Latest Posts

A966b1b38ca147f3e9a60890030926c9

Flying Blind in Critical Infrastructure

June 07, 2011 Added by:Chris Blask

Once you get your head around the idea that you cannot trust your cyber devices you find it fits with existing industrial ideology quite well. The answer is to do your best to build a reliable cyber system - just as you do with the physical assets - then monitor it like a convicted criminal...

Comments  (2)

85612d572d689128ab07f369ff934d02

X.509 Certificates vs. Webs Of Trust (e.g., PGP, SSH)

June 07, 2011 Added by:Jonathan Lampe

My belief is that WOT is fading, not just because PGP Corp was acquired, but also because PGP Corp itself was making or had made several technology decisions to integrate X.509 into PGP encryption and signing processes and even to act as an X.509 certificate authority...

Comments  (2)

A7290c5bd7bc2aaa7ea2b6c957ef639b

Find Out Who Has Accessed Your Health Records

June 07, 2011 Added by:David Navetta

Access reports would include the date and time of access, and the name of the individual or entity accessing an individual’s health information. Additionally, an access report would include a description of the information that was accessed and of the action taken by the user...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

UPDATED: LIGATT's LulzSec Investigation PR Was Fake

June 07, 2011 Added by:Headlines

UPDATE: LIGATT Security's Gregory Evans returned Infosec Island's phone call regarding an article we ran based on a press release issued at Free Press Release. Evans confirmed that the press release was fake, and was not drafted or submitted my LIGATT security staff as indicated...

Comments  (4)

0dc5fdbc98f80f9aaf2b43b8bc795ea8

Five Reasons Why Your Workplace Blocks Facebook

June 07, 2011 Added by:Global Knowledge

Don’t you just love Facebook? Whether it’s adding new members to Mafia Wars, finding new busboys for Café World, or cyberstalking your ex-girlfriend’s new boyfriend, Facebook has endless options to keep you entertained. If only you could logon at work, then your life would be complete...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Attribution Problems Hinder U.S. Cyberwar Strategy

June 07, 2011 Added by:Headlines

"The military is setting itself up for failure because attribution is difficult, and it's easy to spoof your identity thereby falsely implicating the wrong group. A military attack could be misplaced... but at the same time not responding will now be seen as a sign of weakness..."

Comments  (0)

69dafe8b58066478aea48f3d0f384820

China Linked to RSA and Defense Contractor Breaches

June 07, 2011 Added by:Headlines

"If it's any kind of military espionage, military adversaries are going to be high on the list. The question then is who in China--is it government agents or independent contractors selling to the Chinese government?" asked Veracode's Chris Wysopal...

Comments  (3)

7fef78c47060974e0b8392e305f0daf0

China’s Rise from Hacking To Digital Espionage

June 06, 2011 Added by:Infosec Island Admin

China's Dark Visitor movement of the 1990′s has morphed into a government espionage wing. What was once a loosely affiliated group of patriotic hackers has been honed by the Peoples Liberation Army into a force to be reckoned with on the stage of digital espionage and data theft...

Comments  (0)

9259e8d30306ac2ef4c5dd1936e67634

Cloud Computing and ISO 27001 / BS 25999

June 06, 2011 Added by:Dejan Kosutic

Although the risks related to cloud computing are high, it doesn't mean they cannot be mitigated. Therefore, use your common sense when choosing your cloud computing provider - if you don't trust your provider fully, then don't entrust them with your sensitive information...

Comments  (0)

49afa3a1bba5280af6c4bf2fb5ea7669

Evaluating the Cloud-Based Services Option

June 06, 2011 Added by:Mike Meikle

Keep a local copy of your data. If Google Apps one day decides to die because of “data corruption” you do not want to be stuck without access to important documents. The potential for an incident like this is moderately high since Google has already had a similar situation with Gmail...

Comments  (3)

6d117b57d55f63febe392e40a478011f

Sony Stock Hammered in Wake of Security Breaches

June 06, 2011 Added by:Anthony M. Freed

The unrelenting security incidents plaguing Sony, compounded by the recent earthquake and Tsunami in Japan, has worked to undermined shareholder confidence in the entertainment giant, and the result is a steady decline in the company's share price...

Comments  (2)

37d5f81e2277051bc17116221040d51c

Choosing an Enterprise eBanking Security Solution

June 06, 2011 Added by:Robert Siciliano

Recent technological advances have been vast and rapid. But after 15 years, online banking remains relatively immature, with a sometimes-inadequate security posture. You’re ebank is part of your business strategy, therefore security should be a part of your business strategy too...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Anonymous Responds to NATO Threats

June 06, 2011 Added by:Headlines

"Do not make the mistake of challenging Anonymous. Do not make the mistake of believing you can behead a headless snake. If you slice off one head of Hydra, ten more heads will grow in its place. If you cut down one Anon, ten more will join us purely out of anger..."

Comments  (1)

0a8cae998f9c51e3b3c0ccbaddf521aa

Impending Doom and IT Security's Downward Spiral

June 06, 2011 Added by:Rafal Los

If you've been in Information Security for any meaningful period of time you can surely side with the frustration and disappointment many of the long-time residents of Infosec-ville are feeling as breach after breach piles on in the news. The result of all of this is a downward spiral...

Comments  (1)

69dafe8b58066478aea48f3d0f384820

LulzSec Hackers Hit FBI Affiliate InfraGard

June 06, 2011 Added by:Headlines

LulzSec, the hacker collective who recently claimed responsibility for attacks against Sony and PBS, hacked networks belonging to the Atlanta chapter of the FBI affiliate InfraGard and defaced the organization's website, as well as exposing the group's email database...

Comments  (1)

E973b16363b3de77b360563237df7e32

Examining the Sources of Security Incidents

June 06, 2011 Added by:Bozidar Spirovski

Security incidents come in all shapes and sizes. They can affect availability, confidentiality or integrity. Shortinfosec organized a Linkedin poll to observe the opinions of the professionals on what are the sources of security incident that they deem most frequent...

Comments  (0)

A6f6ba95b73de19f947cf4eceecb2bed

Patching WordPress Username Disclosure

June 05, 2011 Added by:Ryan Dewhurst

According to OSVDB 55713 this vulnerability was reported to WordPress by Core Security Technologies in June 2009. At the time of writing, the latest version of WordPress is 3.1.3 and is still vulnerable to this vulnerability. Here is how to patch the vulnerability yourself...

Comments  (2)

F29746c6cb299c1755e4087e6126a816

Understanding Network Forensics Makes Security Smarter

June 05, 2011 Added by:Kelly Colgan

Recovering successfully from a breach is definitely something to shoot for. But nothing makes executives smile, or helps build back customer confidence, more then putting the bad guys behind bars. It makes for good news headlines. Plan for it...

Comments  (0)

4ff49873e3fed9a24adf0d37ae00b780

Why Your Router is the Weak Point of Your Home Security

June 05, 2011 Added by:Lee Munson

When it comes to the home router while the device is very useful, it is also riddled with many security problems. This is a real weakness in the home network. Most people do not know how the router works, so they also have no idea that they must make security adjustments to the device...

Comments  (2)

F520f65cba281c31e29c857faa651872

GRC is Not a Tool But a Business Enabler

June 04, 2011 Added by:Rahul Neel Mani

GRC is not an out of the box solution, which would immediately make you compliant. It is a tool that will allow you to collect information, report to you, help you to make changes in it, put the feedback into the new policy, see how much variance exists...

Comments  (0)