Latest Posts


Rumors of LuzSec's Demise are Greatly Exaggerated

June 26, 2011 Added by:Kevin McAleavey

The media has been reporting that Lulzsec has folded, but they've merely gone underground and are regrouping. @Lulzboat on twitter has now become @lulzb0at and combined with AnonOps and AntiSec, releasing the following announcement on their IRC subchannels...

Comments  (8)


The Lulzboat Sailed and All I Got Was This Garbage File

June 26, 2011 Added by:Infosec Island Admin

I expect LulzSec's real legacy will be the creation of more draconian laws by the government as a backlash to their antics. Laws that will make all our lives a bit less private and a lot more prone to being misused. I also expect that the lulz will continue, though at their expense...

Comments  (4)


PCI SSC Releases Virtualization Guidelines

June 25, 2011 Added by:PCI Guru

If I had to take the PCI SSC to task, I would argue that cloud computing does not have anything to do with virtualization. Yes, a lot of cloud computing solution providers are using virtualized systems to provide their services, but not every cloud provider uses virtualization...

Comments  (0)


The Kiddies Versus the Adults

June 25, 2011 Added by:Keith Mendoza

So it appears that LulzSec and Anonymous have gained themselves a few more enemies than just law enforcement. It's starting to look like Ocean's 11 going after the shoplifters. But what does this mean to infosec in general? It means that everyone better shape up or ship out...

Comments  (2)


Facebook's Project Spartan - Tempest in a Broken Teapot

June 24, 2011 Added by:Rafal Los

While some analyses of the super-secret Project Spartan that Facebook is supposedly working on center around the Apple vs. Facebook apps war brewing - I think the focus is something else entirely. I think the focus, from a technology perspective, is HTMLv5...

Comments  (1)


Ban Windows from Embedded Medical Devices

June 24, 2011 Added by:Danny Lieberman

The combination of large numbers of software vulnerabilities, user lock in created by integrating applications with Windows, complexity of Microsoft products and their code and Microsoft predatory trade practices are diametrically different than Linux and the FOSS movement...

Comments  (0)


Where Are Your Default Admin Passwords?

June 24, 2011 Added by:Bozidar Spirovski

The passwords should be constructed in two parts, each part entered by different person, which increases the complexity significantly and reduces the possibility of using social knowledge of a single person to attack the password. Also, no one single person knows the password...

Comments  (0)


Did LulzSec Hack Apple's iCloud and Steal Source Code?

June 24, 2011 Added by:Headlines

An anonymous Pastebin posting from June 21 states that hackers claiming to be part of the LulzSec collective successfully breached Apple's iCloud networks several weeks ago. The posting claims that the intruders mapped the network and "grabbed all their source code and database passwords..."

Comments  (1)


Developing a Security and Privacy Awareness Program

June 23, 2011 Added by:Allan Pratt, MBA

When security breaches occur, customer trust is lost, brand value disintegrates, and breach response results in significant costs to the business. The time involved for breach responses can go on for years, and resulting penalties and sanctions could extend into the millions of dollars...

Comments  (1)


Is Your Website at Risk from LulzSec?

June 23, 2011 Added by:Kevin McAleavey

There is no excuse for your facility to provide the next round of "lulz." Examining your ability to withstand DDoS attacks and checking your SQL backend against exploits, you stand a chance of withstanding the onslaught of raging children should they turn their "cannons" your way...

Comments  (10)


Public Cloud/Private Cloud – A Redux

June 23, 2011 Added by:Ben Kepes

Christian Reilly brings a really interesting perspective to the public/private cloud debate. Reilly sees the daily realities of legacy applications, “just keep the lights on” budgets and multiple issues around compliance and security...

Comments  (0)


LulzSec: How Not to Run an Insurgency

June 23, 2011 Added by:Infosec Island Admin

LulzSec seems to have misunderstood that secrecy is really really important when you are doing something like a digital insurgency. Sure, you can try to rely on all the technologies like proxies to hide your IP, but, you also have the human element to contend with...

Comments  (3)


PCI DSS in the Cloud... From the PCI Council

June 23, 2011 Added by:Anton Chuvakin

The long-awaited PCI Council guidance on virtualization has been released. This guidance does not focus on cloud computing, but contains more than a few mentions, all of them pretty generic. Here are some of the highlights and my thoughts on them...

Comments  (1)


ISA to Testify Before Subcommittee on Cybersecurity

June 23, 2011 Added by:Headlines

ISA has articulated its pro-market approach to cyber security through the two editions of its “Cyber Security Social Contract.” When the Obama Administration released its own policy paper for cyber security, the Cyberspace Policy Review, the first document it quoted was the ISA Social Contract...

Comments  (0)


Why Your Vendor Doesn’t Want You to do Risk Analysis

June 23, 2011 Added by:Danny Lieberman

Small business IT integrators are behind the curve on security, compliance, disaster recovery and application security. The typical SMB integrator mindset is dominated by the Microsoft monoculture, and I would not expect them to be able to analyze data security threats...

Comments  (3)


FBI Disrupts International Scareware Crime Ring

June 23, 2011 Added by:Headlines

“The FBI, collaborating with our international law enforcement and prosecution partners, have worked tirelessly to disrupt two significant cybercriminal networks. Their efforts demonstrate that no matter the country, Internet criminals will be pursued, caught and prosecuted...”

Comments  (0)


Thoughts on Trustwave's 2011 Global Security Report

June 22, 2011 Added by:Robb Reck

We bring in these third party vendors because we trust that they have all the experience and knowledge with a given security product. But they are missing a critical piece: Experience with our systems. No technology solution is complete and ideal for every environment out of the box...

Comments  (2)


Using ERM Maps to Enhance Your Compliance Program

June 22, 2011 Added by:Thomas Fox

ERM Maps are designed to assist the compliance practitioner in designing or reviewing a company’s GRC by providing a visual representation of the best practices in compliance business processes. It allows a company to develop a gap analysis or classify gaps in its GRC program...

Comments  (0)


Curious Case of the FBI Deputy Attache on LinkedIn

June 22, 2011 Added by:Infosec Island Admin

Is this a cut out account for someone looking to garner access to others with information they desire? This is the same type of action that Anna Chapman was undertaking with some of her compatriots for the SVR while living in the United States: Gathering intelligence via LinkedIn...

Comments  (0)


Don't Black List White Listing

June 22, 2011

As AV vendors struggle to keep up they too are looking at white listing too. The trend is toward a hybrid model with white listing doing the heavy lifting to protect end points from zero-day and uniquely fabricated malware and black listing to provide reports...

Comments  (0)