Latest Posts

44fa7dab2a22dc03b6a1de4a35b7834a

Top 10 Threats to Security and Privacy for Business

June 10, 2011 Added by:Bill Gerneglia

It is difficult to remain 100% confident in your organizations security policies and procedures, but we must remain 100% committed to diligence in constant upgrades and feedback from attempted breaches to our networks and systems...

Comments  (0)

59d9b46aa00c70238bb89056cfeb96c0

Essentials for an FCPA Compliance Program

June 10, 2011 Added by:Thomas Fox

Ongoing monitoring, auditing and assessments need to go down to the individual employee level. There should be both a ‘carrot and stick’ approach so that employees are disciplined for compliance failures, but also rewarded for doing business through appropriate compliance avenues...

Comments  (1)

959779642e6e758563e80b5d83150a9f

Microsoft Monoculture as a Threat to National Security

June 10, 2011 Added by:Danny Lieberman

A report from a stellar cast of infosec experts and thought leaders shows that the complexity and dominance of Microsoft’s Windows operating system in US Federal agencies makes the government prone to cyber attack – a national security threat. This was in September 2003...

Comments  (2)

0a8cae998f9c51e3b3c0ccbaddf521aa

Thoughts on Software Security Assurance from a Like Mind

June 10, 2011 Added by:Rafal Los

Being able to tie exploitable issues in a running application to source code is the Holy Grail of security testing... but it's unlikely you'll get good adoption and success if you're trying to hand a bunch of developers black-box security testing technology...

Comments  (0)

4ff49873e3fed9a24adf0d37ae00b780

Questions Likely to be Asked on a Security Certification

June 10, 2011 Added by:Lee Munson

Most of these questions will seem like common sense but make sure that you look at your booklet before the test and give the answer they want. A lot of us may have different ways of dealing with clients but if you want to past your test, give the answer that they want you to give...

Comments  (0)

3e35900ae6facc6c146a85c435c71d82

CERT Resilience Management Model (RMM)

June 09, 2011 Added by:Ben Rothke

The model has two primary objectives: the convergence of operational risk and resilience management such as security, business continuity, and aspects of IT operations management into a single model, and to apply a process improvement approach to operational resilience management..

Comments  (0)

D8853ae281be8cfdfa18ab73608e8c3f

Remote DLL Injection with Meterpreter

June 09, 2011 Added by:Rob Fuller

What sets that method apart is the fact that the suspension (once the DLL injection occurs) comes from within the process, and it suspends all the child processes as well. Another way you can do this without the injection is just sending a suspend to all the threads in the process...

Comments  (0)

E973b16363b3de77b360563237df7e32

Mac Antivirus - Being Careful and Staying Safe

June 09, 2011 Added by:Bozidar Spirovski

What antivirus software packages have a Mac version? As of June 2011, Wikipedia lists that only 16 out of 62 antivirus software packages support the Mac. In a very interesting marketing move, some antivirus manufacturers actually offer free use of antivirus packages for Mac...

Comments  (0)

6d117b57d55f63febe392e40a478011f

LIGATT Email on LulzSec Dox PR Appears to be Fake

June 09, 2011 Added by:Anthony M. Freed

The Pastebin posting appears to be from an email sent by Evans on June 5th to a staff member instructing them to produce the LulzSec investigation press release that Evans claims was fraudulent, and to distribute the release through outlets the company does not normally use...

Comments  (9)

69dafe8b58066478aea48f3d0f384820

Seventy-Seven Percent of Organizations Lost Data

June 09, 2011 Added by:Headlines

“With hundreds of data loss incidents every year – both reported and unreported – it’s no surprise the issues with governance, risk and compliance are being magnified. Data security in a modern day world means more than deploying a set of technologies to overcome these challenges..."

Comments  (0)

7c5c876d1933023ac375eead04302e1a

Fake Security Firms Will Be Exposed

June 09, 2011 Added by:Boris Sverdlik

Joe Black has built a reputation around certifications and misinformation. He has a very interesting career, that we can trace back to his days at Wright Printing in 2005 according to his LinkedIn Profile which is also about the time he was supposedly enrolled at ITT...

Comments  (9)

70e177868d7bc383ce3ea10b6f976ada

To Disclose or NOT to Disclose...

June 09, 2011 Added by:Andrew Baker

The issue of disclosure is a sensitive one, and it is important not to feed more bad guys with more information that will allow them to have greater success, but it is abundantly clear that two months of saying essentially nothing is at least just as bad as saying too much, if not worse...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Citigroup Suffers Breach of Customer Information

June 09, 2011 Added by:Headlines

Citigroup has confirmed an unauthorized network access event may have compromised the account details of as many as two hundred thousand North American banking clients. Representatives said they detected the breach of the Citi Account Online network in May through routine monitoring...

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

PCI Self-Assessment Questionnaires

June 09, 2011 Added by:PCI Guru

Where most organizations go wrong with the original SAQ C is when they have an integrated POS that connects back to a corporate network. Remote management is allowed in this environment, but the entity that remotely connects must not have uncontrolled access to the POS environment...

Comments  (0)

8c4834b99847b9f7c9ee94b45df086f9

Sony Breach Highlights Secure Password Storage

June 08, 2011 Added by:Emmett Jorgensen

Secure password storage is crucial to any secure system. From sites such as Sony to operating systems and data backups on encrypted hard drives, if the password is in plain text your account and data is not safe. After all, why try to guess a password if you can just copy and paste it?

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Solution Architecture: A Critical Service or Sales Talk?

June 08, 2011 Added by:Rafal Los

Over time the term has become widely over-used to the point where meaning is largely lost, and sadly most people on the buyer side of the aisle think it's just some marketing term or a way to get them to buy more of whatever widget is being sold...

Comments  (0)

F520f65cba281c31e29c857faa651872

APTs Require a Comprehensive Architecture

June 08, 2011 Added by:Rahul Neel Mani

APTs are becoming more and more complicated. However, there are certain security measures that organisation still need to take. Take the case of Epsilon data breach, or RSA breach. Hacked using simple social engineering tools like spear phishing and phishing e-mail to succeed...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Disabling Facebook's Facial Recognition for Privacy

June 08, 2011 Added by:Headlines

What is truly annoying about Facebook's setup from a privacy perspective is that users have very little control over what other members post about them, particularly when it comes to photos and tagging, and the facial recognition feature further aggravates the situation...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

FBI Recruits One in Four U.S. Hackers as Informants

June 08, 2011 Added by:Headlines

"The FBI are always there. They are always watching, always in the chatrooms. You don't know who is an informant and who isn't, and to that extent you are vulnerable..."

Comments  (0)

959779642e6e758563e80b5d83150a9f

Application Software in the Cloud – Power to the People

June 08, 2011 Added by:Danny Lieberman

We all use the term ”IT Governance” as if security of data was dependent on policy. Since we have lots of IT governance and lots of data breaches, we may safely assume that writing procedures while the hackers attack software and steal data is not an effective security countermeasure...

Comments  (0)