Latest Posts

0356a83ecb15c8e33b00560d7bebe47f

Nine Reasons Why You're Not Ready for DLP

August 31, 2011 Added by:Stephen Marchewitz

No matter what you are told, simply writing a check to a software vendor and installing some code will not prevent all data loss. Depending on the intricacies of the organization, the money that DLP solutions require may likely be better spent on other security initiates...

Comments  (0)

959779642e6e758563e80b5d83150a9f

Securing Web Servers with SSL

August 31, 2011 Added by:Danny Lieberman

So where does SSL fit in? Well, we know that the vulnerabilities for a PHI data breach can not only happen inside any layer but in particular there are vulnerabilities in the system interfaces between layers. That means between server layers and client-server interfaces...

Comments  (0)

21d6c9b1539821f5afbd3d8ce5d96380

FedPlatform.org Focuses on a Government PaaS

August 31, 2011 Added by:Kevin L. Jackson

FedPlatform.org has been formed as a collaborative initiative to help federal organizations safely learn about and evaluate PaaS technologies. The initiative supports the Federal Cloud Computing Strategy and the Federal CIO’s 25-Point Federal IT Reform Plan...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Apache Killer DoS Vulnerability Patch Released

August 31, 2011 Added by:Headlines

The Apache Software Foundation and the Apache HTTP Server Project are pleased to announce the release of version 2.2.20 of the Apache HTTP Server with a fix for handling of byte-range requests and avoid a denial of service. We consider this release to be the best version of Apache available...

Comments  (0)

B64e021126c832bb29ec9fa988155eaf

Backtrack 5: Linux and Mac Vulnerable to Malicious Scripts

August 31, 2011 Added by:Dan Dieterle

Malicious scripts and executables are encoded and obfuscated to purposely bypass anti-virus programs. Once they are run on a target machine - Windows, Mac or Linux - they connect through the firewall to the attacker's machine. It is imperative to educate your users about these attacks...

Comments  (2)

69dafe8b58066478aea48f3d0f384820

Potentially Hundreds of Bogus Digital Certificates Issued

August 31, 2011 Added by:Headlines

"Chrome's hardcoded certificate blacklist actually increased by 247 entries... When a Comodo reseller was hacked back in March and its infrastructure was used to issue rogue certs for Google, Hotmail, Yahoo and other sites, Chrome's blacklist increased with just 10 certs..."

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

Kicked Out of the PCI DSS Club

August 31, 2011 Added by:PCI Guru

A Qualified Security Assessor Company (QSAC) has finally had their status revoked by the PCI SSC. Based on the FAQ, it seems that CSO was not able to provide documentation that supported their conclusions regarding assessment opinions in their ROC's and ROV's they had issued...

Comments  (0)

Bbb285308604bc5fbb9b43590d0501f6

Don't Miss the Security BSides Portland Event

August 31, 2011 Added by:Security BSides

The goal is to expand the spectrum of conversation beyond the traditional confines of space and time. It creates opportunities for individuals to participate in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos, and interaction from participants...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

FireEye Releases First Advanced Threat Report

August 31, 2011 Added by:Headlines

"The FireEye Advanced Threat Report focuses on the threats that have successfully evaded traditional defenses. These are the unknown threats and advanced attacks that are dynamic, targeted, and stealthy. And, they are extremely effective for compromising organizations’ networks..."

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Cloudpocalypse - When the Cloud Eats Your Corporate IP

August 30, 2011 Added by:Rafal Los

The Cloudpocalypse - where you've bought into a cloud service, neglected to understand what you're buying into (service level, liability, etc.) and then are left crying onto your keyboard as your cloud provider tells you, "Sorry, we've lost all your data... but you have a backup somewhere, right?"

Comments  (2)

E973b16363b3de77b360563237df7e32

RAID and Disk Size - Search for Performance

August 30, 2011 Added by:Bozidar Spirovski

Centralizing your storage is always a very good idea - you can manage storage requirements of most servers through a central storage system, without the hassle of juggling local disks within servers. But centralizing a storage opens a whole new world of hassles...

Comments  (0)

D8853ae281be8cfdfa18ab73608e8c3f

Railgun Error Checking

August 30, 2011 Added by:Rob Fuller

One important thing to note about Railgun is that you are querying the API, and just as if you were using C++, the API you are calling just might not be there on the system. So here is a quick trick to find out if a the function (API) that you are trying to call is available to you...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Experts Debate Merits of McAfee's Shady Rat Report

August 30, 2011 Added by:Headlines

"We consider those conclusions to be largely unfounded and not a good measure of the real threat level. Also, we cannot concede that the McAfee analyst was not aware of the groundlessness of the conclusions, leading us to being able to flag the report as alarmist," Eugene Kaspersky said...

Comments  (0)

E313765e3bec84b2852c1c758f7244b6

McAfee: 65 Million Malware Samples - That’s Just the Tip

August 30, 2011 Added by:Brent Huston

I was fascinated by this article that came across my newsfeed that said McAfee hit 65 million malware samples in the 2nd quarter of 2011. It seems that the malware cat truly is out of the bag. It also seems like someone forgot to warn the crimeware world about opening Pandora’s box...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

Big Discounts on Infosec Training and Certifications

August 30, 2011 Added by:Infosec Island Admin

The ISLAND TRADEWINDS program is designed to offer infosec training and certification opportunities at significantly discounted rates. You can receive discounts of up to $500 or 20% on courses from Global Knowledge, Career Academy, SANS, and the Infosec Institute...

Comments  (0)

8b5e0b54dfecaa052afa016cd32b9837

Question: Why Cybercrime?

August 30, 2011 Added by:Craig S Wright

Cybercriminals are actually extremely rational. And not necessarily talking of hacktivists and others without a clear profit motive, but those with a drive to make money act extremely rationally. Consequently, there is a solution: Reduce their profit...

Comments  (0)

94ae16c30d35ee7345f3235dfb11113c

Did China Really Expose a Cyber Attack Tool?

August 30, 2011 Added by:Joel Harding

Wow, it’s really cool that we have proof that China not only has the capabilities but has been caught red-handed attacking a website, and the target they’re attacking is located inside the US. I’m sure somebody at the new US Cyber Command jumped up and down and said, “Yes! We have proof..."

Comments  (5)

69dafe8b58066478aea48f3d0f384820

CERT Malaysia Releases DNSwatch Tool

August 30, 2011 Added by:Headlines

"DNSwatch will help you avoid known bad websites or sites that will trick your computer into downloading and installing malicious programs on your computer. Even better, DNSwatch will also prevent you from accessing malicious websites that you may not even know your computer is trying to access..."

Comments  (0)

850c7a8a30fa40cf01a9db756b49155a

Advanced Persistent Monkey See Monkey Do

August 29, 2011 Added by:J. Oquendo

Arguments surrounding APT will remain a battle of expert vs. expert - but how about we use some common sense for a moment? If YOU were an attacker, why would you bother attacking from your own fixed location? It would make more sense to attack from another country for deflection purposes...

Comments  (6)

972cda1e62b72640cb7ac702714a115f

Universities Account for a Higher Number of Breaches

August 29, 2011 Added by:Kurt Aubuchon

Hospitals are 48 times more likely to show up as breach victims than would be predicted if breaches were distributed evenly among all US firms. Colleges and universities turn up in breach reports about 357 times more often than if distributed evenly. That is a staggering number....

Comments  (2)