February 23, 2011 Added by:Danny Lieberman
Deploying line of business or life science applications on mobile Android tablets or an iPad has a different set of security requirements than backing up your address book. It requires thinking about the software security and privacy vulnerabilities in a systematic way...
February 22, 2011 Added by:Roman Yudkin
The burden of so many complex passwords is too high, especially if the user believes the odds of their credentials being stolen are small. Advice on choosing strong passwords and never re-using them is rejected as a poor cost/benefit tradeoff. No wonder users have bad password practices...
February 22, 2011 Added by:Katie Weaver-Johnson
Experts (and vendors) are recommending banks increase their security measures and implement expensive fraud detection solutions. Unfortunately this is merely reacting to a symptom rather than preventing the problem. The root of the problem is uneducated consumers and lack of situational awareness...
February 22, 2011 Added by:Anton Chuvakin
Finally, it is useful to create a “PCI Compliance Evidence Package” based on the established and implemented procedures to show it to the QSA. It will help establish your compliance with three key of PCI DSS logging requirements...
February 22, 2011 Added by:Dejan Kosutic
Annex A provides a catalog of 133 security measures (controls) for decreasing risks. Knowing what controls Annex A offers, how they can be used, and how the documentation is to be structured is very important both when carrying out risk treatment, and when planning to implement the controls...
February 22, 2011 Added by:Rod MacPherson
Once a hacker (if they have malicious intent we'll call them crackers) has found a way onto a system s/he then usually needs to jump to the Administrator or system or root account. Ninja is a program for Linux (and presumably most Unix like OSes) that monitors for such privilege escalation...
February 22, 2011 Added by:Don Eijndhoven
Endpoint protection will remain the name of the game, and what software vendors are doing right now isn't working. Its a failing approach that’s becoming increasingly obvious with each new report of a major breach. A change needs to be made before Organized Crime realizes its full potential...
February 22, 2011 Added by:Brad Bemis
Pardon my language, but in my experience you don’t have to be a prick to be an effective security professional – in fact, being a prick is counterproductive in almost every way imaginable. Being nice however, will serve you in ways that I can’t even begin to explain...
February 22, 2011
Anthony M. Freed interviews Matt Alderman, Director of Product Management for Qualys. Matt has experience in solutions-oriented Governance, Risk Management and GRC, as well as directing a broad range of corporate compliance initiatives while designing, planning and implementing compliance solutions in direct support of client business objectives.
February 21, 2011 Added by:J. Oquendo
Magenta would be a new breed of windows based rootkit. The Magenta rootkit body is injected into kernel memory via the DriverEntry() partial-load technique. Once loaded into kernel memory, Magenta would automatically identify an active process/thread context to inject itself via an APC...
February 21, 2011 Added by:Robert Gezelter
OpenVMS system managers need to develop the plans, processes, and procedures to respond to legal process requests. Correctly dealing with these requests minimizes the impact on production systems. Failure to address these situations can expose the organization to significant liability...
February 21, 2011 Added by:Andy Willingham
Many security issues arise from assuming that the advice of someone else (consultant, vendor) is going to keep you secure. Companies are rolling out web based applications faster than they realize. When you don’t know how many web apps you have, you have bigger problems than just securing them...
February 21, 2011 Added by:Robert Siciliano
Corporations and government agencies are legally required to secure their systems. But no such standards exist for the consumer. No laws require you to take a single step for the sake of your own security. Software vendors should certainly be held accountable if their products aren’t secure...
February 21, 2011 Added by:Mark Baldwin
February 21, 2011 Added by:Headlines
"Few weapons in the history of warfare, once created, have gone unused. It is possible to imagine attacks on military networks or critical infrastructure-like our transportation system and energy sector-that cause severe economic damage, physical destruction, or even loss of life"...
February 21, 2011 Added by:Ron Lepofsky
NERC CIP standards are written expressly for electrical utilities. If rigorously deployed they are a material step towards security. A more comprehensive set of security control within COBIT, upon which IT SOX compliance is based, should be considered for hardening the electrical grid...
February 20, 2011 Added by:Rafal Los
Micro-focusing on the events and technology drivers that impact the state of software security is tough - especially when the hot topic of the day is cloud, cloud, cloud, "data exfiltration" - which we all know is code for WikiLeaks - and... oh, right, 'Cyber War'...
February 20, 2011 Added by:Rob Fuller
Brute force, even though it's gotten so fast, is still a long way away from cracking long complex passwords. That's were word lists come in handy. It's usually the crackers first go-to solution, slam a word list against the hash, if that doesn't work, try rainbow tables..
February 20, 2011 Added by:Kevin L. Jackson
Cloud computing allows the Federal Government to use its IT investments in a more innovative way and to adopt innovations from the private sector. Cloud computing will also help IT services take advantage of leading-edge technologies including devices such as tablet computers and smart phones...
February 20, 2011
Anthony M. Freed interviews Richard Steinnon, author of the thought provoking book "Surviving Cyber War" (Government Institutes). He regularly contributes content to Infosec Island from his security blog ThreatChaos.com, and is the founder of IT-Harvest, an independent analyst firm that researches the 1,200 IT security vendors. He was previously Chief Marketing Officer for Fortinet, Inc. the leadi...