Latest Posts

4ed54e31491e9fa2405e4714670ae31f

Weaponizing the Nokia N900 Part 3.8: Backtrack 5

May 31, 2011 Added by:Kyle Young

You could setup your N900 on a victim network and have ssh listing on your public IPv6 address and then log in to your N900 from an outside network over IPv6. You wouldn’t even have to do any port forwarding on the victim’s firewall/gateway/router...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Hackers Deface PBS Site in WikiLeaks Protest

May 31, 2011 Added by:Headlines

"Last night there was an intrusion to PBS' servers. The erroneous information on the PBS NewsHour site has been corrected. We're notifying stations and affected parties to advise them of the situation..."

Comments  (0)

43559f6a0465c923b496a260211995c0

SecurID: No Need for the Seed!

May 30, 2011 Added by:Pascal Longpre

An attacker who has installed the target's VPN client and configuration patiently waits for the user to authenticate. When the user begins to enter its 6 digit SecurID password, the Trojan captures the characters entered and immediately sends them through SSL to the attacker's machine...

Comments  (1)

5d3b9af5a870b9a89f8fa51fb390d488

Onsite Personnel "Don't Need No Stinkin' Badges" for PCI

May 30, 2011 Added by:Joe Schorr

To truly improve their security posture, companies should create (and enforce) a mandatory ID Badge policy for visitors and employees. An effective policy coupled with good security awareness training will go a long way to closing up this particular gap in PCI-DSS 2.0...

Comments  (2)

A7290c5bd7bc2aaa7ea2b6c957ef639b

FTC Enforcement Update: Virtual Worlds Settles

May 30, 2011 Added by:David Navetta

The FTC complaint alleged that the sites collected children’s information, including ages and email addresses, during registration and then enabled children to publicly post their full names, email addresses, instant messenger IDs, geographic location and other information...

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

On Gartner's SIEM Magic Quadrant 2011

May 29, 2011 Added by:Anton Chuvakin

I think the concept of Magic Quadrant is brilliant. However, many wrong SIEM purchase decisions I’ve seen made usually stem from the decision maker’s own ignorance and not from whatever document or market visualization he has in his possession. Keep this in mind…

Comments  (1)

A966b1b38ca147f3e9a60890030926c9

Security and Due Diligence

May 28, 2011 Added by:Chris Blask

Behind all the technology and corporations and globe-spanning markets and networks there are individual human beings. The actions and intent of those individuals shines through the layers between them and the rest of us like arc lights through kleenex. There is no replacement for intent...

Comments  (0)

F520f65cba281c31e29c857faa651872

Open Your Box of IT Innovation

May 28, 2011 Added by:Rahul Neel Mani

Innovation and doing more with less are not just buzzwords. That doesn't mean having Systems up and running can take a back seat either. David Awcock, Head of Technology Standard Chartered Bank, shares his ideas in an interview with Minu Sirsalewala Agarwal, on how he manages both...

Comments  (0)

99edc1997453f90eb5ac1430fd9a7c61

Infosec: Is the Cynic-Signal Broken?

May 27, 2011 Added by:Javvad Malik

Why do they put brakes in cars? If you answered “to make you stop”, you’re kind of wrong. The correct answer is, they put brakes in cars so that you can go faster. In many ways, security is similar. However, security doesn’t just bolt onto a business - it's a mindset...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Joint U.S.-China Report on Cybersecurity Released

May 27, 2011 Added by:Headlines

"In a time when most can only see a grim, downward spiral of recrimination when it comes to all things cyber, this report is the product of cooperation and offers some hope for an improved relationship between China and the US..."

Comments  (1)

69dafe8b58066478aea48f3d0f384820

RSA's SecurID Hack Leads to Lockheed Network Disruption

May 27, 2011 Added by:Headlines

"Whoever hacked the RSA network got the algorithm for the current tokens and then managed to get a key-logger installed on one or more computers used to access the intranet at this company. With those two pieces of information they were then able to get access to the internal network..."

Comments  (1)

8c4834b99847b9f7c9ee94b45df086f9

The Future of Secure Mobile Computing?

May 27, 2011 Added by:Emmett Jorgensen

Using a Bare-Metal-Boot Mode, these devices never have to touch the hard drive of the host machine, and with capacities up to 128GB, there is plenty of room for data storage as well. Add to that encryption and dual factor authentication and you’ve got an incredibly secure device...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

NATO: Cyber Defense and the New Strategic Concept

May 27, 2011 Added by:Headlines

Cyber attacks offer vastly favorable cost-benefit ratios in comparison to conventional military options. It is increasingly probable that a cyber attack on a NATO country will precede, or even replace a physical assault, moving cyber issues to the forefront of security concerns...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Sony's Catastrophic Security Problem - The End Game

May 26, 2011 Added by:Rafal Los

Hacking incidents tend to have a short-term impact on a business and rarely impact the long-term viability of a large organization. What I suspect may happen here is an event or exfiltration of data so catastrophic that it may actually impact Sony's long-term viability...

Comments  (2)

F29746c6cb299c1755e4087e6126a816

Verizon Report: Hackers Target Small Businesses

May 26, 2011 Added by:Kelly Colgan

Hackers are changing their tactics and chasing opportunities. Black hats are honing in on lower-tier business targets—organizations with less savvy, maturity and investment in countermeasures. Once they identify vulnerability, they exploit it...

Comments  (0)

0c4ca84ec3f3f2d57194f8e0cbd5ba85

Data Privacy: Don't Hand Over the Keys to Your Kingdom

May 26, 2011 Added by:Lindsay Walker

While internal breaches remain a high risk, 57% of the C-level respondents in the survey felt that that next one to three years will see external threats, such as cyber-criminals, being a greater security risk than threats from with the organization...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Researcher Nabs Details from 35 Million Google Profiles

May 26, 2011 Added by:Headlines

“I wrote a small bash script to download all the sitemap-NNN(N).txt files mentioned in that file, and attempted to download 10k, then 100k, than 1M and then, utterly surprised that my connection wasn't blocked or throttled or CAPTCHA'd, [downloaded] the rest of them..."

Comments  (0)

37d5f81e2277051bc17116221040d51c

Mobile Payments Set to Dramatically Increase

May 26, 2011 Added by:Robert Siciliano

The Payment Card Industry Standards Council is not yet granting approval to any mobile payment applications. With the explosive growth of the mobile payment industry, they are holding off and waiting to see which technologies rise to the top...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Cookiejacking Exploit Threatens Facebook Accounts

May 26, 2011 Added by:Headlines

"The attack exploits a vulnerability in the IE security zones feature... By embedding a special iframe tag in a malicious website, an attacker can circumvent this cross zone interaction and cause the browser to expose cookies stored on the victim's computer..."

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

E2E Encryption and Doctored Credit Card Terminals

May 26, 2011 Added by:PCI Guru

End-to-end encryption just moves the attack points, in this case out to the terminal at the merchant’s location. Worse yet, it also makes security of the merchant’s endpoint even more difficult than it already is because the techniques used in doctoring terminals can easily go unnoticed...

Comments  (0)