Latest Posts

91648658a3e987ddb81913b06dbdc57a

A CISO's Security Vendor Bill of Rights

October 20, 2011 Added by:Ron Baklarz

Current economic times are tough, budgets are tight and security spending is either down or flat. Security vendors still have to make a buck, however here is a top ten list of annoyances I personally have with security vendors, now codified in my Ciso's Security Vendor Bill of Rights...

Comments  (4)

7fef78c47060974e0b8392e305f0daf0

Infosec Island's Position on Plagiarism

October 20, 2011 Added by:Infosec Island Admin

Occasionally it comes to our attention that material submitted for publication by a member may contain instances of unattributed content. Infosec Island's policy is to immediately remove the offending content to preserve the original author's copyright...

Comments  (2)

7fef78c47060974e0b8392e305f0daf0

Operation DarkNet: A Good Start, But There is More to Do

October 20, 2011 Added by:Infosec Island Admin

Due to the nature of the site and its being in the hidden wiki (DarkNet) it is tough to know exactly where the systems sit that house/host the content, but, it seems that through certain techniques using TTL, they pretty much have a good idea of where the server may sit in the continental US.

Comments  (5)

69dafe8b58066478aea48f3d0f384820

Ten Early Warning Signs of Fraud in the Enterprise

October 20, 2011 Added by:Headlines

“My first question is always to ask executives ‘do you really know how safe your own organization is?’ Some do reply confidently. Most do not. Fraud can happen anywhere, anytime, but it is relatively straightforward to deter or discover at an early stage with the right systems..."

Comments  (0)

B64e021126c832bb29ec9fa988155eaf

Cyber War Will Not Take Place

October 20, 2011 Added by:Dan Dieterle

This is, hands down, one of the best arguments I have seen that there has been no cyber war in the past, there currently is no cyber war going on today, and a cyber war will probably not take place in the future...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

DHS Cyber Security Audit FAIL

October 20, 2011 Added by:Headlines

"Adequate security controls have not been implemented on the [Mission Operating Environment] to protect the data processed from unauthorized access, use, disclosure, disruption, modification, or destruction," the Inspector General concluded...

Comments  (1)

94ae16c30d35ee7345f3235dfb11113c

Cyber Crime Explodes - But Few Take Action

October 20, 2011 Added by:Joel Harding

An attention grabbing report recently by Norton reveals that cybercrime nets more than marijuana, heroin and cocaine combined. Even worse, over 1 million people per day are victimized by online crime. In spite of this, 41% of us do not have adequate up to date virus or malware protection...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

NIST Cooperative on 21st Century Smart Systems

October 20, 2011 Added by:Headlines

“There is a clear need for unifying principles within and across application domains. Investigating how cyber components can be synergistically interweaved with the diverse physical components in CPS pose foundational research challenges in science, engineering and computing..."

Comments  (2)

C9f10ffa24531c96d85e0445499fd1e4

Browser-Based Malware: Decoding a PHP Backdoor

October 20, 2011 Added by:john melvin

This article is not an analysis of the backdoor, but instead describes the methodology and techniques used to decipher malicious code embedded and encoded in a seemingly normal web page. The following is a snippet of the PHP code that caught my attention and began my investigation...

Comments  (1)

7fef78c47060974e0b8392e305f0daf0

SOX Compliance and Evolution to GRC Conference

October 20, 2011 Added by:Infosec Island Admin

The SOX Compliance series is targeted at a focused group of senior level executives to maintain an intimate atmosphere for the delegates and speakers. Since it is not a vendor driven conference, the higher level focus allows the delegates to network with their industry peers and speakers...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Tracking Performance of Software Security Assurance

October 19, 2011

This paper reveals the five SSA program KPIs, their methods of collection, their importance to the organization, and how to present them in a way that demonstrates measurable success of your security strategy, and sets the groundwork to advance beyond simple metrics...

Comments  (0)

B451da363bb08b9a81ceadbadb5133ef

Analysis of the October 2011 Oracle CPU Database Patches

October 19, 2011 Added by:Alexander Rothacker

Oracle released its October Critical Patch Update with 57 vulnerabilities across multiple products. This low number of patches continues a trend where Oracle appears to be losing focus on database security, probably due to the many new products offerings and acquisitions...

Comments  (0)

91648658a3e987ddb81913b06dbdc57a

W32.Duqu - Harbinger of the Next Stuxnet?

October 19, 2011 Added by:Ron Baklarz

The new malcode has so much in common with Stuxnet, it is purported to have been written by the authors. W32.Duqu's primary purpose is intelligence gathering by focusing on industrial control system manufacturers with likely intent on future attacks against targeted victims...

Comments  (1)

7fef78c47060974e0b8392e305f0daf0

The Son of Stuxnet? Methinks the Cart be Before Ye Horse

October 19, 2011 Added by:Infosec Island Admin

And therein lies the rub. DUQU has a 36 day shelf life. Now, this is good from a foot-printing level AND could be excellent for setting up the next attack vector that could include the component of sustained access. It was a recon mission and that was all...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Britain Gears Up to Prevent Cyber Arms Race

October 19, 2011 Added by:Headlines

"We are trying to prevent an arms race in cyber space. Given that the internet changes every day and billions more people will have access to it over the coming years, the potential for that arms race to grow and go out of control is enormous..."

Comments  (0)

Ba829a6cb97f554ffb0272cd3d6c18a7

Son of Stuxnet - A Not so Melodrama?

October 19, 2011 Added by:Kevin McAleavey

Speculation about Duqu is that it's a precursor to another attack against embedded systems, and has been gathering information already about industrial systems, particularly engineering data and other design information...

Comments  (3)

69dafe8b58066478aea48f3d0f384820

Stuxnet II Found in the Wild - Dubbed “Duqu”

October 19, 2011 Added by:Headlines

“Duqu’s purpose is to gather intelligence data and assets from entities such as industrial control system manufacturers in order to more easily conduct a future attack against another third party. The attackers are looking for information such as design documents..."

Comments  (1)

7fef78c47060974e0b8392e305f0daf0

Mobile and Wireless Security: TakeDownCon Las Vegas

October 19, 2011 Added by:Infosec Island Admin

Due to the rapid escalation of threats affecting wireless operations, TakeDownCon Las Vegas now brings you a highly technical platform which addresses highly technical knowledge which focuses on securing your channels, your data, and ultimately and most importantly – your very own privacy...

Comments  (0)

A9fc84b897add9c382a8f3fa43ce5341

A New Approach to Data Centric Security

October 18, 2011

Data has to be independently classified based on availability, integrity and confidentiality. It needs to be data centric, not focusing on the systems or databases so that while data “travels” through the infrastructure it will keep these attributes without relying on source systems...

Comments  (0)

1156f97fa8f23821bd838fe7d9283d90

A High Level Methodology to Show Due Diligence

October 18, 2011 Added by:David Sopata

Acquisitions, mergers, and new services may introduce new regulations within an organization. If they are not properly maintained they can fluctuate from compliant to non compliant within any given day. So the question is: Does your organization show due care and due diligence?

Comments  (0)