April 27, 2011 Added by:Dejan Kosutic
You shouldn't consider the Statement of Applicability as just an "overhead document" that has no use in real life. Written properly, an SoA is a perfect overview of what needs to be done in information security, why it has to be done, and how it is done...
April 26, 2011 Added by:Alexander Rothacker
Is Oracle misleading its database customers during its quarterly Critical Patch Updates (CPUs)? Unfortunately for its customers, Oracle has figured out a way to downplay the severity of its vulnerabilities and water down the Common Vulnerability Scoring System (CVSS) scoring...
April 26, 2011 Added by:Jamie Adams
As software engineers, we want to deliver the right solutions but when it comes to commercial products, the customers drive the features. Do we simply submit to these demands in order to make a buck or do we take a stand as leaders in information security?
April 26, 2011 Added by:Eli Talmor
While the benefits of using a public cloud infrastructure are clear, it introduces significant security and privacy risks. In fact, it seems that the biggest hurdle to the adoption of cloud storage (and cloud computing in general) is concern over the confidentiality and integrity of data...
April 26, 2011 Added by:Headlines
"I plugged my phone into my computer and opened an application called Lantern... Ten minutes later, I'm staring at everything my iPhone knows about me. About 14,000 text messages, 1,450 Facebook contacts, tens of thousands of locations pings, every website I've ever visited..."
April 26, 2011 Added by:Robert Siciliano
Research is primarily geared towards securing mobile payments, and there is a lack of coordination between mobile payment developers, device manufacturers, and mobile operating system platform developers. Hackers are taking advantage of the loophole created by this lack of coordination...
April 26, 2011 Added by:Anton Chuvakin
Perception of electronic and digital risks does not come naturally to people – and IT managers and directors are people too. So many organizations will severely underestimate computer risks and, sadly some would pay with their very existence for this mistake...
April 25, 2011
Contrary to popular belief, realistic “adversarial” testing can be accomplished in a responsible manner without the consequences of “bringing down the house". Offered are arguments and counterpoints against organizational decisions that disallow certain types of testing...
April 25, 2011 Added by:kapil assudani
With a secure coding skillset missing from their primary job responsibility, and no enterprise process that introduces/enforces a secure coding process, there are really no incentives for developers to go the extra mile of introducing security into their code...
April 25, 2011 Added by:PCI Guru
In the end, we will have to rely on the statements and representations of the carrier as to whether or not the network is private. Is this a good way to secure your organization? It is as long as your carrier never causes a problem...
April 25, 2011 Added by:Robert Siciliano
These virtual dollars and virtual goods have real value. Virtual currency includes the points customers receive from retailers, merchants, airlines, hotels, and credit card companies through loyalty programs. These points are the second most traded currency on the planet...
April 25, 2011 Added by:Headlines
The revelations in those documents range from intelligence on the whereabouts of Al Qaeda leaders to the individual stories of often-innocent detainees to the ugly and ineffective improvisations on intelligence gathering within Guantanamo’s operations...
April 25, 2011 Added by:Infosec Island Admin
They have the ability to conduct warrantless searches per the courts since the loosening of the laws on search and seizure in places like California and Michigan where electronic media is concerned. The net effect is that our due process rights are being eroded in an ever rapid pace...
April 25, 2011 Added by:Headlines
"Certain characteristics about the 'Stars' virus have been identified, including that it is compatible with the (targeted) system. In the initial stage, the damage is low and it is likely to be mistaken for governmental executable files..."
April 24, 2011 Added by:Rafal Los
We can all agree that there are enough *exploitable security defects* in software that virtually every organization on the planet can (and will) be broken into given enough time - so where does that leave us? More importantly, what does that have to do with cloud computing?
April 24, 2011 Added by:Thomas Fox
The laws of many countries vary in terms of the capture and correlation of ERP data and if such information can be transmitted outside a country. Such issues may be overcome with multiple servers or other hosting solutions, it also increases the difficulty of capturing such data...
April 24, 2011 Added by:Theresa Payton
If restrictions to cookies become common place on the internet, the Internet Advertising Bureau will be forced to make major changes to the way they obtain information about internet users. This could alter the entire structure of internet advertising as we know it today...
April 23, 2011 Added by:Dan Dieterle
What could the Chinese hope to gain? Military secrets. Along with terabytes of data that have been stolen, the Chinese also obtained login credentials and blue prints to some of America’s hi-tech military equipment...
April 22, 2011 Added by:Headlines
The responsibility for protecting personal identifying information is on those who request and store it. All entities that collect personal information need to understand the concept that only they can safeguard our information, and that this safeguarding must be an urgent priority...
April 22, 2011 Added by:Robert Siciliano
Enterprises must move from technological security silos to enterprise security intelligence. This can be achieved through the interaction of different technologies as well as contextual analyses of integrated security and business information...