Latest Posts


Secure Your Chance to Win a Copy of 'The Source Code'

May 08, 2011 Added by:Infosec Island Admin

In an age when people are becoming more reliant on computers for both work and personal use, exposure to cyber-hackers and the risk associated with identify theft is escalating at an alarming rate. William A. Thau’s novel seems to be an eerie foreshadowing of recent events...

Comments  (0)


Supporting "Unmaintainable" Applications

May 08, 2011 Added by:Rafal Los

A solid Software Security Assurance program takes into consideration the legacy risks from all the applications that have existed before a security program came into being. The issues that surround legacy applications are complex, and can create headaches for security teams...

Comments  (0)


Smart Phone Privacy and Anonymizing the Nokia N900

May 08, 2011 Added by:Kyle Young

A lot of people are now using and relying on smart phones. Part of what makes these devices so ’smart’, is their ability to gather information on the user and use this information.The problem with this is that a lot of private information is being gathered...

Comments  (2)


Skype IM (MAC OS X) - Is This The Zero-Day ?

May 08, 2011 Added by:Rohit Bansal

Skype fails to instantiate between the payloads that are sent as hyperlinks in the chat window. The attacker only requires a definitive payload to exploit this issue. Basically, we call it as a Skype Remote Scripting Injection...

Comments  (0)


Compliance: Know Who You Are Doing Business With

May 06, 2011 Added by:Thomas Fox

Both risk and compliance are converging. Your company should review its compliance program in these three areas to determine if any of its business relationships are on the lists set out in this article. Not only does it make business sense, but it may keep you out of regulatory scrutiny..

Comments  (0)


Chinese Hackers Are Hungry for Information

May 06, 2011 Added by:Rahul Neel Mani

Stuart McClure, Senior Vice President at McAfee co-authored his best-selling book Hacking Exposed: Network Security Secrets & Solutions 12 years ago. In an interview with Varun Aggarwal, he talks about how things have changed since then as he launched the new edition of his book...

Comments  (0)


Hackers Planning Third Attack on Sony Networks

May 06, 2011 Added by:Headlines

A third attack is planned against Sony's Web site. The people involved plan to publicize all or some of the information, which could include customer names, credit card numbers, and addresses, according to the source. The hackers claim they currently have access to some of Sony's servers...

Comments  (0)


Is Too Much Focus Put on the Application Layer?

May 06, 2011 Added by:Keith Mendoza

Information system security is really nothing new, its just that no one has paid attention to it until recently; and the focus seem to mostly be on securing the application. My question is: who will make sure that the attack vector will not come from the hardware layer?

Comments  (4)


Terrorism and New Media: The Post Al Qaeda Generation

May 06, 2011 Added by:Ben Rothke

The Internet has revolutionized how we socialize and do business, speeding commerce, facilitating knowledge sharing, and creating networks that could not have existed a decade ago. Unfortunately, terrorists reap the same benefits...

Comments  (0)


Osama Bin Laden's Computer Files and Data Encryption

May 06, 2011 Added by:Headlines

"Correctly implemented encryption is very difficult to break. If data is encrypted correctly using good, best practices, I'm not aware of the ability to break that encryption. If correctly implemented and done by someone who understands how to do it, it's a huge, huge challenge..."

Comments  (0)


Nine Deadly Cyberwarfare Sins

May 05, 2011 Added by:J. Oquendo

In a conventional war, superpowers still have deterrents: nuclear weapons, financial fallout and so on. In a cyberwar, there is nothing more than imagined deterrents because as an attacker, anonymity will reign supreme. Deterrents do not apply on the cyber battlefield...

Comments  (0)


How LastPass Protected Passwords and What Changed

May 05, 2011 Added by:Eric Irvin

New passwords will now be hashed using PBKDF2 with SHA-256 hashing, a 256-bit salt, and 100,000 rounds of pseudo-randomization and salting. In comparison, BlackBerry uses 1 round and the Apple iOS4 uses 10,000 rounds. With this implementation, password cracking becomes extremely difficult...

Comments  (0)


Data Security Explained in Simple Terms

May 05, 2011 Added by:Gurudatt Shenoy

The argument that devices can be stolen and thus cannot be fail-proof against data theft can be certainly countered by the fact that such devices can be detected quite early and rendered unusable, as compared to stolen passwords that are most often detected only once the damage is done...

Comments  (2)


McAfee’s Most Unwanted Identity Theft Criminals

May 05, 2011 Added by:Robert Siciliano

McAfee has created a tongue-in-cheek list of the most unwanted identity thieves, describing the various techniques thieves use to steal your information. It’s clever and, unfortunately, very real...

Comments  (0)


Do You Really Know What’s on Your Network?

May 05, 2011 Added by:Global Knowledge

A simple Android app called Caribou is able to open doors with a simple push of a button once the IP address of the server is identified. When you think of the number of access card systems installed in HOA’s and businesses across the nation, the enormity of the risk becomes easily apparent...

Comments  (0)


LastPass Password Manager Issues Security Alert

May 05, 2011 Added by:Headlines

To counter the potential threat, LastPass is going to force everyone to change their master passwords. Additionally, they're going to want an indication that you're you, by either ensuring that you're coming from an IP block you've used before or by validating your email address...

Comments  (1)


How to Recognize and Analyze a Fake Anti-Virus Message

May 05, 2011 Added by:Dan Dieterle

Trying to figure out how I was redirected to this fake AV site from clicking on a Google image, I found something interesting. Hovering over the picture, I noticed that the website that showed up under the image looked legit, but the image URL pointed to a completely different website...

Comments  (1)


Sony Tells Congress Anonymous DDoS Aided Breach

May 05, 2011 Added by:Headlines

Initially, Sony representatives did not seek to connect the hacktivist group with the data breach event. That has changed now that forensic investigators have located a file on the hacked PSN systems named "Anonymous" and containing the movement's tagline "We are Legion"...

Comments  (0)


Architecting Secure Information Systems

May 04, 2011 Added by:Robb Reck

Creating secure systems from the ground up requires different skills than buying and bolting on technologies to implement security after the fact. You have the chance to build this new system with a strong foundation. Do not miss your chance to show how security should be addressed...

Comments  (0)


Information Security Policies and Procedures Part 3

May 04, 2011 Added by:Alex Hamerstone

Search engines place a vast body of human knowledge at your fingertips. This vast knowledge often includes the intellectual property of others. Finding policies on the internet and using control H to place your organization’s name in place of another is not only wrong, it is also ineffective...

Comments  (0)