Sec and the Cloud

February 22, 2011

Anthony M. Freed interviews Matt Alderman, Director of Product Management for Qualys. Matt has experience in solutions-oriented Governance, Risk Management and GRC, as well as directing a broad range of corporate compliance initiatives while designing, planning and implementing compliance solutions in direct support of client business objectives.

Comments  (0)

850c7a8a30fa40cf01a9db756b49155a

Magenta: HBGary Federal's Cyberoffense Failure

February 21, 2011 Added by:J. Oquendo

Magenta would be a new breed of windows based rootkit. The Magenta rootkit body is injected into kernel memory via the DriverEntry() partial-load technique. Once loaded into kernel memory, Magenta would automatically identify an active process/thread context to inject itself via an APC...

Comments  (1)

7e6249b5c7f6b63c28587c820b16edcb

Digital Forensics and E-Discovery on OpenVMS

February 21, 2011 Added by:Robert Gezelter

OpenVMS system managers need to develop the plans, processes, and procedures to respond to legal process requests. Correctly dealing with these requests minimizes the impact on production systems. Failure to address these situations can expose the organization to significant liability...

Comments  (0)

11146d62a6c31fb9fac8ac8ac991e08d

Why does Web App Security Continue to Stink?

February 21, 2011 Added by:Andy Willingham

Many security issues arise from assuming that the advice of someone else (consultant, vendor) is going to keep you secure. Companies are rolling out web based applications faster than they realize. When you don’t know how many web apps you have, you have bigger problems than just securing them...

Comments  (1)

37d5f81e2277051bc17116221040d51c

Shoring Up National Cyber Security Infrastructure

February 21, 2011 Added by:Robert Siciliano

Corporations and government agencies are legally required to secure their systems. But no such standards exist for the consumer. No laws require you to take a single step for the sake of your own security. Software vendors should certainly be held accountable if their products aren’t secure...

Comments  (0)

6648b1abd4a9b964566c3690613f20a6

Profiling the Use of Javascript in a Driveby Download Attack

February 21, 2011 Added by:Mark Baldwin

The process described in this article is very typical of how hackers use javascript to install malware on unsuspecting users browsing the web. Understanding how the bad guys use web technology to conduct their attacks can help all of us defend our networks against them...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

NSA and DoD Warn of Destructive Cyber Attacks

February 21, 2011 Added by:Headlines

"Few weapons in the history of warfare, once created, have gone unused. It is possible to imagine attacks on military networks or critical infrastructure-like our transportation system and energy sector-that cause severe economic damage, physical destruction, or even loss of life"...

Comments  (0)

39b6d5c1d3c6db11155b975f1b08059f

What’s the Threat? Smart Grid or Dazed Defenders

February 21, 2011 Added by:Ron Lepofsky

NERC CIP standards are written expressly for electrical utilities. If rigorously deployed they are a material step towards security. A more comprehensive set of security control within COBIT, upon which IT SOX compliance is based, should be considered for hardening the electrical grid...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Security BSides, RSA: Things That Get Lost in the Shuffle

February 20, 2011 Added by:Rafal Los

Micro-focusing on the events and technology drivers that impact the state of software security is tough - especially when the hot topic of the day is cloud, cloud, cloud, "data exfiltration" - which we all know is code for WikiLeaks - and... oh, right, 'Cyber War'...

Comments  (2)

D8853ae281be8cfdfa18ab73608e8c3f

Brute Forcing Passwords and Word List Resources

February 20, 2011 Added by:Rob Fuller

Brute force, even though it's gotten so fast, is still a long way away from cracking long complex passwords. That's were word lists come in handy. It's usually the crackers first go-to solution, slam a word list against the hash, if that doesn't work, try rainbow tables..

Comments  (1)

21d6c9b1539821f5afbd3d8ce5d96380

Federal Cloud Computing Strategy Officially Launched

February 20, 2011 Added by:Kevin L. Jackson

Cloud computing allows the Federal Government to use its IT investments in a more innovative way and to adopt innovations from the private sector. Cloud computing will also help IT services take advantage of leading-edge technologies including devices such as tablet computers and smart phones...

Comments  (0)

6d117b57d55f63febe392e40a478011f

RSA: Richard Stiennon on Surviving Cyber War

February 20, 2011

Anthony M. Freed interviews Richard Steinnon, author of the thought provoking book "Surviving Cyber War" (Government Institutes). He regularly contributes content to Infosec Island from his security blog ThreatChaos.com, and is the founder of IT-Harvest, an independent analyst firm that researches the 1,200 IT security vendors. He was previously Chief Marketing Officer for Fortinet, Inc. the leadi...

Comments  (0)

« First < Previous | 221 - 222 - 223 - 224 - 225 | > Next » Last



Popular Topics
Access Control  Anonymous  Application Security  Attacks  Authentication  Best Practices  China  Cloud Computing  Cloud Security  Compliance  Cyber Crime  Cyber Security  Cyber Warfare  Cyberwar  Data Loss  Data Loss Prevention  Denial of Service  Employees  Encryption  Enterprise Security  Espionage  Exploits  FBI  Government  Hacking  Hacktivist  Headlines  ICS  ICS-CERT  Identity Theft  Industrial Control Systems  Information Security  Information Technology  Infosec  Infrastructure  Law Enforcement  Legal  Managed Services  Management  Military  Mobile Devices  National Security  Network Security  PCI DSS  Passwords  Penetration Testing  Policies and Procedures  Policy  Privacy  Regulation  Risk Management  SCADA  Security  Security Audits  Security Awareness  Security Strategies  Social Engineering  Social Media  Stuxnet  Tools  Training  Vulnerabilities  breach  breaches  fraud  hackers  internet  malware  report  vendors