Latest Posts


Be An Information Security Green Beret

November 01, 2011 Added by:Chris Clymer

In Infosec, we have a lot of Rambos. We’re used to being looked to for answers, and we’re also used to being in the minority. There will always be more users, more IT staf, more “natives” who do not speak our language and who do not have a strong understanding of information security...

Comments  (0)


Symantec: Critical Infrastructure Protection Declines

November 01, 2011 Added by:Headlines

“The findings of this survey are somewhat alarming, given recent attacks like Nitro and Duqu that have targeted critical infrastructure providers,” said Dean Turner, director, Global Intelligence Network for Symantec...

Comments  (0)


Hacker Halted: McAfee's George Kurtz Discusses the War on Security

October 31, 2011

"The current cybersecurity model is disconnected and unable to keep pace with the seismic explosion in malware. Providing protection to a heterogeneous world of connected devices requires a new approach to security. McAfee CTO George Kurtz will explain the required paradigm shift..."

Comments  (1)


Remote Management as a Complement to Endpoint Security

October 31, 2011 Added by:Kanguru Solutions

Both Endpoint Security and the Remote Management of connectable devices are powerful applications all by themselves, individually, but if you strategically combine them, so much more is possible. It's another great way to keep your living, breathing, beast of a network secure...

Comments  (0)


To iTrust or Not?

October 31, 2011 Added by:Enno Rey

Recently Apple launched its new offering iCloud. At this point, most infosec people start to worry a little bit: The common cloud concept of centralized data storage on premise of a third party does not cope well with the usual control focused approach of most technical infosec guys...

Comments  (0)


Analysis: Duqu Trojan is Not on Par with Stuxnet

October 31, 2011 Added by:Headlines

"Both Duqu and Stuxnet are highly complex programs with multiple components. All of the similarities from a software point of view are in the "injection" component implemented by the kernel driver. The ultimate payloads of Duqu and Stuxnet are significantly different and unrelated..."

Comments  (0)


SEC Issues Guidance on Security Incident Disclosure

October 31, 2011 Added by:David Navetta

What the guidance document does stress, however, is process and risk assessment. One read of this guidance is that companies internally are going to have to more carefully forecast and estimate the impact of cyber incidents and the consequences of failing to implement adequate security...

Comments  (0)


Researcher Ups Ante on Hacking Medical Devices

October 31, 2011 Added by:Headlines

"You're not meant to be able to grab serial numbers out of the air. This tool I developed should be able to scan the frequency for these pumps, retrieve the pump ID, and with that pump I can then dispense insulin, suspend the pump, resume it and that type of thing..."

Comments  (0)


Latest Data Breach Costs Could Exceed $5 Billion

October 31, 2011 Added by:Brian Dean

It is recommended that organizations receiving PII become intimately familiar with all of the applicable security requirements for their industry in order to understand minimum protection requirements, industry best practices, as well as the consequences of noncompliance...

Comments  (0)


Hacktivist "The Jester" Draws Crowd at Hacker Halted

October 31, 2011 Added by:Headlines

The Jester had alluded to the fact that he may have actually been physically present at the conference by apparently hiding an encrypted message in one of the conference rooms, tweeting "left a little something under the projector in Alhambra SCADA room. Tweet me a photo of what's there"...

Comments  (0)


Hacker Halted: Jeff Bardin on the Cyber Intelligence Cycle

October 30, 2011

"Criminals and nation-states have adopted traditional physical intelligence techniques for the cyber world. Jeff Bardin examines various CYBINT and OSINT methods, information mining of social networking sites and the tools in use for gathering information on targets of opportunity...

Comments  (0)


Moralizing, Anonymous, and Digital Vigilantism

October 30, 2011 Added by:Infosec Island Admin

It would seem that Anonymous, Antisec, and LulzSec have already decided to take up the mantle of vigilante’s already. However, the targets have been, for the most part, varied parties that could be seen as hapless victims or as malefactors, it all depends on the point of view really...

Comments  (1)


Healthcare Data Breach Response Best Practices

October 30, 2011 Added by:Christine Arevalo

Taking a PHI inventory, establishing an Incident Response Plan, meeting patients' real needs, and looking for the positive aspects of a data breach can all reflect your culture of commitment and caring. And that's the best practice of all...

Comments  (0)


Building a Backdoor

October 29, 2011 Added by:Joel Harding

A friend in another country wrote and asked me if the reason the United States suspected foreign equipment of containing a means of gaining surreptitious access to telecommunication, information or networked systems, commonly called a backdoor, was because the US routinely does it...

Comments  (0)


Effective Software Security Starts and Ends with Requirements

October 28, 2011 Added by:Rafal Los

Threat modeling software is a delicate art, and often mis-understood enough to cause poor execution. It seems elementary that the best time to impact security in a positive way is during requirements gathering, yet many security professionals continue to ignore that opportunity...

Comments  (0)


Hacker Halted Miami: EC Council's Jay Bavisi

October 27, 2011

Jay Bavisi is the Co-Founder and President of EC-Council, a global Leader in Information Security Education, Training, and Certification. With 27 Infosec facing certifications, ECC's interest is in supporting the global need for Security Certified Professionals in the realm of Ethical Hacking...

Comments  (0)


How to Plan Security and Meet Your Compliance

October 27, 2011 Added by:Gabriel Bassett

If you feel a bit lost with what tools you have in your (defenses, sensors, response) toolbox, you're in luck! The good news is the toolbox is already sitting on your hard drive. The bad news is, it's your compliance controls...

Comments  (0)


Welcome to the PCI Prioritization Approach

October 27, 2011 Added by:David Sopata

Organizations often start implementing security controls on all of their systems throughout the company without really knowing what systems should be in scope or which systems should not be in scope for PCI. Hence, the PCI DSS Prioritization Document and Tool was developed...

Comments  (0)


The Other Top Issues Facing Computer Security

October 27, 2011 Added by:Dan Dieterle

There is a disconnect between management and IT. Sometimes management doesn’t fully understand what the IT department is doing. Veteran computer personal are being removed from companies – “due to cutbacks”, only to be replaced shortly thereafter by inexperienced or even temporary workers...

Comments  (0)


The Evolution of Online Fraud Prevention

October 27, 2011 Added by:Robert Siciliano

When merchants moved from catalogs to websites, IP addresses were used to track transactions. But bad guys figured out how to spoof them. Now we have a number of new technologies designed to fight credit card fraud. The most effective and widely implemented is device reputation...

Comments  (0)