Latest Posts

6d117b57d55f63febe392e40a478011f

Black Hat's Technical Director Travis Carelock

August 03, 2011

Travis Carelock is the Technical Director for the Black Hat USA 2011 Conference, taking place this year in Las Vegas, Nevada. Travis talks about some of the technical challenges his team ran into this year, including a fire alarm during the first keynote address by Cofer Black...

Comments  (0)

B451da363bb08b9a81ceadbadb5133ef

Native Auditing In Modern Relational Database Management

August 03, 2011 Added by:Alexander Rothacker

Modern databases provide powerful built-in auditing capabilities that are often underestimated. There are downsides of native auditing like the ability for a malicious user to manipulate the audit trail. Overall, this feature allows customers to monitor database activity at a very granular level...

Comments  (3)

0a8cae998f9c51e3b3c0ccbaddf521aa

Software Security for the Cloud - Same Pig, Shiny Lipstick

August 03, 2011 Added by:Rafal Los

The bottom line here is this - migrating to a cloud architecture doesn't magically make your applications secure... although for many SMBs this is a better option than trying to tackle this problem alone. Let's talk this through...

Comments  (0)

E9e4b2893895604b1b913b7b02e6640b

Four Questions to Start the Security Discussion

August 03, 2011 Added by:Brian McGinley

Intelligent businesses walk the security journey every day. Discussion prompts action, and I’ve found over my years in corporate management and data security that these four simple questions can often get the ball rolling...

Comments  (0)

4c1c5119b03285e3f64bd83a8f9dfeec

Rolling Out the Cloud In Australasia

August 03, 2011 Added by:Ben Kepes

It’s a direct allusion to Government's and corporate’s concerns around location of data – taking advantage of a short term point of difference makes sense for a small provider like that has only a limited window of opportunity to grow before larger and better funded competitors come to market...

Comments  (0)

6d117b57d55f63febe392e40a478011f

Interview Lineup for Black Hat in Las Vegas

August 02, 2011 Added by:Anthony M. Freed

While this is a working trip with little leisure time, I do get to enjoy a fabulous view from my hotel room here at Caesars Palace, compliments of the Black Hat event organizers and the wonderful folks over at Qualys - one of the event's premier sponsors. The video interview lineup is as follows...

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

On Broken SIEM Deployments

August 02, 2011 Added by:Anton Chuvakin

In this post, I want to address one common #FAIL scenario: a SIEM that is failing because it was deployed with a goal of real-time security monitoring, all the while the company was nowhere near ready (not mature enough) to have any monitoring process and operations criteria for it...

Comments  (0)

37d5f81e2277051bc17116221040d51c

The Benefits of Multifactor Authentication

August 02, 2011 Added by:Robert Siciliano

Specifically the FFIEC states: “Since virtually every authentication technique can be compromised, financial institutions should not rely solely on any single control for authorizing high risk transactions, but rather institute a system of layered security, as described herein...."

Comments  (0)

59d9b46aa00c70238bb89056cfeb96c0

The Board of Directors and Compliance

August 02, 2011 Added by:Thomas Fox

While generally the role of a Board should be to keep really bad things from happening to a Company, once really bad things have occurred the Board needs to take charge and lead the effort to rectify the situation or perhaps even save the company...

Comments  (0)

44fa7dab2a22dc03b6a1de4a35b7834a

Informal Cloud Buyers - A Growing IT Problem

August 02, 2011 Added by:Bill Gerneglia

Without central control of purchases, there is no homogeneous IT solution provider across the organization. This leads to inconsistent service, lack of collective purchasing discounts available at higher user volumes, and lack of standard IT policies, making for an IT management nightmare...

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

Mobile Payment Application PA-DSS Cert Clarification

August 02, 2011 Added by:PCI Guru

The PCI SSC has stated in this latest clarification that Category 1 and 2 applications and devices can continue through the certification process. These mobile applications have been explicitly called out even though they have been part of the certification process in the past...

Comments  (0)

Ba829a6cb97f554ffb0272cd3d6c18a7

How to Be A Private Sector Cyber Mercenary

August 01, 2011 Added by:Kevin McAleavey

Gen. Michael Hayden, former NSA and CIA Director under President Bush, suggested Friday that mercenaries could be the solution to the growing number of digital break-ins. So what happens if we give the "go order" on these only to find out that they bombed a kindergarten with an infected machine?

Comments  (3)

A08e32d2f9a8b78894d964ec7fd4172e

Juniper SRX Tips: Uniform Security Policy Modification

August 01, 2011 Added by:Stefan Fouant

With a couple of lines of code we can alter all of the existing policies on our device without having to resort to manual configuration of each and every one. This type of functionality is perfect when we want to have a singular set of configuration elements apply to all of our policies uniformly...

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

Log Management at Zero Cost and One Hour per Week?

August 01, 2011 Added by:Anton Chuvakin

CAN one REALLY do a decent job with log management (including log review) if their budget is $0 AND their time budget is 1 hour/week? I got asked that when I was teaching my SANS SEC434 class a few months ago and the idea stuck in my head. The only plausible way that I came up with is...

Comments  (3)

69dafe8b58066478aea48f3d0f384820

Microsoft Database Tracks Laptops and Smart Phones

August 01, 2011 Added by:Headlines

The data collected includes device MAC addresses and corresponding street addresses, which could be used to identify individual users in what amounts to clandestine tracking of customer movements. In fact, staff at Cnet were able to retrieve very specific device tracking information...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

On PLC Controllers and Obvious Statements

August 01, 2011 Added by:Infosec Island Admin

Post Stuxnet, this paper and the presentation to follow at DEFCON this year seems more like a call for attention and perhaps a marketing scheme than anything revelatory befitting a talk at DEFCON. Having read the paper, it leaves me nonplussed as to why this s being presented at all...

Comments  (1)

69dafe8b58066478aea48f3d0f384820

Homemade Spy Drone Cracks WiFi and GSM Networks

August 01, 2011 Added by:Headlines

"WASP is equipped with the tools to crack Wi-Fi network passwords made possible by an on-board VIA EPIA Pico-ITX PC running BackTrack Linux equipped with 32GB of storage to record information. WASP can also act as a GSM network antenna meaning it will be able to eavesdrop on calls/text messages..."

Comments  (6)

0a8cae998f9c51e3b3c0ccbaddf521aa

Weaponizing Cyberpsychology and Subverting Cybervetting

August 01, 2011 Added by:Rafal Los

In a talk to be shared for the first time at DEF CON 19, members from the UK based volunteer organization the OnlinePrivacyFoundation.org will share the results of their research on examining to what extent it is possible to determine someone’s personality through their Facebook activity...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Anti-Stalking Law Threatens Protected Speech Online

August 01, 2011 Added by:Headlines

"The idea that the government should police every inflammatory word spoken online chills freedom of speech and goes against decades of First Amendment case law. The court must recognize social network users' right to speak freely online, even if that speech is unpopular or offensive to some..."

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

Tradewinds: Discounts on Infosec Training and Certification

July 31, 2011 Added by:Infosec Island Admin

The ISLAND TRADEWINDS program is designed to offer infosec training and certification opportunities at significantly discounted rates. You can receive discounts of up to $500 or 20% on courses from Global Knowledge, Career Academy, SANS, and the Infosec Institute...

Comments  (4)