Latest Posts

69dafe8b58066478aea48f3d0f384820

DigiNotar Banned from Issuing New Digital Certificates

September 16, 2011 Added by:Headlines

"An unauthorized third party (hacker) has been active on the CA server that is used for issuing qualified certificates... The integrity of the data on the [DigiNotar] server that is used for production and issuance of qualified certificates is therefore impossible to guarantee..."

Comments  (0)

8c4834b99847b9f7c9ee94b45df086f9

Why Encryption Alone Isn’t Enough

September 16, 2011 Added by:Emmett Jorgensen

There are variables at work that often require security measures above and beyond encryption. The confidentiality of the data you are working with, state, federal and industry regulations, user habits, platforms and more all factor into the security measures needed to safeguard your data...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

NATO Seeks Cyber Alliance with India

September 16, 2011 Added by:Headlines

Chinese state backed hackers are not the only threat we are facing. The Russian Business Network and other foreign government-backed entities are falling from the radar as Chinese hackers take center stage. Lets not forget the lone hackers or hacktivist groups that are very active...

Comments  (0)

8b5e0b54dfecaa052afa016cd32b9837

Internet Piracy, Plagiarism and the Security Professional

September 16, 2011 Added by:Craig S Wright

The issue is that some in the security industry leverage the works of others coupled with external promotion to seem more than they are. We all suffer for this, and in a field as critical as security the costs can be disproportionate to the damage an individual could seem to be able to create...

Comments  (5)

D8853ae281be8cfdfa18ab73608e8c3f

IP Resolution Using Meterpreter’s Railgun

September 15, 2011 Added by:Rob Fuller

I saw a post back in June titled DNS Port Forwarding Con Meterpreter. It looked like hard work to set that up. I didn’t want to go through that every time I got onto a new network. So I made a simple meterpreter post module to just call a Windows API key called ‘gethostbyaddr’ using Railgun...

Comments  (4)

21d6c9b1539821f5afbd3d8ce5d96380

Cloud Computing Challenges at Federal Agencies

September 15, 2011 Added by:Kevin L. Jackson

The use of commodity components, coupled with highly automated controls, enable cloud computing. These characteristics also enable the economic model that makes it so disruptive to the status quo. As an example, the cloud delivery model typically does not require any advance usage commitment...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

New SpyEye Variant Targeting Android Devices

September 15, 2011 Added by:Headlines

The new variant is designed to harvest text messages that contain a one-time use code sent to customers by institutions as an added security measure for clients engaged in mobile banking transactions, making SpyEye an even more powerful tool for stealing financial login credentials...

Comments  (0)

94ae16c30d35ee7345f3235dfb11113c

How to Wage War in Cyberspace with Iran

September 15, 2011 Added by:Joel Harding

Iran has already begun deployment of cyber forces in small teams throughout the world to avoid devastation if the networks internal to Iran are crippled. A myriad of intelligence agencies are gathering as much intelligence as possible for a possible war in cyberspace with Iran...

Comments  (2)

58bc13ef5da5ac4fc32d41c3fbc0e460

The Leaking Vault 2011: Six Years of Data Breaches

September 15, 2011

The Leaking Vault 2011 presents data gathered from studying 3,765 publicly disclosed data breach incidents, and is the largest study of its kind to date. Information was gleaned from the organizations that track these events, as well as government sources...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

NIST Releases Secure Cloud Computing Guidelines

September 15, 2011 Added by:Headlines

NIST is responsible for accelerating the federal government’s secure adoption of cloud computing by leading efforts to develop standards and guidelines in close consultation and collaboration with standards bodies, the private sector and other stakeholders, including federal agencies...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Defining the Edge of Responsibility in Mobile Applications

September 15, 2011 Added by:Rafal Los

It is critical to let your customers know where your responsibility ends. One of the most dangerous things an organization can do is try to push that perimeter and to protect every client. This can get incredibly costly, and incredibly difficult to defend in court...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

Hacker Halted and the CyberLympics Hacking Challenge

September 15, 2011 Added by:Infosec Island Admin

Hacker Halted USA 2011 will not just be another IT security conference. It will be a masterpiece showcase that has some of the world's best security experts congregate at one location. Hackers Are Here. Where Are You?

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

Strutting and Fretting Upon the Security Stage: Intro

September 14, 2011 Added by:Infosec Island Admin

I have heard others lament the state of the “security industry” and have posted about my own adventures in the land of FUD and Security Theater as well as a side trip into the lands of denial. My goal with this series is to cover the players, the game, and the realities of the security business...

Comments  (4)

8c4834b99847b9f7c9ee94b45df086f9

HHS to Start Auditing For HIPAA Compliance

September 14, 2011 Added by:Emmett Jorgensen

Despite both HIPAA and the HiTECH Act, healthcare data breaches have been popping up regularly. A recent study found over 70% of hospitals had data breaches last year. This has generated concern over Healthcare’s adoption of security procedures and the overall effectiveness of HIPAA...

Comments  (4)

4c1c5119b03285e3f64bd83a8f9dfeec

The Perception Risks of Multi Language PaaS

September 14, 2011 Added by:Ben Kepes

It’s exciting times for PaaS players as they race to be the broadest, deepest player – but I wonder if this headlong rush to be everyone to everything isn’t going to impact on what their developers think of them. Are the new breed of uber-platforms, trying to be all things to all people?

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Ten History-Making Hackers Who Shaped Technology

September 14, 2011 Added by:Headlines

The ensemble is somewhat surprising - a collection of both white and black hat innovators who's activities often landed them on either side of the law, but who nonetheless had a tremendous impact on information technology as we know it today...

Comments  (0)

B64e021126c832bb29ec9fa988155eaf

Simple Network Security Monitoring Tools

September 14, 2011 Added by:Dan Dieterle

You can then drill down from high level topics like Destination Country to recreations of the actual data sent in a few clicks. You can look at the information transferred including scripts, programs, pictures and videos. You can also search the entire data collected for specific identifiers...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Senator Seeks Punitive Model for Data Security Laws

September 14, 2011 Added by:Headlines

The devil is in the details with these laws. But there are a number of questions here... These companies are already victims in these attacks, so why are we penalizing them after a breach? I think that's because it's easier to issue fines than it is to track down the criminals and go after them..."

Comments  (0)

B09c361cbdc6cf629affdc7db30a186d

Friends, Foes and Faceless Denizens – The Real Social Network

September 14, 2011 Added by:Steven Fox, CISSP, QSA

The successful compromises of physical security on my social engineering engagements have been enabled by information gleaned from Facebook / MySpace pages. In these cases, my research allowed me to influence employee behavior to circumvent logical and physical access controls...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

U.S. - E.U. Collaborate on Smart Grid Standards

September 14, 2011 Added by:Headlines

"The potential benefits of Smart Grids are enormous, they can only be fully reached if we can all agree on global solutions. It is promising to see that NIST and SG-CG will be supporting common positions and areas of collaboration to ensure a consistent set of international standards..."

Comments  (0)