Latest Posts


Dropbox Confirms Password Security Glitch

June 21, 2011 Added by:Headlines

"This should never have happened. We are scrutinizing our controls and we will be implementing additional safeguards to prevent this from happening again. We are sorry for this and regardless of how many people were ultimately affected, any exposure at all is unacceptable to us..."

Comments  (1)


Broken Trust Part 1: Reflections on RSA's SecurID

June 20, 2011 Added by:Enno Rey

If you have been wondering “why do my guts tell me we shouldn’t trust these guys anymore?” this post might serve as a contribution to answering this question in a structured way. Furthermore, the intent was to provide some introduction to the wonderful world of trust, control and confidence...

Comments  (0)


Calculating the Return on Security Investment (ROSI)

June 20, 2011 Added by:Dejan Kosutic

Traditionally, "making sense" for management means that the revenues that will result from the investment will be larger than the total cost of investment. So what's the problem? The problem is, even if you can calculate the total cost, there are no revenues to be made from security...

Comments  (0)


You Can't Fight Google, So Embrace Google

June 20, 2011 Added by:Allan Pratt, MBA

When creating a Google Profile, you may be as comprehensive or as minimal as you wish. But, without a doubt, include your name, photo, gender, professional overview, and some links. Take control of your Google Profile – it actually feels empowering in this era of too little online control...

Comments  (0)


How to Pen Test Crazy

June 20, 2011 Added by:Pete Herzog

So who verifies security operations? Not the penetration tester. Not the ethical hacker. Not anymore. Sadly, unfortunately they've been marginalized to running scanners and eliminating false positives and negatives. They have been marginalized into near extinction...

Comments  (2)


LulzSec, Jester, and Counter-Intelligence on the Internet

June 20, 2011 Added by:Infosec Island Admin

In the case of LulzSec and Anonymous, they are using many types of systems to protect their anonymity. With the right tools and obfuscation techniques, they feel impervious to attacks, be it from law enforcement or the likes of The Jester. Tactically, they have the advantage in many ways...

Comments  (1)


InfraGard: Cyberwar Declaration on the Horizon

June 20, 2011 Added by:Headlines

"What does our government or other governments think is an effective deterrent or response to an all out cyber attack? Since we have no good definitions or protocols, I do think that the attack on Lockheed Martin is a sign of the future..."

Comments  (0)


Webcast: The State of SSL on the Internet

June 20, 2011 Added by:Sasha Nunke

The SSL (TLS) protocol is the security backbone of the Internet, but surprisingly little is known about how it is deployed. This session will present the results of the first publicly available survey aimed at assessing the state of SSL. It will also provide documentation and free tools...

Comments  (0)


LulzSec Vows to Continue "Until We're Brought to Justice"

June 20, 2011 Added by:Headlines

"We've been entertaining you 1000 times with 140 characters or less, and we'll continue creating things that are exciting and new until we're brought to justice, which we might well be. But you know, we just don't give a living frak at this point..."

Comments  (0)


Why Hackers are Having a Field Day

June 20, 2011 Added by:Gurudatt Shenoy

The past few months have seen a shock and awe campaign being launched by a series of hacker organizations such as Anonymous hackers and LulzSec. The most serious of recent events is the breach of RSA's SecureID. Whew. If the guardians of security cannot protect their own, who else can?

Comments  (2)


Sega Breach Exposes 1.3 Million Accounts

June 20, 2011 Added by:Headlines

In an odd turn of events, the most likely suspect in the attack against Sega, the hacker collective LulzSec, apparently was not involved in this latest event and has offered to help Sega track down the culprits...

Comments  (0)


Lack of Attribution Undermines Clarke's China Warning

June 19, 2011 Added by:J. Oquendo

Richard Clarke should take from the lessons learned via Iraq: Not everything is what it seems. When it comes to a cyber intrusion, all anyone can ever claim is that a computer from "some country" was the source of the attack. The reality is, the attacker could be anyone in the world....

Comments  (0)


Components of Effective Vulnerability Management

June 19, 2011 Added by:Gary McCully

Vulnerability management is a continual process that monitors the effectiveness and the efficiency of your organization’s ability to mitigate vulnerabilities. Without a Vulnerability Management Program, you and your security program could be blindly walking off the edge of a cliff...

Comments  (0)


Attackers Love Your Organization's HR Department

June 19, 2011 Added by:Boris Sverdlik

Companies use every available resource in their recruiting. They hire third party recruiters, post job listings on LinkedIn, Dice, Monster and numerous other places. While this will bring in a plethora of qualified candidates, it also provides attackers a wealth of information...

Comments  (9)


Algorithmic SIEM “Correlation” Is Back?

June 18, 2011 Added by:Anton Chuvakin

One of the ways out of ill-fitting default rules is in use of event scoring algorithms and other ruleless methods. While not without known limitations, can be extremely useful in environments where correlation rule tuning is not likely to happen, no matter how many times we say it should...

Comments  (0)


Cynical Security Cliches

June 17, 2011 Added by:Javvad Malik

Auditors are always trying to pin something on security departments. They’ll doggedly pursue every lead, using their statement of work as an all-access pass to the security procedures. Worse, the cynic can even find himself becoming a chief suspect in his own investigation...

Comments  (1)


A Values-Based Approach to Your Compliance Program

June 17, 2011 Added by:Thomas Fox

Moving from a rules-based compliance training to an ethics-based approach, there are three general areas where a company can change its approach in a manner to encourage employees to behave ethically, they are The Code; Ethics Training; and You Make the Call...

Comments  (0)


Get Digitally Secure Before it’s Mandatory

June 17, 2011 Added by:Robert Siciliano

It is possible to secure systems against most cybercrime but that level of security often proves too inconvenient for consumers. As long as banks continue absorbing losses from fraud, consumers remain blissfully ignorant of the consequences of inadequate security...

Comments  (0)


Richard Clarke: China's Cyberassault on America

June 17, 2011 Added by:Headlines

"What would we do if we discovered that Chinese explosives had been laid throughout our national electrical system? The public would demand a response. If, however, the explosive is a digital bomb that could do even more damage, our response is apparently muted—especially from our government..."

Comments  (0)


SMBs Face Growing threat from Mass Meshing Attacks

June 17, 2011 Added by:Headlines

"Because they can do it at such a precise level, when they attack they don't just inject a single malicious script like in mass SQL injections. They inject a backdoor, which allows them total control of all the files on the website..."

Comments  (0)