Latest Posts

0a8cae998f9c51e3b3c0ccbaddf521aa

Sony Hacked Again... ESI to the Rescue?

October 14, 2011 Added by:Rafal Los

Getting hacked isn't necessarily Earth shattering anymore. Enterprises need to make their peace with fact that they're going to have to live with data breaches and hacks. The secret to surviving is having a well-formed Enterprise Security Intelligence strategy...

Comments  (0)

A966b1b38ca147f3e9a60890030926c9

SEC to Enterprises: Account for Cybersecurity

October 14, 2011 Added by:Chris Blask

On October 13 the Securities and Exchange Commission (SEC) released CF Disclosure Guidance: Topic No. 2. This document establishes requirements for public companies to account for the cost of cybersecurity incidents and defenses, as well as to disclose their cyber risk mitigation plans to investors...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

Experts, Charlatans, and the Intelligence Committee

October 14, 2011 Added by:Infosec Island Admin

We live in “Interesting Times” as the Chinese say, and we certainly do not need to have Congress led further astray by those without experience in the subject matters at hand. Lets hope that the House looks into Evans’ history and decides he is not an expert on any of the topics at hand...

Comments  (1)

8b5e0b54dfecaa052afa016cd32b9837

Logical Fallacies and the SCADA Security Problem

October 14, 2011 Added by:Craig S Wright

What is at stake is the loss of life and property that will result from compromised SCADA systems. Not just PLCs as the opponents of this position like to presuppose, but Windows XP and other systems that act as controllers. You think this does not occur? Well there you are wrong...

Comments  (3)

B64e021126c832bb29ec9fa988155eaf

Reducing America’s Cyberwar Capabilities to a Maginot Line

October 13, 2011 Added by:Dan Dieterle

The United States has been ravished electronically by infiltrating sources that have pilfered military secrets, financial information and account credentials. According to some, our national infrastructure has also been infiltrated and key systems backdoored...

Comments  (1)

85612d572d689128ab07f369ff934d02

When is "Secure File Transfer" Not Secure?

October 13, 2011 Added by:Jonathan Lampe

File transfer utilities copy files from point A to point B and many even use point-to-point transport technologies such as SSL/TLS or SSH. However, transport-level level encryption is rarely enough to provide the assurance required to comply with regulations, expectations or company policies...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

The Difficulty in Measuring the Performance of Infosec

October 13, 2011 Added by:Rafal Los

In the systems management world, it's about performance, deployment consistency, and uptime - metrics that can be quantified. This pattern repeats for applications and critical systems, and just about every other component of information technology - except, it seems, Information Security...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Zeus Trojan Gains Peer-to-Peer Functionality

October 13, 2011 Added by:Headlines

"A few weeks ago I noticed that no new murofet/LICAT C&C domain names have been registered... I was a little bit confused and decided to analyze a recent Zeus sample... My first guess was: This is not ZeuS. But after I've analysed the infection I came to the conclusion that it is..."

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

Stuxnet, SCADA, Nation State Terrorism and FUD

October 13, 2011 Added by:Infosec Island Admin

With the advent of the “smart” grid, this might in fact make it easier to have a larger percentage of failure within the system itself. Everything being tied together this way and monitored will only serve to make the system more susceptible to a single point of failure...

Comments  (2)

7fef78c47060974e0b8392e305f0daf0

Last Call for Interviews: Hacker Halted Miami

October 13, 2011 Added by:Infosec Island Admin

Last Call: Infosec Island will be conducting a series of video interviews with attendees at the Hacker Halted conference in Miami, FL in late October. The interviews offer the opportunity for companies to highlight their knowledge of emerging trends in the information security field...

Comments  (0)

B09c361cbdc6cf629affdc7db30a186d

Security Metrics and the Balanced Scorecard

October 13, 2011 Added by:Steven Fox, CISSP, QSA

The business process metric ensures processes are meeting business requirements. The security team can use this information to identify where threats may have the greatest impact, to identify risks that are relevant, and to plan controls from the perspective of an attacker...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Operation Hackerazzi Leads to Intrusion Indictment

October 13, 2011 Added by:Headlines

A man accused of targeting the entertainment industry by hacking into the personal e-mail accounts of celebrities was arrested after being charged with accessing protected computers without authorization, damaging protected computers, wiretapping, and aggravated identity theft...

Comments  (0)

C70bb5cfd0305c9d18312d92f820c321

Security Without Patches

October 12, 2011 Added by:Gabriel Bassett

The Fortification Principle implies that defense is at a disadvantage when using patches as mitigation. Instead, I propose you secure your network without patching. I don’t mean to never patch, but plan to only apply security patches and configuration changes for regular deployment cycles...

Comments  (1)

8c4834b99847b9f7c9ee94b45df086f9

The Next Generation of Non-Volatile Memory

October 12, 2011 Added by:Emmett Jorgensen

When will manufacturers stop using Flash as the primary storage? Consider that in 2002 many experts assumed that Flash cells would not be stable when scaled past 45nm and predicted that it would need to be replaced by 2010. We know now that those predictions proved to be false...

Comments  (4)

07c90faf3632560a12dd6e98069813f2

Avoid Becoming a Security Statistic

October 12, 2011 Added by:Konrad Fellmann

Some organizations hoard data, but have no idea why. A business owner needs to figure out why the data needs to be kept, who will use the data, and how long it needs to be kept for business, legal or contractual reasons. Once defined, IT can implement proper controls to protect the data...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

More Zero Day Vulnerabilities in SCADA Systems

October 12, 2011 Added by:Headlines

SCADA systems provide operations control for critical infrastructure and production networks including manufacturing facilities, refineries, hydroelectric and nuclear power plants. The vulnerabilities Auriemma discovered could allow remote execution of malicious code by attackers...

Comments  (1)

94ae16c30d35ee7345f3235dfb11113c

News Applications: Considerations and Dangers

October 12, 2011 Added by:Joel Harding

The next wave of cyber attacks will come through smart phones, cell phones and their data networks. Smart phones are almost ubiquitous and attacks launched either using the smart phones or attacking smart phones will be devastating on a scale we have not seen to date...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

HBGary CEO Hoglund: China is Top Threat to Security

October 12, 2011 Added by:Headlines

"China. There's a kind of cyber Cold War going on right now. I see it every day. The trouble, he says, is that few are willing to admit it. Most security companies won't come out and say it. The [US] government won't seem to out them for what they're doing either..."

Comments  (0)

509ea0c1f4a210534eb004d35c10aa2d

Tracking Cyber Security Legislation Updates

October 12, 2011 Added by:Marjorie Morgan

Everyone can track security legislation in Congress through the “Cybersecurity Legislation Tracker”. This is a valuable resource that provides notice and summaries of significant cybersecurity developments on Capitol Hill, including hearings, proposed bills, and task force activities...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Sony Networks Compromised with Brute-Force Attack

October 12, 2011 Added by:Headlines

Sony Corporation have yet again been breached, compromising 60,000 PlayStation and 33,000 Online Entertainment accounts. The source of the attack is unknown, but reports in indicate that the infiltrators used login credentials from an unnamed third-party to gain access to the systems...

Comments  (0)