Latest Posts

7fef78c47060974e0b8392e305f0daf0

Where Will 2012’s Online Threats Come From?

October 07, 2011 Added by:Infosec Island Admin

A recent survey released by PWC cites that over 75% of organizations are in the dark when it comes to online threats to their businesses. Given this rather alarming statistic, we wanted to point you towards two relevant SC magazine webcasts on finding and pre-empting hidden threats...

Comments  (0)

8c4834b99847b9f7c9ee94b45df086f9

Trusted Computing from Portable Devices

October 06, 2011 Added by:Emmett Jorgensen

There are many different ways that secure devices are being used as platforms for collaborative technologies to address growing market requirements. The ability to secure activities anywhere, at any time, from any machine is something that will gain traction over the next few years...

Comments  (0)

B09c361cbdc6cf629affdc7db30a186d

The Dark Side of Collaboration

October 06, 2011 Added by:Steven Fox, CISSP, QSA

Realizing the value of security investments requires teamwork. However, corporate teams play in a competitive arena that demands flexibility and responsiveness. Managers must be ready to recognize when to use tactical collaborations for the benefit of team strategy...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

SpyEye Trumps Mobile Banking SMS Security Systems

October 06, 2011 Added by:Headlines

"This latest SpyEye configuration demonstrates that out-of-band authentication systems, including SMS-based solutions, are not fool-proof... Using a combination of MITB technology and social engineering, fraudsters... fly under the radar of fraud detection systems..."

Comments  (0)

C70bb5cfd0305c9d18312d92f820c321

Risk Management: Context is the Key

October 06, 2011 Added by:Gabriel Bassett

There is a core problem in risk management. Technical people tend towards the “every security risk is important enough to fix” mantra, focusing on technical details and over-rating risks. Management is used to much more tolerant definitions of likelihood and impact quantifiable in dollars...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

AmEx Secures Website Admin Debugging Panel Error

October 06, 2011 Added by:Headlines

“An attacker could inject a cookie stealer combined with jQuery’s .hide() and harvest cookies which can, ironically enough, be exploited by using the admin panel provided by sloppy American Express developers," Femerstrand explained in a blog post...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

Anonymous, Wall Street and Disinformation

October 06, 2011 Added by:Infosec Island Admin

FUD is a great motivator, and an attack on the NYSE or NYNEX, or any of the players here could have ripples later on. Those ripples would come in the form of people selling off their stocks, companies and corporations as well, and the net effect could potentially be large losses in the market...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Researchers Develop Enhanced Security for Cloud Computing

October 06, 2011 Added by:Headlines

SICE - A Hardware-Level Strongly Isolated Computing Environment for x86 Multi-core Platforms: "We have significantly reduced the surface' that can be attacked by malicious software. Previous techniques have exposed thousands of lines of code to potential attacks..."

Comments  (0)

71d85bb5d111973cb65dfee3d2a7e6c9

Happy Birthday MS08-067

October 06, 2011 Added by:f8lerror

As a Penetration Tester, this vulnerability is sought out because it is highly reliable and very low risk. As an attacker, the simple fact is the attack still works. The vulnerability was widely used in conjunction with the conficker worm, which affected more than seven million systems...

Comments  (3)

959779642e6e758563e80b5d83150a9f

Why Less Log Data is Better

October 05, 2011 Added by:Danny Lieberman

One of the crucial phases in estimating operational risk is data collection: understanding what threats, vulnerabilities you have and understanding not only what assets you have (digital, human, physical, reputational) but also how much they’re worth in dollars...

Comments  (1)

065b7cfbbb03ac9d18cbf5ed0615b40a

Optimization: What's a Steiner Tree?

October 05, 2011 Added by:Stefan Fouant

Steiner Tree optimizations are very useful where an ingress PE must send large amounts of data to multiple PEs and it is preferable to ensure that overall bandwidth utilization is reduced, perhaps because of usage-based billing scenarios which require that overall circuit utilization be reduced...

Comments  (0)

44fa7dab2a22dc03b6a1de4a35b7834a

Keys To Successful Cloud Application Deployment

October 05, 2011 Added by:Bill Gerneglia

It is imperative to select and deploy a proven set of cloud core services. These include storage management controls, hypervisors, security policies and security software including firewalls, disaster recovery and governance, and database administration and replication services...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

RSA CEO: There is Too Much Security Awareness

October 05, 2011 Added by:Headlines

"Not a day goes by that I do not see some indication of a cyberattack in the press... The problem is that when consumers see time and time again nothing happens to correct it, they throw up their hands. There's no amount of consumer education to make them smart enough to resist attacks..."

Comments  (0)

B64e021126c832bb29ec9fa988155eaf

Mobile Malware and How to Defend Against It

October 05, 2011 Added by:Dan Dieterle

A lot was covered, including how hackers are creating apps that pass verification and are published in the app store, but when installed, pull down malicious updates. Bluetooth vulnerabilities and a “Truly Evil Hack” were also discussed...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Congressman Confronts China over Cyber Espionage

October 05, 2011 Added by:Headlines

“Beijing is waging a massive trade war on us all, and we should band together to pressure them to stop. Combined, the United States and our allies in Europe and Asia have significant diplomatic and economic leverage over China, and we should use this to our advantage..."

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

Anonymous, Conspiracies, and Blowback

October 05, 2011 Added by:Infosec Island Admin

A video posted on YouTube has some ominous overtones, with heavy imagery to incite people to do more than just protest. What is most worrisome is that there may be individuals out there who will heed the call and go for an all out “run” against Wall Street bankers...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

TakeDownCon Las Vegas: Mobile and Wireless Security

October 05, 2011 Added by:Infosec Island Admin

Due to the rapid escalation of threats affecting wireless operations, TakeDownCon Las Vegas now brings you a highly technical platform which addresses highly technical knowledge which focuses on securing your channels, your data, and ultimately and most importantly – your very own privacy...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Dynamic Application Security Testing (DAST)

October 05, 2011 Added by:Rafal Los

Dynamic Application Security Testing (DAST) is one of the long-standing staples of Software Security Assurance, and has been the anchor by which many organization have boot-strapped their efforts to write better code. Whether this is the correct approach or not is not the question...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Email Authentication Rates Rise in 2011

October 05, 2011 Added by:Headlines

“The increased incidents of spear phishing targeting consumers, business and government users have accelerated the business value of email authentication. Organizations who fail to adopt are putting their employees, data and consumers at an unacceptable level of risk..."

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

The Twenty Controls That Aren't

October 04, 2011 Added by:Infosec Island Admin

"Controls" advocate practices that simply cannot be met by the average small firm. DLP for everybody? A well-trained security staff that is expert in secure network engineering? If nothing else, this list should encourage small firms to simply outsource everything, even if it costs more...

Comments  (0)