Latest Posts

69dafe8b58066478aea48f3d0f384820

TomorrowNow Sentenced on Computer Intrusion Charges

September 19, 2011 Added by:Headlines

TomorrowNow, Inc., a non-operating subsidiary of SAP, today was sentenced to probation and ordered to pay a fine to the United States of $20 million for unauthorized access to computer servers belonging to Oracle Corporation (Oracle) and for willfully infringing copyrights held by Oracle...

Comments  (0)

3ebd200287a032cf6d13d6b75a570c94

Full Frontal: Is it OK to Expose Weaknesses?

September 18, 2011 Added by:David Martinez

While it might be interesting and a bit exciting finding vulnerabilities in systems, keep in mind that reporting them to the appropriate people might be more hassle then it’s worth, especially when your doing it pro bono, as I discovered...

Comments  (0)

A7290c5bd7bc2aaa7ea2b6c957ef639b

Blumenthal Bill Bumps Up Fines for Security Breaches

September 18, 2011 Added by:David Navetta

Richard Blumenthal (D-CT) introduced bill that would levy significant penalties for identify theft and other “violations of data privacy and security,” criminalize software that collects “sensitive personally identifiable information” without clear and conspicuous notice and consent...

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

Compliance Is Not Security – Busted!

September 17, 2011 Added by:PCI Guru

there is no such thing as a perfect security framework because as I have said time and again – wait for it – security is not perfect. For those of you that are implicitly selling security to your management as perfect need to stop it. You are doing the security profession a disservice...

Comments  (4)

59d9b46aa00c70238bb89056cfeb96c0

Using HR to Change your Company’s Compliance DNA

September 17, 2011 Added by:Thomas Fox

What type of training should HR utilize in the compliance and ethics arena? The consensus seems to be that there are three general approaches which have been used successfully. The first is the most traditional and that is classroom training. A key role for HR in any company is training...

Comments  (1)

7fef78c47060974e0b8392e305f0daf0

Strutting and Fretting Upon the Security Stage: The Players

September 16, 2011 Added by:Infosec Island Admin

There will always be elements within the company with impetus to not take your advice on security matters and maybe even give you a large amount of pushback. This is especially true of any company that has little to no security posture to start with. So who are the key client players?

Comments  (1)

F29746c6cb299c1755e4087e6126a816

Five Ways You Endanger Your Friends Online

September 16, 2011 Added by:Kelly Colgan

Many GPS-enabled smartphones automatically add geolocation data to photos. That means anyone can find out exactly where that photo you posted was taken. Post one of your friend standing in front of her prized new painting, and it’s like letting a thief case her home from his couch...

Comments  (0)

Bbb285308604bc5fbb9b43590d0501f6

Security BSides is Coming to Dallas / Fort Worth

September 16, 2011 Added by:Security BSides

Each BSides is a community-driven framework for building events for and by information security community members. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening. You don’t want to miss it...

Comments  (0)

37d5f81e2277051bc17116221040d51c

Hackers Targeting Small Businesses

September 16, 2011 Added by:Robert Siciliano

Big companies and big government get big press when their data is breached. When a big company is hit, those whose accounts have been compromised are often notified. With smaller businesses, however, victims are often in the dark, regardless of the state laws requiring notification...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

FBI Investigating Over 400 Corporate Account Takeovers

September 16, 2011 Added by:Headlines

"The FBI is currently investigating over 400 reported cases of corporate account takeovers in which cyber criminals have initiated unauthorized ACH and wire transfers... These cases involve the attempted theft of over $255 million and have resulted in the actual loss of approximately $85 million..."

Comments  (0)

3ac1b4d00e292a1a670a4df0e460892a

Companies Using Secure Protocols in an Insecure Manner

September 16, 2011 Added by:Cor Rosielle

I only looked at the Fortune 500 companies with knowledgeable IT and security staff, and with a board and directors who should care about security and have sufficient budget to get these basic things right. Let's hope the companies are as disappointed about these results as I was...

Comments  (8)

69dafe8b58066478aea48f3d0f384820

DigiNotar Banned from Issuing New Digital Certificates

September 16, 2011 Added by:Headlines

"An unauthorized third party (hacker) has been active on the CA server that is used for issuing qualified certificates... The integrity of the data on the [DigiNotar] server that is used for production and issuance of qualified certificates is therefore impossible to guarantee..."

Comments  (0)

8c4834b99847b9f7c9ee94b45df086f9

Why Encryption Alone Isn’t Enough

September 16, 2011 Added by:Emmett Jorgensen

There are variables at work that often require security measures above and beyond encryption. The confidentiality of the data you are working with, state, federal and industry regulations, user habits, platforms and more all factor into the security measures needed to safeguard your data...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

NATO Seeks Cyber Alliance with India

September 16, 2011 Added by:Headlines

Chinese state backed hackers are not the only threat we are facing. The Russian Business Network and other foreign government-backed entities are falling from the radar as Chinese hackers take center stage. Lets not forget the lone hackers or hacktivist groups that are very active...

Comments  (0)

8b5e0b54dfecaa052afa016cd32b9837

Internet Piracy, Plagiarism and the Security Professional

September 16, 2011 Added by:Craig S Wright

The issue is that some in the security industry leverage the works of others coupled with external promotion to seem more than they are. We all suffer for this, and in a field as critical as security the costs can be disproportionate to the damage an individual could seem to be able to create...

Comments  (5)

D8853ae281be8cfdfa18ab73608e8c3f

IP Resolution Using Meterpreter’s Railgun

September 15, 2011 Added by:Rob Fuller

I saw a post back in June titled DNS Port Forwarding Con Meterpreter. It looked like hard work to set that up. I didn’t want to go through that every time I got onto a new network. So I made a simple meterpreter post module to just call a Windows API key called ‘gethostbyaddr’ using Railgun...

Comments  (4)

21d6c9b1539821f5afbd3d8ce5d96380

Cloud Computing Challenges at Federal Agencies

September 15, 2011 Added by:Kevin L. Jackson

The use of commodity components, coupled with highly automated controls, enable cloud computing. These characteristics also enable the economic model that makes it so disruptive to the status quo. As an example, the cloud delivery model typically does not require any advance usage commitment...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

New SpyEye Variant Targeting Android Devices

September 15, 2011 Added by:Headlines

The new variant is designed to harvest text messages that contain a one-time use code sent to customers by institutions as an added security measure for clients engaged in mobile banking transactions, making SpyEye an even more powerful tool for stealing financial login credentials...

Comments  (0)

94ae16c30d35ee7345f3235dfb11113c

How to Wage War in Cyberspace with Iran

September 15, 2011 Added by:Joel Harding

Iran has already begun deployment of cyber forces in small teams throughout the world to avoid devastation if the networks internal to Iran are crippled. A myriad of intelligence agencies are gathering as much intelligence as possible for a possible war in cyberspace with Iran...

Comments  (2)

58bc13ef5da5ac4fc32d41c3fbc0e460

The Leaking Vault 2011: Six Years of Data Breaches

September 15, 2011

The Leaking Vault 2011 presents data gathered from studying 3,765 publicly disclosed data breach incidents, and is the largest study of its kind to date. Information was gleaned from the organizations that track these events, as well as government sources...

Comments  (0)