Latest Posts

69dafe8b58066478aea48f3d0f384820

Scammers Exploiting Bogus DigiNotar SSL Certificates

September 20, 2011 Added by:Headlines

Security provider Barracuda Networks has warned of a spamming campaign targeting Royal Bank of Canada customers. The spam messages falsely notify users that their SSL certificate has expired, and that in order to continue using online banking services they are required to update the certificate...

Comments  (0)

8b5e0b54dfecaa052afa016cd32b9837

What the Law Says about Distributing a Virus or Malware

September 20, 2011 Added by:Craig S Wright

It is probable a service provider or content hosting entity will face a degree of liability dependent on intention. If malware is intentionally posted such as in the Morris’ case, no uncertainty as to whether the conception and insertion of the malware was deliberate exists...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

NIST Guidelines: Security Content Automation Protocols

September 20, 2011 Added by:Headlines

Bringing order and security to the patchwork quilt of computing environments in a large organization can be a daunting task. NIST recently released four new publications that detail specifications to be used by the latest version of the Security Content Automation Protocol (SCAP)...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

DigiNotar Files for Bankruptcy Following Security Lapse

September 20, 2011 Added by:Headlines

DigiNotar has filed a voluntary bankruptcy petition following a serious breach of security. “We are working to quantify the damages caused by the hacker’s intrusion into DigiNotar’s system and will provide an estimate of the range of losses as soon as possible..."

Comments  (0)

959779642e6e758563e80b5d83150a9f

Will Security Turn into a B2B Industry?

September 19, 2011 Added by:Danny Lieberman

As businesses become more and more interconnected, as cloud services percolate deeper and deeper into organizations, and as government compliance regulation becomes more complex and pervasive, the security “problem” becomes more difficult to solve and even harder to sell...

Comments  (0)

94ae16c30d35ee7345f3235dfb11113c

Information Warfare Directory

September 19, 2011 Added by:Joel Harding

There are literally tons of websites out there dealing with information warfare, information operations, psychological warfare, military information support operations and a myriad of topics. This website is not bad, not bad at all, it’s just not good....

Comments  (1)

44fa7dab2a22dc03b6a1de4a35b7834a

Federal CIO Salaries Lag - Leads to Turnover

September 19, 2011 Added by:Bill Gerneglia

It’s more than just a salary cut. Officials working for private companies also get bonuses, stock options and a better benefits package than those working in the public sector. So who in their right mind would tolerate the smaller paycheck in exchange for a bunch of headaches?

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

A Primer on Situational Awareness

September 19, 2011 Added by:Infosec Island Admin

Situational Awareness is a part of OPSEC, in fact, I would dare to say that it is the basic core of OPSEC. If you don’t know the variables of danger in your environment and you are not paying attention, then, well you get hacked in IT and in real life situations, you get dead potentially...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Researcher Discovers New SCADA Vulnerabilities

September 19, 2011 Added by:Headlines

"Finding zero-day (previously unknown holes) in SCADA software is like nuking fish in a barrel. People purchasing these systems need to push back on suppliers and ask them what they are doing to secure the system before selling it to customers," said Chris Wysopal, CTO for Veracode...

Comments  (0)

B64e021126c832bb29ec9fa988155eaf

Chinese Security Firm Discovers BIOS Based Virus

September 19, 2011 Added by:Dan Dieterle

When a system is infected, the trojan checks to see if the system has an Award Bios. If it does, it hooks itself to the BIOS. Once the system is restarted, it adds itself to the hard drive’s master boot record (MBR). Next it infects the winlogon.exe or winnt.exe system files...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

Hacker Halted Conference and Training Giveaway

September 19, 2011 Added by:Infosec Island Admin

We have lined up more than 70 speakers for this year's event, and designed a comprehensive agenda covering major topics in information security across 4 dedicated tracks. Receive a free iPad and 2 nights accommodations when you sign up for selected training or conference pass...

Comments  (0)

8b5e0b54dfecaa052afa016cd32b9837

Plagiarism and the Security Professional part 2

September 19, 2011 Added by:Craig S Wright

Writers have taken Gregory D. Evans, “author” of "World’s No. 1 Hacker" book to task for stealing vast blocks of other people’s work. Yet these people remain. Despite their frauds in passing off a level of expertise they do not actually possess, people trust these security doppelgangers...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Premier Intelligence Group's Website Hacked

September 19, 2011 Added by:Headlines

Stolen data was published on the website Cryptome, known for its affiliation with the hacktivist collective Anonymous. The leaked data reveals potentially sensitive information about senior intelligence officials from the NSA, CIA, the FBI, and numerous intelligence contractors...

Comments  (1)

0a8cae998f9c51e3b3c0ccbaddf521aa

Auditing vs. Secure Software - An Inconvenient Argument

September 19, 2011 Added by:Rafal Los

You may have missed one of the strangest exchanges I think I've seen in a long while. An out-of-the-blue scathing blog post by Oracle's CSO prompted a swift response from VeraCode's Chief Technology and Security Officer. What brought this on is anyone's guess...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

TomorrowNow Sentenced on Computer Intrusion Charges

September 19, 2011 Added by:Headlines

TomorrowNow, Inc., a non-operating subsidiary of SAP, today was sentenced to probation and ordered to pay a fine to the United States of $20 million for unauthorized access to computer servers belonging to Oracle Corporation (Oracle) and for willfully infringing copyrights held by Oracle...

Comments  (0)

3ebd200287a032cf6d13d6b75a570c94

Full Frontal: Is it OK to Expose Weaknesses?

September 18, 2011 Added by:David Martinez

While it might be interesting and a bit exciting finding vulnerabilities in systems, keep in mind that reporting them to the appropriate people might be more hassle then it’s worth, especially when your doing it pro bono, as I discovered...

Comments  (0)

A7290c5bd7bc2aaa7ea2b6c957ef639b

Blumenthal Bill Bumps Up Fines for Security Breaches

September 18, 2011 Added by:David Navetta

Richard Blumenthal (D-CT) introduced bill that would levy significant penalties for identify theft and other “violations of data privacy and security,” criminalize software that collects “sensitive personally identifiable information” without clear and conspicuous notice and consent...

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

Compliance Is Not Security – Busted!

September 17, 2011 Added by:PCI Guru

there is no such thing as a perfect security framework because as I have said time and again – wait for it – security is not perfect. For those of you that are implicitly selling security to your management as perfect need to stop it. You are doing the security profession a disservice...

Comments  (4)

59d9b46aa00c70238bb89056cfeb96c0

Using HR to Change your Company’s Compliance DNA

September 17, 2011 Added by:Thomas Fox

What type of training should HR utilize in the compliance and ethics arena? The consensus seems to be that there are three general approaches which have been used successfully. The first is the most traditional and that is classroom training. A key role for HR in any company is training...

Comments  (1)

7fef78c47060974e0b8392e305f0daf0

Strutting and Fretting Upon the Security Stage: The Players

September 16, 2011 Added by:Infosec Island Admin

There will always be elements within the company with impetus to not take your advice on security matters and maybe even give you a large amount of pushback. This is especially true of any company that has little to no security posture to start with. So who are the key client players?

Comments  (1)