Latest Posts

15058930cc374dcfa98c0342a08be0b2

Security Trends: Which to Avoid and Which to Embrace

September 30, 2011 Added by:Ken Stasiak

With Enterprise Risk Management (ERM) comes a comprehensive risk assessment equation and process. Defining one process that can be used and incorporated into the entire organization will allow for conformity, efficiency, and effective alignment between departments...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Financial Analyst Fined And Jailed for Data Breach

September 30, 2011 Added by:Headlines

Rebollo was arrested in 2008 after an investigation revealed that he had downloaded, possessed, and sold consumer information contained in Countrywide databases. Rebollo distributed financial information and contact information pertaining to approximately 2.5 million individuals...

Comments  (0)

09c2ababe8c6cf526240b751ff11acaa

Why Data Centers Need SSAE 16

September 29, 2011 Added by:Chris Schellman, CPA, CISSP, PCI QSA

SSAE 16 is one of the most widely known tools for providing assurances to data center customers. Yet, a myth that the SSAE 16 standard is not applicable to the industry persists. Data center providers have no choice but to arm themselves with the following facts about SSAE 16 applicability...

Comments  (4)

E9e4b2893895604b1b913b7b02e6640b

Smarter Security Steps Part 3: Safe and Secure Technology

September 29, 2011 Added by:Brian McGinley

We have moved from being a computer-assisted society to one that is computer-dependent. Control is critical to maintaining a secure operation. That requires assistance from technical experts. But good control begins with a company’s employees, an area you can’t afford to ignore...

Comments  (0)

59d9b46aa00c70238bb89056cfeb96c0

How do You Evaluate a Risk Assessment?

September 29, 2011 Added by:Thomas Fox

The key to the Timken approach is the action steps prescribed by their analysis. This is another way of saying that the risk assessment informs the compliance program, not vice versa. This is the method set forth by the US Department of Justice in its Compliance Program best practices...

Comments  (0)

71d85bb5d111973cb65dfee3d2a7e6c9

Should You Fear the BEAST?

September 29, 2011 Added by:f8lerror

BEAST is a Man-In-The-Middle (MitM) attack that injects plain text into the encrypted stream sent by the victim's browser via JavaScript during a MitM attack. Using injected plain text and the encrypted results, BEAST can eventually decrypt the entire HTTPS request and cookies...

Comments  (0)

34f0cf280cbc950bcb75cabd189b7a8d

Securing Flash Drives within the Enterprise

September 29, 2011 Added by:Kanguru Solutions

Flash drives have revolutionized the business world with their convenience and portability. However, for infosec professionals, flash drives are a dual edged sword. If lost or stolen, a single unencrypted flash drive has the potential to cause a costly data breach...

Comments  (1)

69dafe8b58066478aea48f3d0f384820

Small Business Slow to Adopt Data Backup Systems

September 29, 2011 Added by:Headlines

"Business owners will need to understand what the cloud is and what it can do for their businesses in the areas of cost control, data security, data protection, accessibility, efficiency and productivity to facilitate a smooth running technological platform for their business..."

Comments  (0)

99edc1997453f90eb5ac1430fd9a7c61

Insider Threats: Ghostwriter Gone Rogue

September 29, 2011 Added by:Javvad Malik

Consider what assets the employee has had access to during their time. Do you need to get a laptop back from them? A mobile phone perhaps, revoke their access maybe? What you don’t want is someone who is no longer employed by you to still have access to your systems or information...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Cybersecurity Awareness Month: Why Browsers Matter

September 29, 2011 Added by:Headlines

“Modern browsers provide significant value... especially in the areas of security and privacy. They help protect users from phishing sites and malicious downloads while supporting industry standards... We recommend that users update their browser to the latest version available....”

Comments  (0)

6d117b57d55f63febe392e40a478011f

Rafal Los Tapped as HP's Cloud Security Strategist

September 29, 2011

Hewlett-Packard's Software division has tapped Infosec Island contributor Rafal Los for the position of Enterprise and Cloud Security Strategist. Los combines over a decade of deep technical expertise in information security and risk management with a critical business perspective...

Comments  (2)

7fef78c47060974e0b8392e305f0daf0

Infosec Island Request for Interviews: Hacker Halted

September 29, 2011 Added by:Infosec Island Admin

Open Call: Infosec Island will be conducting a series of video interviews with companies and vendors at the Hacker Halted conference in Miami, FL in late October. The interviews offer the opportunity for companies to highlight their knowledge of emerging trends in the information security field...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

Anonymous: OSINT and Leaking of Corporate Corruption

September 28, 2011 Added by:Infosec Island Admin

Anonymous came up with a new splinter organization that claims to be looking into corporate wrongdoing. This group is called Anonymous Analytics and claims that they are using open source information as well as soliciting leaks/whistleblowers to reveal corporate malfeasance...

Comments  (0)

7e364bbac217114a59e547b354e7f7ad

DerbyCon Talks You Don’t Want to Miss

September 28, 2011 Added by:Gary McCully

When people think of PenTesting, they immediately think of Buffer Overflows, Weak Passwords, and SQL Injection. What people fail to realize is that in many cases it is easier to use “features” of applications already installed to get a foothold into a corporation’s network...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Microsoft Hits Domain Provider in Kelihos Botnet Battle

September 28, 2011 Added by:Headlines

"We wanted to take it out early enough so that number one, it wouldn't grow and propagate... but also to make the point that when a threat is down, it's going to stay down. I think we made that point pretty effectively in this particular operation..."

Comments  (0)

3e35900ae6facc6c146a85c435c71d82

Digital Evidence and Computer Crime

September 28, 2011 Added by:Ben Rothke

When it comes to digital crime, the evidence is often at the byte level, deep in the magnetics of digital media, invisible to the human eye. That is just one of the challenges of digital forensics, where it is easy to destroy crucial evidence and often difficult to preserve it correctly...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Congressmen Call for FTC Investigation on Supercookies

September 28, 2011 Added by:Headlines

“I am very disturbed by news that supercookies are being used to collect vast amounts of information about consumers’ online activities without their knowledge. Companies should not be behaving like supercookie monsters, gobbling up personal, sensitive information without users’ knowledge..."

Comments  (1)

0a8cae998f9c51e3b3c0ccbaddf521aa

Security: Tip Toeing Through the Clouds

September 28, 2011 Added by:Rafal Los

As elastic cloud computing becomes more popular, more critical applications and data will be living in those multi-tenant environments. While this is a fantastic development, security professionals can't let bad software development practices ruin the next biggest leap in business technology...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Microsoft Workaround for the SSL/TLS Vulnerability

September 28, 2011 Added by:Headlines

"If the user closes all existing HTTP tabs and untrusted HTTPS tabs, then browses to the trusted HTTPS site... and logs out of that HTTPS session before browsing any other HTTP sites or untrusted HTTPS sites, the user will NOT be at risk for this attack..."

Comments  (0)

B64e021126c832bb29ec9fa988155eaf

Backtrack Metasploit Megaprimer

September 28, 2011 Added by:Dan Dieterle

The Metasploit Framework in the Backtrack series is an amazing platform for penetration and security testing. The capabilities are stunning. The problem is the learning curve is kind of steep, especially for new users. For training, look no further than the “Metasploit Megaprimer"...

Comments  (2)