Latest Posts

Af9c34417f8e5e0d240850bb353b5d40

Proposal for an All-or-Nothing Secure Software Standard

May 10, 2011 Added by:Keith Mendoza

Secure software standards should be all-or-nothing. Either the software--and all of its dependencies--are compliant, or the software is not compliant. Not owning the library, or database, will not be an excuse to not meeting the standards...

Comments  (4)

7fef78c47060974e0b8392e305f0daf0

Anonymous: Not So Headless or Immune to Insider Threats

May 10, 2011 Added by:Infosec Island Admin

This is a grand social experiment that is being played out on the Internet for all to see. No matter how many times the groups may claim that they are leaderless and merely a collective, Anonymous will by their very human and social natures gravitate toward a leadership modality...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Security Experts Launch Cybersecurity Index Resource

May 10, 2011 Added by:Headlines

The Index of Cyber Security is a measure of the risk to the corporate, industrial, and governmental information infrastructure. It is sentiment-based in recognition of the rapid change in cybersecurity threats and the state of cybersecurity metrics as a practical art...

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

PCI QSA Re-Certification – 2011 Edition

May 10, 2011 Added by:PCI Guru

Regardless of whether or not software is PA-DSS certified, the bottom line is that a QSA is going to be required to assess the application for compliance with the PCI DSS and will have more work effort if the software is not PA-DSS certified...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Top Ten Cyber Crime Skills in High Demand

May 10, 2011 Added by:Headlines

"The cyber underground now consist of subject matter experts that can focus all their time and energy on improving their techniques, their goods and services," said Steven Chabinsky, deputy assistant director in the FBI's cyber division...

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

On the Sony PSN Breach and Commenting

May 10, 2011 Added by:Anton Chuvakin

Most likely, Sony was validated as PCI DSS compliant at some point. Was there a QSA involved? I don’t know, but I’d guess they are comprised of multiple Level 2 (and below) merchants, not one Sony-wide Level 1. Thus they self-assessed via SAQ...

Comments  (0)

E313765e3bec84b2852c1c758f7244b6

How To Harden Your Passwords and Protect Your Base

May 09, 2011 Added by:Brent Huston

Preliminary scanning of some of the largest Internet Service Providers (ISPs) in North America, Europe, and Asia and uncovered thousands of embedded devices susceptible to attack, thanks to default credentials and remote administration panels being available to the Internet...

Comments  (0)

10e258c8d23d441b915c1b2333b6996a

HIPAA HITECH and Your Business Associates

May 09, 2011 Added by:Jack Anderson

As part of the webinar series "HIPAA HITECH Compliance for Smarties" we will be presenting a step by step process employing cloud computing to help covered entities set up a program to manage the HIPAA HITECH compliance of their business associates cost effectively and efficiently...

Comments  (0)

44fa7dab2a22dc03b6a1de4a35b7834a

Why My Head Is In the Cloud

May 09, 2011 Added by:Bill Gerneglia

Think about the business terminology that preceded the notion of cloud computing and networking - token ring networks, Ethernet, distributed applications, Arpanet, SaaS - SOA, virtualization, horizontal scaling and the internet itself. The cloud is not a revolution, but an evolution...

Comments  (1)

69dafe8b58066478aea48f3d0f384820

AnonOps Network Pwned - Warned of Insider Threat

May 09, 2011 Added by:Headlines

It looks as if AnonOps has been pwned. Reports had surfaced that the hactktivist network AnonOps, which provides communication services used by the rogue movement Anonymous, is apparently battling threats to the integrity of their systems from a disgruntled insider...

Comments  (0)

49afa3a1bba5280af6c4bf2fb5ea7669

Hyperdigitization: A Shift Towards the Virtual

May 09, 2011 Added by:Mike Meikle

Since intellectual property is data, risk managers will have to develop and monitor Key Performance and Key Risk Indicators to ensure their firm does not sacrifice their long-term competitive advantage for short-term cost savings. This is a penny-wise, pound-foolish strategy...

Comments  (0)

47d6748b0a28ace8263ed75fec1afe4c

Information Security Policies and Procedures Part 4

May 09, 2011 Added by:Alex Hamerstone

The formatting and structure of documentation is not the most enthralling topic. It is however one of the most important elements of effective documentation. Delivering information in a clear and consistent way is essential to ensure documents are easy to use and effective...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Mozilla Defies DHS Internet Censorship Request

May 09, 2011 Added by:Headlines

Mozilla, the non-profit company behind the Firefox Web browser, has initially refused a Department of Homeland Security request to remove a third-party tool that allows users to circumvent government URL blocking efforts...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

Secure Your Chance to Win a Copy of 'The Source Code'

May 08, 2011 Added by:Infosec Island Admin

In an age when people are becoming more reliant on computers for both work and personal use, exposure to cyber-hackers and the risk associated with identify theft is escalating at an alarming rate. William A. Thau’s novel seems to be an eerie foreshadowing of recent events...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Supporting "Unmaintainable" Applications

May 08, 2011 Added by:Rafal Los

A solid Software Security Assurance program takes into consideration the legacy risks from all the applications that have existed before a security program came into being. The issues that surround legacy applications are complex, and can create headaches for security teams...

Comments  (0)

4ed54e31491e9fa2405e4714670ae31f

Smart Phone Privacy and Anonymizing the Nokia N900

May 08, 2011 Added by:Kyle Young

A lot of people are now using and relying on smart phones. Part of what makes these devices so ’smart’, is their ability to gather information on the user and use this information.The problem with this is that a lot of private information is being gathered...

Comments  (2)

7bfe168f64fb31f08811347a43204d8e

Skype IM (MAC OS X) - Is This The Zero-Day ?

May 08, 2011 Added by:Rohit Bansal

Skype fails to instantiate between the payloads that are sent as hyperlinks in the chat window. The attacker only requires a definitive payload to exploit this issue. Basically, we call it as a Skype Remote Scripting Injection...

Comments  (0)

59d9b46aa00c70238bb89056cfeb96c0

Compliance: Know Who You Are Doing Business With

May 06, 2011 Added by:Thomas Fox

Both risk and compliance are converging. Your company should review its compliance program in these three areas to determine if any of its business relationships are on the lists set out in this article. Not only does it make business sense, but it may keep you out of regulatory scrutiny..

Comments  (0)

F520f65cba281c31e29c857faa651872

Chinese Hackers Are Hungry for Information

May 06, 2011 Added by:Rahul Neel Mani

Stuart McClure, Senior Vice President at McAfee co-authored his best-selling book Hacking Exposed: Network Security Secrets & Solutions 12 years ago. In an interview with Varun Aggarwal, he talks about how things have changed since then as he launched the new edition of his book...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Hackers Planning Third Attack on Sony Networks

May 06, 2011 Added by:Headlines

A third attack is planned against Sony's Web site. The people involved plan to publicize all or some of the information, which could include customer names, credit card numbers, and addresses, according to the source. The hackers claim they currently have access to some of Sony's servers...

Comments  (0)