Latest Posts

69dafe8b58066478aea48f3d0f384820

Dropbox Confirms Password Security Glitch

June 21, 2011 Added by:Headlines

"This should never have happened. We are scrutinizing our controls and we will be implementing additional safeguards to prevent this from happening again. We are sorry for this and regardless of how many people were ultimately affected, any exposure at all is unacceptable to us..."

Comments  (1)

0f57a863af3b7e5bf59a94319a408ff7

Broken Trust Part 1: Reflections on RSA's SecurID

June 20, 2011 Added by:Enno Rey

If you have been wondering “why do my guts tell me we shouldn’t trust these guys anymore?” this post might serve as a contribution to answering this question in a structured way. Furthermore, the intent was to provide some introduction to the wonderful world of trust, control and confidence...

Comments  (0)

9259e8d30306ac2ef4c5dd1936e67634

Calculating the Return on Security Investment (ROSI)

June 20, 2011 Added by:Dejan Kosutic

Traditionally, "making sense" for management means that the revenues that will result from the investment will be larger than the total cost of investment. So what's the problem? The problem is, even if you can calculate the total cost, there are no revenues to be made from security...

Comments  (0)

5e402abc3fedaf8927900f014ccc031f

You Can't Fight Google, So Embrace Google

June 20, 2011 Added by:Allan Pratt, MBA

When creating a Google Profile, you may be as comprehensive or as minimal as you wish. But, without a doubt, include your name, photo, gender, professional overview, and some links. Take control of your Google Profile – it actually feels empowering in this era of too little online control...

Comments  (0)

1789975b05c7c71e14278df690cabf26

How to Pen Test Crazy

June 20, 2011 Added by:Pete Herzog

So who verifies security operations? Not the penetration tester. Not the ethical hacker. Not anymore. Sadly, unfortunately they've been marginalized to running scanners and eliminating false positives and negatives. They have been marginalized into near extinction...

Comments  (2)

7fef78c47060974e0b8392e305f0daf0

LulzSec, Jester, and Counter-Intelligence on the Internet

June 20, 2011 Added by:Infosec Island Admin

In the case of LulzSec and Anonymous, they are using many types of systems to protect their anonymity. With the right tools and obfuscation techniques, they feel impervious to attacks, be it from law enforcement or the likes of The Jester. Tactically, they have the advantage in many ways...

Comments  (1)

69dafe8b58066478aea48f3d0f384820

InfraGard: Cyberwar Declaration on the Horizon

June 20, 2011 Added by:Headlines

"What does our government or other governments think is an effective deterrent or response to an all out cyber attack? Since we have no good definitions or protocols, I do think that the attack on Lockheed Martin is a sign of the future..."

Comments  (0)

6429389c5e8a4c9555be876f8484331a

Webcast: The State of SSL on the Internet

June 20, 2011 Added by:Sasha Nunke

The SSL (TLS) protocol is the security backbone of the Internet, but surprisingly little is known about how it is deployed. This session will present the results of the first publicly available survey aimed at assessing the state of SSL. It will also provide documentation and free tools...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

LulzSec Vows to Continue "Until We're Brought to Justice"

June 20, 2011 Added by:Headlines

"We've been entertaining you 1000 times with 140 characters or less, and we'll continue creating things that are exciting and new until we're brought to justice, which we might well be. But you know, we just don't give a living frak at this point..."

Comments  (0)

29fb4966bdfcfff5545ae464c771071b

Why Hackers are Having a Field Day

June 20, 2011 Added by:Gurudatt Shenoy

The past few months have seen a shock and awe campaign being launched by a series of hacker organizations such as Anonymous hackers and LulzSec. The most serious of recent events is the breach of RSA's SecureID. Whew. If the guardians of security cannot protect their own, who else can?

Comments  (2)

69dafe8b58066478aea48f3d0f384820

Sega Breach Exposes 1.3 Million Accounts

June 20, 2011 Added by:Headlines

In an odd turn of events, the most likely suspect in the attack against Sega, the hacker collective LulzSec, apparently was not involved in this latest event and has offered to help Sega track down the culprits...

Comments  (0)

850c7a8a30fa40cf01a9db756b49155a

Lack of Attribution Undermines Clarke's China Warning

June 19, 2011 Added by:J. Oquendo

Richard Clarke should take from the lessons learned via Iraq: Not everything is what it seems. When it comes to a cyber intrusion, all anyone can ever claim is that a computer from "some country" was the source of the attack. The reality is, the attacker could be anyone in the world....

Comments  (0)

7e364bbac217114a59e547b354e7f7ad

Components of Effective Vulnerability Management

June 19, 2011 Added by:Gary McCully

Vulnerability management is a continual process that monitors the effectiveness and the efficiency of your organization’s ability to mitigate vulnerabilities. Without a Vulnerability Management Program, you and your security program could be blindly walking off the edge of a cliff...

Comments  (0)

7c5c876d1933023ac375eead04302e1a

Attackers Love Your Organization's HR Department

June 19, 2011 Added by:Boris Sverdlik

Companies use every available resource in their recruiting. They hire third party recruiters, post job listings on LinkedIn, Dice, Monster and numerous other places. While this will bring in a plethora of qualified candidates, it also provides attackers a wealth of information...

Comments  (9)

Ebb72d4bfba370aecb29bc7519c9dac2

Algorithmic SIEM “Correlation” Is Back?

June 18, 2011 Added by:Anton Chuvakin

One of the ways out of ill-fitting default rules is in use of event scoring algorithms and other ruleless methods. While not without known limitations, can be extremely useful in environments where correlation rule tuning is not likely to happen, no matter how many times we say it should...

Comments  (0)

99edc1997453f90eb5ac1430fd9a7c61

Cynical Security Cliches

June 17, 2011 Added by:Javvad Malik

Auditors are always trying to pin something on security departments. They’ll doggedly pursue every lead, using their statement of work as an all-access pass to the security procedures. Worse, the cynic can even find himself becoming a chief suspect in his own investigation...

Comments  (1)

59d9b46aa00c70238bb89056cfeb96c0

A Values-Based Approach to Your Compliance Program

June 17, 2011 Added by:Thomas Fox

Moving from a rules-based compliance training to an ethics-based approach, there are three general areas where a company can change its approach in a manner to encourage employees to behave ethically, they are The Code; Ethics Training; and You Make the Call...

Comments  (0)

37d5f81e2277051bc17116221040d51c

Get Digitally Secure Before it’s Mandatory

June 17, 2011 Added by:Robert Siciliano

It is possible to secure systems against most cybercrime but that level of security often proves too inconvenient for consumers. As long as banks continue absorbing losses from fraud, consumers remain blissfully ignorant of the consequences of inadequate security...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Richard Clarke: China's Cyberassault on America

June 17, 2011 Added by:Headlines

"What would we do if we discovered that Chinese explosives had been laid throughout our national electrical system? The public would demand a response. If, however, the explosive is a digital bomb that could do even more damage, our response is apparently muted—especially from our government..."

Comments  (0)

69dafe8b58066478aea48f3d0f384820

SMBs Face Growing threat from Mass Meshing Attacks

June 17, 2011 Added by:Headlines

"Because they can do it at such a precise level, when they attack they don't just inject a single malicious script like in mass SQL injections. They inject a backdoor, which allows them total control of all the files on the website..."

Comments  (0)