Latest Posts

8c4834b99847b9f7c9ee94b45df086f9

Where is the Focus on Randomness in Cryptography?

June 27, 2011 Added by:Emmett Jorgensen

The risk in using an RNG that is not truly random stems from the ability of an attacker analyzing the encrypted data and potentially discovering patterns to the encryption. This could allow some type of reverse engineering of the encrypted data or keys...

Comments  (2)

A7290c5bd7bc2aaa7ea2b6c957ef639b

The Legal Implications of Social Networking

June 27, 2011 Added by:David Navetta

Companies are stampeding to exploit social networking. Many legal issues could increase the risk and liability potential of an organization employing a social media strategy. In this multi-part series the InfoLawGroup will identify and explore the legal implications of social media...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

Asperger's: The New Insanity Defense for Hacking?

June 27, 2011 Added by:Infosec Island Admin

The recent arrest of suspected LulzSec hacker Ryan Cleary, and before him the infamous Gary McKinnon, reveals a legal trend developing for a kind of hacker “insanity defense” with a declaration that Ryan is a high functioning autistic and that he may have not been able to stop himself...

Comments  (4)

Bc353c4c6a6f7743290ce11723414424

AAA Security Troubleshooting

June 27, 2011 Added by:Dawn Hopper

In troubleshooting authentication, using specific debug tacacs+ or debug radius commands often provide too detailed and obscure output to anyone except those extremely knowledgeable in the protocols. Instead, the debug AAA authentication generic command has several advantages...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Authorities Bust $72 Million Dollar Conficker Fraud Ring

June 27, 2011 Added by:Headlines

"The Security Service of Ukraine, in coordination with the law enforcement agencies of United States, Great Britain, Netherlands, France, Germany, Latvia, Cyprus and other countries (10 in total), defeated illegal activity of the international criminal group of hackers..."

Comments  (0)

Ba829a6cb97f554ffb0272cd3d6c18a7

Warning: Original "50 Days of Lulz" Payload is Infected

June 27, 2011 Added by:Kevin McAleavey

Even after the lulz have officially ended, the adventure continues for the hapless crew of the LulzBoat. After piping off the ship and dropping their cargo on "The Pirate Bay" it turns out that the RAR file offered as a torrent download is infected with a backdoor of the "RBOT" class of malware...

Comments  (12)

69dafe8b58066478aea48f3d0f384820

Citigroup Lost $2.7 Million in May Hacker Attack

June 27, 2011 Added by:Headlines

Officials from the banking giant now assert that $2.7 million was stolen from about 3,400 accounts in the May attack. Citigroup immediately reported the security incident to law enforcement and regulatory authorities, but waited about three weeks before notifying affected customers...

Comments  (0)

4ff49873e3fed9a24adf0d37ae00b780

One in Four Cyber Criminals Turn In Their Friends

June 26, 2011 Added by:Lee Munson

You are not going to find much sympathy by most people since you are out there doing something illegal. So you must be just like the rest of the criminal world and prepare to live your life by trusting very few people and always be aware that anyone can turn on you...

Comments  (4)

Ba829a6cb97f554ffb0272cd3d6c18a7

Rumors of LuzSec's Demise are Greatly Exaggerated

June 26, 2011 Added by:Kevin McAleavey

The media has been reporting that Lulzsec has folded, but they've merely gone underground and are regrouping. @Lulzboat on twitter has now become @lulzb0at and combined with AnonOps and AntiSec, releasing the following announcement on their IRC subchannels...

Comments  (8)

7fef78c47060974e0b8392e305f0daf0

The Lulzboat Sailed and All I Got Was This Garbage File

June 26, 2011 Added by:Infosec Island Admin

I expect LulzSec's real legacy will be the creation of more draconian laws by the government as a backlash to their antics. Laws that will make all our lives a bit less private and a lot more prone to being misused. I also expect that the lulz will continue, though at their expense...

Comments  (4)

Fc152e73692bc3c934d248f639d9e963

PCI SSC Releases Virtualization Guidelines

June 25, 2011 Added by:PCI Guru

If I had to take the PCI SSC to task, I would argue that cloud computing does not have anything to do with virtualization. Yes, a lot of cloud computing solution providers are using virtualized systems to provide their services, but not every cloud provider uses virtualization...

Comments  (0)

Af9c34417f8e5e0d240850bb353b5d40

The Kiddies Versus the Adults

June 25, 2011 Added by:Keith Mendoza

So it appears that LulzSec and Anonymous have gained themselves a few more enemies than just law enforcement. It's starting to look like Ocean's 11 going after the shoplifters. But what does this mean to infosec in general? It means that everyone better shape up or ship out...

Comments  (2)

0a8cae998f9c51e3b3c0ccbaddf521aa

Facebook's Project Spartan - Tempest in a Broken Teapot

June 24, 2011 Added by:Rafal Los

While some analyses of the super-secret Project Spartan that Facebook is supposedly working on center around the Apple vs. Facebook apps war brewing - I think the focus is something else entirely. I think the focus, from a technology perspective, is HTMLv5...

Comments  (1)

959779642e6e758563e80b5d83150a9f

Ban Windows from Embedded Medical Devices

June 24, 2011 Added by:Danny Lieberman

The combination of large numbers of software vulnerabilities, user lock in created by integrating applications with Windows, complexity of Microsoft products and their code and Microsoft predatory trade practices are diametrically different than Linux and the FOSS movement...

Comments  (0)

E973b16363b3de77b360563237df7e32

Where Are Your Default Admin Passwords?

June 24, 2011 Added by:Bozidar Spirovski

The passwords should be constructed in two parts, each part entered by different person, which increases the complexity significantly and reduces the possibility of using social knowledge of a single person to attack the password. Also, no one single person knows the password...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Did LulzSec Hack Apple's iCloud and Steal Source Code?

June 24, 2011 Added by:Headlines

An anonymous Pastebin posting from June 21 states that hackers claiming to be part of the LulzSec collective successfully breached Apple's iCloud networks several weeks ago. The posting claims that the intruders mapped the network and "grabbed all their source code and database passwords..."

Comments  (1)

5e402abc3fedaf8927900f014ccc031f

Developing a Security and Privacy Awareness Program

June 23, 2011 Added by:Allan Pratt, MBA

When security breaches occur, customer trust is lost, brand value disintegrates, and breach response results in significant costs to the business. The time involved for breach responses can go on for years, and resulting penalties and sanctions could extend into the millions of dollars...

Comments  (1)

Ba829a6cb97f554ffb0272cd3d6c18a7

Is Your Website at Risk from LulzSec?

June 23, 2011 Added by:Kevin McAleavey

There is no excuse for your facility to provide the next round of "lulz." Examining your ability to withstand DDoS attacks and checking your SQL backend against exploits, you stand a chance of withstanding the onslaught of raging children should they turn their "cannons" your way...

Comments  (10)

4c1c5119b03285e3f64bd83a8f9dfeec

Public Cloud/Private Cloud – A Redux

June 23, 2011 Added by:Ben Kepes

Christian Reilly brings a really interesting perspective to the public/private cloud debate. Reilly sees the daily realities of legacy applications, “just keep the lights on” budgets and multiple issues around compliance and security...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

LulzSec: How Not to Run an Insurgency

June 23, 2011 Added by:Infosec Island Admin

LulzSec seems to have misunderstood that secrecy is really really important when you are doing something like a digital insurgency. Sure, you can try to rely on all the technologies like proxies to hide your IP, but, you also have the human element to contend with...

Comments  (3)