Latest Posts


Top 10 Threats to Security and Privacy for Business

June 10, 2011 Added by:Bill Gerneglia

It is difficult to remain 100% confident in your organizations security policies and procedures, but we must remain 100% committed to diligence in constant upgrades and feedback from attempted breaches to our networks and systems...

Comments  (0)


Essentials for an FCPA Compliance Program

June 10, 2011 Added by:Thomas Fox

Ongoing monitoring, auditing and assessments need to go down to the individual employee level. There should be both a ‘carrot and stick’ approach so that employees are disciplined for compliance failures, but also rewarded for doing business through appropriate compliance avenues...

Comments  (1)


Microsoft Monoculture as a Threat to National Security

June 10, 2011 Added by:Danny Lieberman

A report from a stellar cast of infosec experts and thought leaders shows that the complexity and dominance of Microsoft’s Windows operating system in US Federal agencies makes the government prone to cyber attack – a national security threat. This was in September 2003...

Comments  (2)


Thoughts on Software Security Assurance from a Like Mind

June 10, 2011 Added by:Rafal Los

Being able to tie exploitable issues in a running application to source code is the Holy Grail of security testing... but it's unlikely you'll get good adoption and success if you're trying to hand a bunch of developers black-box security testing technology...

Comments  (0)


Questions Likely to be Asked on a Security Certification

June 10, 2011 Added by:Lee Munson

Most of these questions will seem like common sense but make sure that you look at your booklet before the test and give the answer they want. A lot of us may have different ways of dealing with clients but if you want to past your test, give the answer that they want you to give...

Comments  (0)


CERT Resilience Management Model (RMM)

June 09, 2011 Added by:Ben Rothke

The model has two primary objectives: the convergence of operational risk and resilience management such as security, business continuity, and aspects of IT operations management into a single model, and to apply a process improvement approach to operational resilience management..

Comments  (0)


Remote DLL Injection with Meterpreter

June 09, 2011 Added by:Rob Fuller

What sets that method apart is the fact that the suspension (once the DLL injection occurs) comes from within the process, and it suspends all the child processes as well. Another way you can do this without the injection is just sending a suspend to all the threads in the process...

Comments  (0)


Mac Antivirus - Being Careful and Staying Safe

June 09, 2011 Added by:Bozidar Spirovski

What antivirus software packages have a Mac version? As of June 2011, Wikipedia lists that only 16 out of 62 antivirus software packages support the Mac. In a very interesting marketing move, some antivirus manufacturers actually offer free use of antivirus packages for Mac...

Comments  (0)


LIGATT Email on LulzSec Dox PR Appears to be Fake

June 09, 2011 Added by:Anthony M. Freed

The Pastebin posting appears to be from an email sent by Evans on June 5th to a staff member instructing them to produce the LulzSec investigation press release that Evans claims was fraudulent, and to distribute the release through outlets the company does not normally use...

Comments  (9)


Seventy-Seven Percent of Organizations Lost Data

June 09, 2011 Added by:Headlines

“With hundreds of data loss incidents every year – both reported and unreported – it’s no surprise the issues with governance, risk and compliance are being magnified. Data security in a modern day world means more than deploying a set of technologies to overcome these challenges..."

Comments  (0)


Fake Security Firms Will Be Exposed

June 09, 2011 Added by:Boris Sverdlik

Joe Black has built a reputation around certifications and misinformation. He has a very interesting career, that we can trace back to his days at Wright Printing in 2005 according to his LinkedIn Profile which is also about the time he was supposedly enrolled at ITT...

Comments  (9)


To Disclose or NOT to Disclose...

June 09, 2011 Added by:Andrew Baker

The issue of disclosure is a sensitive one, and it is important not to feed more bad guys with more information that will allow them to have greater success, but it is abundantly clear that two months of saying essentially nothing is at least just as bad as saying too much, if not worse...

Comments  (0)


Citigroup Suffers Breach of Customer Information

June 09, 2011 Added by:Headlines

Citigroup has confirmed an unauthorized network access event may have compromised the account details of as many as two hundred thousand North American banking clients. Representatives said they detected the breach of the Citi Account Online network in May through routine monitoring...

Comments  (0)


PCI Self-Assessment Questionnaires

June 09, 2011 Added by:PCI Guru

Where most organizations go wrong with the original SAQ C is when they have an integrated POS that connects back to a corporate network. Remote management is allowed in this environment, but the entity that remotely connects must not have uncontrolled access to the POS environment...

Comments  (0)


Sony Breach Highlights Secure Password Storage

June 08, 2011 Added by:Emmett Jorgensen

Secure password storage is crucial to any secure system. From sites such as Sony to operating systems and data backups on encrypted hard drives, if the password is in plain text your account and data is not safe. After all, why try to guess a password if you can just copy and paste it?

Comments  (0)


Solution Architecture: A Critical Service or Sales Talk?

June 08, 2011 Added by:Rafal Los

Over time the term has become widely over-used to the point where meaning is largely lost, and sadly most people on the buyer side of the aisle think it's just some marketing term or a way to get them to buy more of whatever widget is being sold...

Comments  (0)


APTs Require a Comprehensive Architecture

June 08, 2011 Added by:Rahul Neel Mani

APTs are becoming more and more complicated. However, there are certain security measures that organisation still need to take. Take the case of Epsilon data breach, or RSA breach. Hacked using simple social engineering tools like spear phishing and phishing e-mail to succeed...

Comments  (0)


Disabling Facebook's Facial Recognition for Privacy

June 08, 2011 Added by:Headlines

What is truly annoying about Facebook's setup from a privacy perspective is that users have very little control over what other members post about them, particularly when it comes to photos and tagging, and the facial recognition feature further aggravates the situation...

Comments  (0)


FBI Recruits One in Four U.S. Hackers as Informants

June 08, 2011 Added by:Headlines

"The FBI are always there. They are always watching, always in the chatrooms. You don't know who is an informant and who isn't, and to that extent you are vulnerable..."

Comments  (0)


Application Software in the Cloud – Power to the People

June 08, 2011 Added by:Danny Lieberman

We all use the term ”IT Governance” as if security of data was dependent on policy. Since we have lots of IT governance and lots of data breaches, we may safely assume that writing procedures while the hackers attack software and steal data is not an effective security countermeasure...

Comments  (0)