Latest Posts

9259e8d30306ac2ef4c5dd1936e67634

How to Prepare for the ISO 27001 Certification Audit

September 26, 2011 Added by:Dejan Kosutic

In Stage 1 audit (called Documentation review) the certification auditor checks whether your documentation is compliant with ISO 27001; in Stage 2 audit (also called Main audit) the auditor checks whether all your activities are compliant with both ISO 27001 and your documentation...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Western Powers Wary of Chinese Cyber Espionage Ops

September 26, 2011 Added by:Headlines

"The broad international view... is that China is one of the countries at the forefront of cyber attacks on other states, which it is doing for fairly obvious reasons - intelligence gathering, political and strategic advantage, and also for defensive purposes..."

Comments  (0)

B64e021126c832bb29ec9fa988155eaf

Capturing Logins with Keyscan and Lockout_Keylogger

September 26, 2011 Added by:Dan Dieterle

Sometimes a penetration tester may have remote access to a user’s machine, but he may not have the password, or the user has a very long complex password that would take too long to crack. Backtrack 5′s Metasploit Framework has a utility for capturing keys pressed on a target machine...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

BEAST Emerges: Browser Exploit Against SSL/TLS

September 26, 2011 Added by:Headlines

"Cookie[s] [are] encrypted so that an attacker can't grab it and use it himself on your online banking site and impersonate you. But now they are able to decrypt those cookies on the fly and then hijack that session with the secure site and effectively impersonate you..."

Comments  (3)

D8853ae281be8cfdfa18ab73608e8c3f

Populating Your Virtual Victim Domain

September 26, 2011 Added by:Rob Fuller

Adding users to a domain for learning, training, or for testing things out on can be tedious. Most of the time I just put a few users , however that doesn't give someone in training much, i.e.: It's really easy to identify the 'interesting' users when there are only a couple to pick from...

Comments  (1)

69dafe8b58066478aea48f3d0f384820

Coalition Challenges Domestic Surveillance Policies

September 26, 2011 Added by:Headlines

"Congress has already provided the courts with strong, clear security procedures for handling evidence related to secret government surveillance. Letting the courts do their job and judge the legality of government wiretapping will not risk national security..."

Comments  (0)

4085079c6fe0be2fd371ddbac0c3e7db

MAC versus DAC in SELinux

September 25, 2011 Added by:Jamie Adams

This simple real-world example demonstrates how MAC rules supersede DAC settings. I encourage you to read the system documentation and experiment on lab systems. Too often system administrators become frustrated by "AVC Denial" messages and resort to disabling this enhanced security...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

STUXPOCALYPSE and FUDDERY

September 25, 2011 Added by:Infosec Island Admin

In order to have the “mass casualties” scenario, Stuxnet variants would have to be as varied as the number of makers of PLC systems out there. Just as the actual payload file to make a fire sale scenario happen would geometrically increase to have to become its own form of bloatware...

Comments  (0)

94ae16c30d35ee7345f3235dfb11113c

It’s War! It’s a Cyberwar!

September 24, 2011 Added by:Joel Harding

Mitsubishi Heavy Industries in Japan is under attack. Why is this not a cyberwar? Besides the obvious legal definitions where this doesn’t even remotely resemble a war - no declaration of war nor is there an ‘act of war’ as in the US Code - and there is certainly no death and destruction...

Comments  (2)

D13f77e036666dbd8f93bf5895f47703

Protecting Photo Privacy Online

September 24, 2011 Added by:Theresa Payton

You can use different privacy settings to protect your photos, but sometimes online services have glitches and strangers can see your videos and photos. Cyber Expert Theresa Payton - former White House CIO - offers some easy tips you might want to consider before you upload those photos...

Comments  (0)

8b5e0b54dfecaa052afa016cd32b9837

FACT CHECK: SCADA Systems Are Online Now

September 23, 2011 Added by:Craig S Wright

Nearly all SCADA systems are online. The addition of a simple NAT device is NOT a control. Most of these systems are horribly patched and some run DOS, Win 95, Win 98 and even old Unixs. Some are on outdated versions of VMS. One I know of is on a Cray and another is on a PDP-11...

Comments  (20)

7fef78c47060974e0b8392e305f0daf0

Stuxpocalypse: Hide Your Women and Children!

September 23, 2011 Added by:Infosec Island Admin

Sure, there are many systems out there running PLC’s and they are likely vulnerable to any number of attacks. However, can you please look back and see how long it actually took persons unknown to create the Stuxnet attack, and breathe a little before you go crying to the likes of the Monitor?

Comments  (13)

37d5f81e2277051bc17116221040d51c

The FFIEC Wants You to Know...

September 23, 2011 Added by:Robert Siciliano

Consumers are oblivious to the layers of security put in place by financial institutions to protect their accounts. All consumers really care about are ease and convenience. A better understanding of what goes on behind the scenes can help consumers adapt to new technologies...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Original Stuxnet Researcher Issues Dire Warnings

September 23, 2011 Added by:Headlines

"After Stuxnet was identified as a weapon, we recommended to every asset owner in America – owners of power plants, chemical plants, refineries and others – to make it a top priority to protect their systems... That wakeup call lasted about a week. Thereafter, everybody fell back into coma..."

Comments  (2)

91648658a3e987ddb81913b06dbdc57a

New Certification on the Block - EC Council's C|CISO

September 23, 2011 Added by:Ron Baklarz

I am anxious to follow the evolution of the EC Council's new C|CISO certification, as it looks as though it will fill some gaps missing from other "gold-standard" certifications, and that are necessary for one aspiring to be or currently practicing security at the C-level...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

NATO to Lead Multinational Cyber Defense Effort

September 23, 2011 Added by:Headlines

“In the spirit of the Secretary General’s call for 'smart defense' through multinational efforts, the aim is to lower the cost of and facilitate national capability development. In the interconnected world of cyber space, we are only as strong as the weakest link...”

Comments  (0)

44fa7dab2a22dc03b6a1de4a35b7834a

Future Enterprise: Cyber Warfare

September 23, 2011 Added by:Bill Gerneglia

Cyber war is now an urgent issue that transcends lines between enterprises or governments. Unless a global cyber security framework can be engineered, a world of disorder will rapidly emerge - a turbulent world, where change has ceased to be beneficial and becomes ultimately destructive...

Comments  (1)

7fef78c47060974e0b8392e305f0daf0

SOX Compliance and Evolution to GRC - Chicago

September 23, 2011 Added by:Infosec Island Admin

The SOX Compliance series is targeted at a focused group of senior level executives to maintain an intimate atmosphere for the delegates and speakers. Since it is not a vendor driven conference, the higher level focus allows the delegates to network with their industry peers and speakers...

Comments  (0)

8c4834b99847b9f7c9ee94b45df086f9

Cloud versus Local Storage Security

September 22, 2011 Added by:Emmett Jorgensen

Each storage medium offers its own benefits for different scenarios. It's up to the user to choose the option that best fits. Security is a major difference in these two types of storage. Until cloud storage becomes more secure, many will prefer local storage alternatives...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

Strutting and Fretting Upon the Security Stage: The Playing Field

September 22, 2011 Added by:Infosec Island Admin

There are too many ways that a company can open itself up to vulnerabilities. It takes a rounded approach to do the due diligence for that company’s security posture. The information security business has become a leviathan of competing entities from the quacks to the bleeding edge...

Comments  (1)