Latest Posts

8d46625dfeb915129e6126132db8c08f

Be An Information Security Green Beret

November 01, 2011 Added by:Chris Clymer

In Infosec, we have a lot of Rambos. We’re used to being looked to for answers, and we’re also used to being in the minority. There will always be more users, more IT staf, more “natives” who do not speak our language and who do not have a strong understanding of information security...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Symantec: Critical Infrastructure Protection Declines

November 01, 2011 Added by:Headlines

“The findings of this survey are somewhat alarming, given recent attacks like Nitro and Duqu that have targeted critical infrastructure providers,” said Dean Turner, director, Global Intelligence Network for Symantec...

Comments  (0)

6d117b57d55f63febe392e40a478011f

Hacker Halted: McAfee's George Kurtz Discusses the War on Security

October 31, 2011

"The current cybersecurity model is disconnected and unable to keep pace with the seismic explosion in malware. Providing protection to a heterogeneous world of connected devices requires a new approach to security. McAfee CTO George Kurtz will explain the required paradigm shift..."

Comments  (1)

34f0cf280cbc950bcb75cabd189b7a8d

Remote Management as a Complement to Endpoint Security

October 31, 2011 Added by:Kanguru Solutions

Both Endpoint Security and the Remote Management of connectable devices are powerful applications all by themselves, individually, but if you strategically combine them, so much more is possible. It's another great way to keep your living, breathing, beast of a network secure...

Comments  (0)

0f57a863af3b7e5bf59a94319a408ff7

To iTrust or Not?

October 31, 2011 Added by:Enno Rey

Recently Apple launched its new offering iCloud. At this point, most infosec people start to worry a little bit: The common cloud concept of centralized data storage on premise of a third party does not cope well with the usual control focused approach of most technical infosec guys...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Analysis: Duqu Trojan is Not on Par with Stuxnet

October 31, 2011 Added by:Headlines

"Both Duqu and Stuxnet are highly complex programs with multiple components. All of the similarities from a software point of view are in the "injection" component implemented by the kernel driver. The ultimate payloads of Duqu and Stuxnet are significantly different and unrelated..."

Comments  (0)

A7290c5bd7bc2aaa7ea2b6c957ef639b

SEC Issues Guidance on Security Incident Disclosure

October 31, 2011 Added by:David Navetta

What the guidance document does stress, however, is process and risk assessment. One read of this guidance is that companies internally are going to have to more carefully forecast and estimate the impact of cyber incidents and the consequences of failing to implement adequate security...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Researcher Ups Ante on Hacking Medical Devices

October 31, 2011 Added by:Headlines

"You're not meant to be able to grab serial numbers out of the air. This tool I developed should be able to scan the frequency for these pumps, retrieve the pump ID, and with that pump I can then dispense insulin, suspend the pump, resume it and that type of thing..."

Comments  (0)

Ebbcdce0dfc85abf519d8b44a017f687

Latest Data Breach Costs Could Exceed $5 Billion

October 31, 2011 Added by:Brian Dean

It is recommended that organizations receiving PII become intimately familiar with all of the applicable security requirements for their industry in order to understand minimum protection requirements, industry best practices, as well as the consequences of noncompliance...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Hacktivist "The Jester" Draws Crowd at Hacker Halted

October 31, 2011 Added by:Headlines

The Jester had alluded to the fact that he may have actually been physically present at the conference by apparently hiding an encrypted message in one of the conference rooms, tweeting "left a little something under the projector in Alhambra SCADA room. Tweet me a photo of what's there"...

Comments  (0)

6d117b57d55f63febe392e40a478011f

Hacker Halted: Jeff Bardin on the Cyber Intelligence Cycle

October 30, 2011

"Criminals and nation-states have adopted traditional physical intelligence techniques for the cyber world. Jeff Bardin examines various CYBINT and OSINT methods, information mining of social networking sites and the tools in use for gathering information on targets of opportunity...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

Moralizing, Anonymous, and Digital Vigilantism

October 30, 2011 Added by:Infosec Island Admin

It would seem that Anonymous, Antisec, and LulzSec have already decided to take up the mantle of vigilante’s already. However, the targets have been, for the most part, varied parties that could be seen as hapless victims or as malefactors, it all depends on the point of view really...

Comments  (1)

706d1ad00b38ceb640723d26ebbb5b77

Healthcare Data Breach Response Best Practices

October 30, 2011 Added by:Christine Arevalo

Taking a PHI inventory, establishing an Incident Response Plan, meeting patients' real needs, and looking for the positive aspects of a data breach can all reflect your culture of commitment and caring. And that's the best practice of all...

Comments  (0)

94ae16c30d35ee7345f3235dfb11113c

Building a Backdoor

October 29, 2011 Added by:Joel Harding

A friend in another country wrote and asked me if the reason the United States suspected foreign equipment of containing a means of gaining surreptitious access to telecommunication, information or networked systems, commonly called a backdoor, was because the US routinely does it...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Effective Software Security Starts and Ends with Requirements

October 28, 2011 Added by:Rafal Los

Threat modeling software is a delicate art, and often mis-understood enough to cause poor execution. It seems elementary that the best time to impact security in a positive way is during requirements gathering, yet many security professionals continue to ignore that opportunity...

Comments  (0)

6d117b57d55f63febe392e40a478011f

Hacker Halted Miami: EC Council's Jay Bavisi

October 27, 2011

Jay Bavisi is the Co-Founder and President of EC-Council, a global Leader in Information Security Education, Training, and Certification. With 27 Infosec facing certifications, ECC's interest is in supporting the global need for Security Certified Professionals in the realm of Ethical Hacking...

Comments  (0)

C70bb5cfd0305c9d18312d92f820c321

How to Plan Security and Meet Your Compliance

October 27, 2011 Added by:Gabriel Bassett

If you feel a bit lost with what tools you have in your (defenses, sensors, response) toolbox, you're in luck! The good news is the toolbox is already sitting on your hard drive. The bad news is, it's your compliance controls...

Comments  (0)

1156f97fa8f23821bd838fe7d9283d90

Welcome to the PCI Prioritization Approach

October 27, 2011 Added by:David Sopata

Organizations often start implementing security controls on all of their systems throughout the company without really knowing what systems should be in scope or which systems should not be in scope for PCI. Hence, the PCI DSS Prioritization Document and Tool was developed...

Comments  (0)

B64e021126c832bb29ec9fa988155eaf

The Other Top Issues Facing Computer Security

October 27, 2011 Added by:Dan Dieterle

There is a disconnect between management and IT. Sometimes management doesn’t fully understand what the IT department is doing. Veteran computer personal are being removed from companies – “due to cutbacks”, only to be replaced shortly thereafter by inexperienced or even temporary workers...

Comments  (0)

37d5f81e2277051bc17116221040d51c

The Evolution of Online Fraud Prevention

October 27, 2011 Added by:Robert Siciliano

When merchants moved from catalogs to websites, IP addresses were used to track transactions. But bad guys figured out how to spoof them. Now we have a number of new technologies designed to fight credit card fraud. The most effective and widely implemented is device reputation...

Comments  (0)