Latest Posts

B451da363bb08b9a81ceadbadb5133ef

Avoiding The Next Big Data Breach

June 21, 2011 Added by:Alexander Rothacker

It’s incumbent on the individuals that are responsible for the security of the data to ride this wave of activity, raise awareness, and move their security projects forward. There is no reason these large breaches should be occurring, not when the solutions already exist...

Comments  (0)

E973b16363b3de77b360563237df7e32

The Permanent Security Issue of Top Management

June 21, 2011 Added by:Bozidar Spirovski

No top manager wants to be bothered with the problems and challenges that security and IT guys are facing. Usually that means that the security request aspects of the solution have not been researched or even familiarized. All this results in a half-baked workaround solution...

Comments  (0)

959779642e6e758563e80b5d83150a9f

Data Breaches or Breaches in Ethics?

June 21, 2011 Added by:Danny Lieberman

The ethical behavior for protecting company assets starts with company executives who show from personal example that IT infrastructure is to be used to further the company’s business and improving customer service and not for personal entertainment, gain or gratification...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Chertoff Warns of Threat from Small Hacker Collectives

June 21, 2011 Added by:Headlines

“We can have networks that can cause... existential damage without a nation-state involved. With the confluence of globalization and technology, these groups now have the ability to cause the kind of damage that used to involve national effort. We got a taste of this on 9/11..."

Comments  (1)

0a8cae998f9c51e3b3c0ccbaddf521aa

Looking Beyond "Black Box Testing"

June 21, 2011 Added by:Rafal Los

When you're blindly hacking away at something you don't understand, you can't reasonably expect great results, can you? Yet people do, and vendors have tried to compensate for some of those incredibly ambitious expectations by building better parsers and black box testing tools...

Comments  (1)

69dafe8b58066478aea48f3d0f384820

LulzSec: UK Census Data Breached, Member Arrested

June 21, 2011 Added by:Headlines

A message posted on Pastebin last Friday purported to be from the hacker collective Lulzsec vowed that the group would continue the network intrusions "until we're brought to justice". For 19-year-old U.K. resident Ryan Cleary, that day may have come much sooner than anticipated...

Comments  (0)

4ff49873e3fed9a24adf0d37ae00b780

Will Government Work Help You Gain Security Skills?

June 21, 2011 Added by:Lee Munson

So where is a good place where you can not only gain experience with the latest machines but also have to protect important data from attackers around the world? Working for the government...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Dropbox Confirms Password Security Glitch

June 21, 2011 Added by:Headlines

"This should never have happened. We are scrutinizing our controls and we will be implementing additional safeguards to prevent this from happening again. We are sorry for this and regardless of how many people were ultimately affected, any exposure at all is unacceptable to us..."

Comments  (1)

0f57a863af3b7e5bf59a94319a408ff7

Broken Trust Part 1: Reflections on RSA's SecurID

June 20, 2011 Added by:Enno Rey

If you have been wondering “why do my guts tell me we shouldn’t trust these guys anymore?” this post might serve as a contribution to answering this question in a structured way. Furthermore, the intent was to provide some introduction to the wonderful world of trust, control and confidence...

Comments  (0)

9259e8d30306ac2ef4c5dd1936e67634

Calculating the Return on Security Investment (ROSI)

June 20, 2011 Added by:Dejan Kosutic

Traditionally, "making sense" for management means that the revenues that will result from the investment will be larger than the total cost of investment. So what's the problem? The problem is, even if you can calculate the total cost, there are no revenues to be made from security...

Comments  (0)

5e402abc3fedaf8927900f014ccc031f

You Can't Fight Google, So Embrace Google

June 20, 2011 Added by:Allan Pratt, MBA

When creating a Google Profile, you may be as comprehensive or as minimal as you wish. But, without a doubt, include your name, photo, gender, professional overview, and some links. Take control of your Google Profile – it actually feels empowering in this era of too little online control...

Comments  (0)

1789975b05c7c71e14278df690cabf26

How to Pen Test Crazy

June 20, 2011 Added by:Pete Herzog

So who verifies security operations? Not the penetration tester. Not the ethical hacker. Not anymore. Sadly, unfortunately they've been marginalized to running scanners and eliminating false positives and negatives. They have been marginalized into near extinction...

Comments  (2)

7fef78c47060974e0b8392e305f0daf0

LulzSec, Jester, and Counter-Intelligence on the Internet

June 20, 2011 Added by:Infosec Island Admin

In the case of LulzSec and Anonymous, they are using many types of systems to protect their anonymity. With the right tools and obfuscation techniques, they feel impervious to attacks, be it from law enforcement or the likes of The Jester. Tactically, they have the advantage in many ways...

Comments  (1)

69dafe8b58066478aea48f3d0f384820

InfraGard: Cyberwar Declaration on the Horizon

June 20, 2011 Added by:Headlines

"What does our government or other governments think is an effective deterrent or response to an all out cyber attack? Since we have no good definitions or protocols, I do think that the attack on Lockheed Martin is a sign of the future..."

Comments  (0)

6429389c5e8a4c9555be876f8484331a

Webcast: The State of SSL on the Internet

June 20, 2011 Added by:Sasha Nunke

The SSL (TLS) protocol is the security backbone of the Internet, but surprisingly little is known about how it is deployed. This session will present the results of the first publicly available survey aimed at assessing the state of SSL. It will also provide documentation and free tools...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

LulzSec Vows to Continue "Until We're Brought to Justice"

June 20, 2011 Added by:Headlines

"We've been entertaining you 1000 times with 140 characters or less, and we'll continue creating things that are exciting and new until we're brought to justice, which we might well be. But you know, we just don't give a living frak at this point..."

Comments  (0)

29fb4966bdfcfff5545ae464c771071b

Why Hackers are Having a Field Day

June 20, 2011 Added by:Gurudatt Shenoy

The past few months have seen a shock and awe campaign being launched by a series of hacker organizations such as Anonymous hackers and LulzSec. The most serious of recent events is the breach of RSA's SecureID. Whew. If the guardians of security cannot protect their own, who else can?

Comments  (2)

69dafe8b58066478aea48f3d0f384820

Sega Breach Exposes 1.3 Million Accounts

June 20, 2011 Added by:Headlines

In an odd turn of events, the most likely suspect in the attack against Sega, the hacker collective LulzSec, apparently was not involved in this latest event and has offered to help Sega track down the culprits...

Comments  (0)

850c7a8a30fa40cf01a9db756b49155a

Lack of Attribution Undermines Clarke's China Warning

June 19, 2011 Added by:J. Oquendo

Richard Clarke should take from the lessons learned via Iraq: Not everything is what it seems. When it comes to a cyber intrusion, all anyone can ever claim is that a computer from "some country" was the source of the attack. The reality is, the attacker could be anyone in the world....

Comments  (0)

7e364bbac217114a59e547b354e7f7ad

Components of Effective Vulnerability Management

June 19, 2011 Added by:Gary McCully

Vulnerability management is a continual process that monitors the effectiveness and the efficiency of your organization’s ability to mitigate vulnerabilities. Without a Vulnerability Management Program, you and your security program could be blindly walking off the edge of a cliff...

Comments  (0)