April 05, 2011 Added by:Rafal Los
Multi-factor authentication systems that use one-time passwords give the attacker a very small window within which to strike. They have that one session, and then they have to orchestrate the attack again, whereas with a password compromise you can keep attacking over and over...
April 05, 2011 Added by:Ben Zvaifler
A new wave of cyber warfare has taken form, targeting our information and threatening the stability of our nation's government and corporations worldwide. Security and privacy professionals have answered with innovative techniques in a constantly shifting environment...
April 04, 2011 Added by:J. Oquendo
Is there a solution to the ever continuing FUD machine? Cyberwarfare is over-hyped and misrepresented. The fact is, even responsible individuals get it wrong consistently. This is how and why we fail, and will continue to fail, to defend against "computer related" attacks...
April 04, 2011 Added by:David Navetta
Shortly after the FTC Privacy Framework's release and its “Do Not Track” proposal, the response was robust to say the least. Several major web browsers announced support for a browser-based means of defeating persistent online tracking...
April 04, 2011 Added by:Robert Siciliano
Spyware is sold legally in the United States. This software records chats, emails, browsing history, usernames, passwords, and basically everything a person does on that PC. Some spyware programs can record everything in a video file, which can then be accessed remotely...
April 04, 2011 Added by:Scot Terban
People in the know are worried that Stuxnet was released into systems that were not completely understood. Iran, being as hard to get intel on, may have had configurations that the creators of Stuxnet did not account for, and it could indeed have caused a larger catastrophe...
April 04, 2011 Added by:Stefan Fouant
For this exam, you are really going to need to get your hands on several J-Series routers, or at the very least some M/T/MX-Series routers with Adaptive Services capabilities. This might require additional hardware on non J-Series devices...
April 03, 2011 Added by:Ben Rothke
Be it a IRT, CIRT, CERT, or CSIRT, whatever the term used, companies desperately need a team to formally respond to computer security incidents. The simple equation is that to the degree the incident is quickly identified, handled and ameliorated, so is the damage contained...
April 03, 2011 Added by:Anton Chuvakin
Since the early days of my involvement in SIEM and log management, this question generated a lot of delusions and just sheer idiocy. A lot of people spout stuff like “you need original logs in court” without having any knowledge about forensics in general. So, what is an “original” event?
April 03, 2011 Added by:Rahul Neel Mani
IT is challenged today to re-energize the data center to readily accommodate changing business requirements and demands for always-accessible information. The challenge lies in making information both available and secure...
April 02, 2011 Added by:Rafal Los
Many organizations forego a Software Security Assurance (SSA) program simply because they don't develop their own software and so are missing the risks of the software or applications they are purchasing - don't get caught with this type of risk...
April 02, 2011 Added by:Brent Huston
Companies and people don’t always do the right things and sometimes criminals win. They steal identity data and get the chance to commit massive fraud. We all know about it. We hear the stories and we hear people talking, but we don’t think it will happen to us, until it does. What now?
April 01, 2011 Added by:Bill Gerneglia
Those are some of the findings of the 2010 US Cost of a Data Breach study from the Ponemon Institute. The benchmark study looked at the experiences of 51 US companies in 15 industry sectors; it's the sixth annual such survey done by Ponemon...
April 01, 2011 Added by:Thomas Fox
Insufficient strategies include: an FCPA compliance policy that is disseminated broadly but has shallow preventative measures; monitoring efforts which review samples from artificially inflated universes; expanding the FCPA audience, yet diluting the compliance solution...
April 01, 2011 Added by:Simon Heron
This scam involves fraudsters cold calling people claiming to be a Windows support tech and getting the victim to give them remote access to their PCs in the guise of helping them ‘cleanse’ their systems – as long as the victim hands over money or in some cases much more...
April 01, 2011 Added by:Jack Anderson
Healthcare needs disruptive innovation. HIPAA HITECH provides an opportunity to profoundly change information security and privacy by bringing millions of new participants into the picture. HHS estimates that 1-2 million business associates need to become HIPAA HITECH compliant...
March 31, 2011 Added by:Rafal Los
Things like Cross Site Scripting (XSS), SQL Injection, buffer overflow, access violation, race conditions and other variations are tested for using static analysis, dynamic analysis and some of the forthcoming hybrid technology. As an industry we're getting better at pattern-based security testing...
March 31, 2011 Added by:Ron Lepofsky
The standards have been recently filed with FERC for approval for the US and with a variety of Canadian provincial authorities. To assist on CIP developments directly from the NERC site, I'm providing a navigation guide to get you directly to where you need to go...
March 31, 2011 Added by:Don Eijndhoven
For now, very few experts take these measures seriously and fear that our National cyber defense posture will be weakened rather than strengthened. Let´s hope that this is not the case, because various research papers already point to The Netherlands as a haven for malware...
March 31, 2011 Added by:Robert Siciliano
Situationist is an iPhone app that alerts members to each other’s proximity and gets them to interact in random situations. Members simply upload their photo and pick the situations they want to happen to them in the knowledge that they might then occur anywhere, and at any time...