Latest Posts


Flying Blind in Critical Infrastructure

June 07, 2011 Added by:Chris Blask

Once you get your head around the idea that you cannot trust your cyber devices you find it fits with existing industrial ideology quite well. The answer is to do your best to build a reliable cyber system - just as you do with the physical assets - then monitor it like a convicted criminal...

Comments  (2)


X.509 Certificates vs. Webs Of Trust (e.g., PGP, SSH)

June 07, 2011 Added by:Jonathan Lampe

My belief is that WOT is fading, not just because PGP Corp was acquired, but also because PGP Corp itself was making or had made several technology decisions to integrate X.509 into PGP encryption and signing processes and even to act as an X.509 certificate authority...

Comments  (2)


Find Out Who Has Accessed Your Health Records

June 07, 2011 Added by:David Navetta

Access reports would include the date and time of access, and the name of the individual or entity accessing an individual’s health information. Additionally, an access report would include a description of the information that was accessed and of the action taken by the user...

Comments  (0)


UPDATED: LIGATT's LulzSec Investigation PR Was Fake

June 07, 2011 Added by:Headlines

UPDATE: LIGATT Security's Gregory Evans returned Infosec Island's phone call regarding an article we ran based on a press release issued at Free Press Release. Evans confirmed that the press release was fake, and was not drafted or submitted my LIGATT security staff as indicated...

Comments  (4)


Five Reasons Why Your Workplace Blocks Facebook

June 07, 2011 Added by:Global Knowledge

Don’t you just love Facebook? Whether it’s adding new members to Mafia Wars, finding new busboys for Café World, or cyberstalking your ex-girlfriend’s new boyfriend, Facebook has endless options to keep you entertained. If only you could logon at work, then your life would be complete...

Comments  (0)


Attribution Problems Hinder U.S. Cyberwar Strategy

June 07, 2011 Added by:Headlines

"The military is setting itself up for failure because attribution is difficult, and it's easy to spoof your identity thereby falsely implicating the wrong group. A military attack could be misplaced... but at the same time not responding will now be seen as a sign of weakness..."

Comments  (0)


China Linked to RSA and Defense Contractor Breaches

June 07, 2011 Added by:Headlines

"If it's any kind of military espionage, military adversaries are going to be high on the list. The question then is who in China--is it government agents or independent contractors selling to the Chinese government?" asked Veracode's Chris Wysopal...

Comments  (3)


China’s Rise from Hacking To Digital Espionage

June 06, 2011 Added by:Infosec Island Admin

China's Dark Visitor movement of the 1990′s has morphed into a government espionage wing. What was once a loosely affiliated group of patriotic hackers has been honed by the Peoples Liberation Army into a force to be reckoned with on the stage of digital espionage and data theft...

Comments  (0)


Cloud Computing and ISO 27001 / BS 25999

June 06, 2011 Added by:Dejan Kosutic

Although the risks related to cloud computing are high, it doesn't mean they cannot be mitigated. Therefore, use your common sense when choosing your cloud computing provider - if you don't trust your provider fully, then don't entrust them with your sensitive information...

Comments  (0)


Evaluating the Cloud-Based Services Option

June 06, 2011 Added by:Mike Meikle

Keep a local copy of your data. If Google Apps one day decides to die because of “data corruption” you do not want to be stuck without access to important documents. The potential for an incident like this is moderately high since Google has already had a similar situation with Gmail...

Comments  (3)


Sony Stock Hammered in Wake of Security Breaches

June 06, 2011 Added by:Anthony M. Freed

The unrelenting security incidents plaguing Sony, compounded by the recent earthquake and Tsunami in Japan, has worked to undermined shareholder confidence in the entertainment giant, and the result is a steady decline in the company's share price...

Comments  (2)


Choosing an Enterprise eBanking Security Solution

June 06, 2011 Added by:Robert Siciliano

Recent technological advances have been vast and rapid. But after 15 years, online banking remains relatively immature, with a sometimes-inadequate security posture. You’re ebank is part of your business strategy, therefore security should be a part of your business strategy too...

Comments  (0)


Anonymous Responds to NATO Threats

June 06, 2011 Added by:Headlines

"Do not make the mistake of challenging Anonymous. Do not make the mistake of believing you can behead a headless snake. If you slice off one head of Hydra, ten more heads will grow in its place. If you cut down one Anon, ten more will join us purely out of anger..."

Comments  (1)


Impending Doom and IT Security's Downward Spiral

June 06, 2011 Added by:Rafal Los

If you've been in Information Security for any meaningful period of time you can surely side with the frustration and disappointment many of the long-time residents of Infosec-ville are feeling as breach after breach piles on in the news. The result of all of this is a downward spiral...

Comments  (1)


LulzSec Hackers Hit FBI Affiliate InfraGard

June 06, 2011 Added by:Headlines

LulzSec, the hacker collective who recently claimed responsibility for attacks against Sony and PBS, hacked networks belonging to the Atlanta chapter of the FBI affiliate InfraGard and defaced the organization's website, as well as exposing the group's email database...

Comments  (1)


Examining the Sources of Security Incidents

June 06, 2011 Added by:Bozidar Spirovski

Security incidents come in all shapes and sizes. They can affect availability, confidentiality or integrity. Shortinfosec organized a Linkedin poll to observe the opinions of the professionals on what are the sources of security incident that they deem most frequent...

Comments  (0)


Patching WordPress Username Disclosure

June 05, 2011 Added by:Ryan Dewhurst

According to OSVDB 55713 this vulnerability was reported to WordPress by Core Security Technologies in June 2009. At the time of writing, the latest version of WordPress is 3.1.3 and is still vulnerable to this vulnerability. Here is how to patch the vulnerability yourself...

Comments  (2)


Understanding Network Forensics Makes Security Smarter

June 05, 2011 Added by:Kelly Colgan

Recovering successfully from a breach is definitely something to shoot for. But nothing makes executives smile, or helps build back customer confidence, more then putting the bad guys behind bars. It makes for good news headlines. Plan for it...

Comments  (0)


Why Your Router is the Weak Point of Your Home Security

June 05, 2011 Added by:Lee Munson

When it comes to the home router while the device is very useful, it is also riddled with many security problems. This is a real weakness in the home network. Most people do not know how the router works, so they also have no idea that they must make security adjustments to the device...

Comments  (2)


GRC is Not a Tool But a Business Enabler

June 04, 2011 Added by:Rahul Neel Mani

GRC is not an out of the box solution, which would immediately make you compliant. It is a tool that will allow you to collect information, report to you, help you to make changes in it, put the feedback into the new policy, see how much variance exists...

Comments  (0)