Latest Posts


Proposal for an All-or-Nothing Secure Software Standard

May 10, 2011 Added by:Keith Mendoza

Secure software standards should be all-or-nothing. Either the software--and all of its dependencies--are compliant, or the software is not compliant. Not owning the library, or database, will not be an excuse to not meeting the standards...

Comments  (4)


Anonymous: Not So Headless or Immune to Insider Threats

May 10, 2011 Added by:Infosec Island Admin

This is a grand social experiment that is being played out on the Internet for all to see. No matter how many times the groups may claim that they are leaderless and merely a collective, Anonymous will by their very human and social natures gravitate toward a leadership modality...

Comments  (0)


Security Experts Launch Cybersecurity Index Resource

May 10, 2011 Added by:Headlines

The Index of Cyber Security is a measure of the risk to the corporate, industrial, and governmental information infrastructure. It is sentiment-based in recognition of the rapid change in cybersecurity threats and the state of cybersecurity metrics as a practical art...

Comments  (0)


PCI QSA Re-Certification – 2011 Edition

May 10, 2011 Added by:PCI Guru

Regardless of whether or not software is PA-DSS certified, the bottom line is that a QSA is going to be required to assess the application for compliance with the PCI DSS and will have more work effort if the software is not PA-DSS certified...

Comments  (0)


Top Ten Cyber Crime Skills in High Demand

May 10, 2011 Added by:Headlines

"The cyber underground now consist of subject matter experts that can focus all their time and energy on improving their techniques, their goods and services," said Steven Chabinsky, deputy assistant director in the FBI's cyber division...

Comments  (0)


On the Sony PSN Breach and Commenting

May 10, 2011 Added by:Anton Chuvakin

Most likely, Sony was validated as PCI DSS compliant at some point. Was there a QSA involved? I don’t know, but I’d guess they are comprised of multiple Level 2 (and below) merchants, not one Sony-wide Level 1. Thus they self-assessed via SAQ...

Comments  (0)


How To Harden Your Passwords and Protect Your Base

May 09, 2011 Added by:Brent Huston

Preliminary scanning of some of the largest Internet Service Providers (ISPs) in North America, Europe, and Asia and uncovered thousands of embedded devices susceptible to attack, thanks to default credentials and remote administration panels being available to the Internet...

Comments  (0)


HIPAA HITECH and Your Business Associates

May 09, 2011 Added by:Jack Anderson

As part of the webinar series "HIPAA HITECH Compliance for Smarties" we will be presenting a step by step process employing cloud computing to help covered entities set up a program to manage the HIPAA HITECH compliance of their business associates cost effectively and efficiently...

Comments  (0)


Why My Head Is In the Cloud

May 09, 2011 Added by:Bill Gerneglia

Think about the business terminology that preceded the notion of cloud computing and networking - token ring networks, Ethernet, distributed applications, Arpanet, SaaS - SOA, virtualization, horizontal scaling and the internet itself. The cloud is not a revolution, but an evolution...

Comments  (1)


AnonOps Network Pwned - Warned of Insider Threat

May 09, 2011 Added by:Headlines

It looks as if AnonOps has been pwned. Reports had surfaced that the hactktivist network AnonOps, which provides communication services used by the rogue movement Anonymous, is apparently battling threats to the integrity of their systems from a disgruntled insider...

Comments  (0)


Hyperdigitization: A Shift Towards the Virtual

May 09, 2011 Added by:Mike Meikle

Since intellectual property is data, risk managers will have to develop and monitor Key Performance and Key Risk Indicators to ensure their firm does not sacrifice their long-term competitive advantage for short-term cost savings. This is a penny-wise, pound-foolish strategy...

Comments  (0)


Information Security Policies and Procedures Part 4

May 09, 2011 Added by:Alex Hamerstone

The formatting and structure of documentation is not the most enthralling topic. It is however one of the most important elements of effective documentation. Delivering information in a clear and consistent way is essential to ensure documents are easy to use and effective...

Comments  (0)


Mozilla Defies DHS Internet Censorship Request

May 09, 2011 Added by:Headlines

Mozilla, the non-profit company behind the Firefox Web browser, has initially refused a Department of Homeland Security request to remove a third-party tool that allows users to circumvent government URL blocking efforts...

Comments  (0)


Secure Your Chance to Win a Copy of 'The Source Code'

May 08, 2011 Added by:Infosec Island Admin

In an age when people are becoming more reliant on computers for both work and personal use, exposure to cyber-hackers and the risk associated with identify theft is escalating at an alarming rate. William A. Thau’s novel seems to be an eerie foreshadowing of recent events...

Comments  (0)


Supporting "Unmaintainable" Applications

May 08, 2011 Added by:Rafal Los

A solid Software Security Assurance program takes into consideration the legacy risks from all the applications that have existed before a security program came into being. The issues that surround legacy applications are complex, and can create headaches for security teams...

Comments  (0)


Smart Phone Privacy and Anonymizing the Nokia N900

May 08, 2011 Added by:Kyle Young

A lot of people are now using and relying on smart phones. Part of what makes these devices so ’smart’, is their ability to gather information on the user and use this information.The problem with this is that a lot of private information is being gathered...

Comments  (2)


Skype IM (MAC OS X) - Is This The Zero-Day ?

May 08, 2011 Added by:Rohit Bansal

Skype fails to instantiate between the payloads that are sent as hyperlinks in the chat window. The attacker only requires a definitive payload to exploit this issue. Basically, we call it as a Skype Remote Scripting Injection...

Comments  (0)


Compliance: Know Who You Are Doing Business With

May 06, 2011 Added by:Thomas Fox

Both risk and compliance are converging. Your company should review its compliance program in these three areas to determine if any of its business relationships are on the lists set out in this article. Not only does it make business sense, but it may keep you out of regulatory scrutiny..

Comments  (0)


Chinese Hackers Are Hungry for Information

May 06, 2011 Added by:Rahul Neel Mani

Stuart McClure, Senior Vice President at McAfee co-authored his best-selling book Hacking Exposed: Network Security Secrets & Solutions 12 years ago. In an interview with Varun Aggarwal, he talks about how things have changed since then as he launched the new edition of his book...

Comments  (0)


Hackers Planning Third Attack on Sony Networks

May 06, 2011 Added by:Headlines

A third attack is planned against Sony's Web site. The people involved plan to publicize all or some of the information, which could include customer names, credit card numbers, and addresses, according to the source. The hackers claim they currently have access to some of Sony's servers...

Comments  (0)