Latest Posts

37d5f81e2277051bc17116221040d51c

Phishers, Shoulder Surfers and Keyloggers

July 10, 2011 Added by:Robert Siciliano

McAfee’s most unwanted criminals include pickpockets, Trojans, and ATM skimmers, dumpster divers, spies, and wireless hackers and now phishers, shoulder surfers, and keyloggers. The key is awareness, vigilance, and investing in products and services that are designed to protect you...

Comments  (0)

959779642e6e758563e80b5d83150a9f

Using DLP to Prevent Credit Card Breaches

July 09, 2011 Added by:Danny Lieberman

PCI DSS 2.0 does not require outbound, real time or any other kind of data loss monitoring. The phrases “real time” and “data loss” don’t appear in the standard. In an informal conversation with a PCI DSS official in the region, he confessed to not even being familiar with DLP...

Comments  (0)

1789975b05c7c71e14278df690cabf26

The ABZs of Cybersecurity

July 09, 2011 Added by:Pete Herzog

The points made in this article reflect the research findings outlined in the OSSTMM 3: operational security controls, security and trust metrics, and the Moebius Defense security model where environmental protection precedes security awareness. You can find OSSTMM research at the ISECOM website...

Comments  (1)

B64e021126c832bb29ec9fa988155eaf

How to Log In to Windows Without the Password

July 08, 2011 Added by:Dan Dieterle

This process works on a fully patched and updated Windows 7 system. When I checked it last year, it also worked on all of Windows server products. Windows protects these system files from being modified when Windows is booted, but booting in Linux to alter them just takes a couple minutes at most...

Comments  (14)

69dafe8b58066478aea48f3d0f384820

Connexion Hack Team Dumps Military and Gov Accounts

July 08, 2011 Added by:Headlines

A new ad-hoc group of hacktivists calling itself "Connexion Hack Team" has published a list of email addresses associated with the US government including account information from the military, the Department of Homeland Security, the National Security Agency, and several state agencies...

Comments  (1)

7fef78c47060974e0b8392e305f0daf0

Team Inject0r: The Multinational Connection

July 07, 2011 Added by:Infosec Island Admin

If it was state sponsored hacking as the China connection really does lead me to believe, then we have a new problem, or perhaps this has been the case all along - that the state sponsored hackers have been within Anonymous, using them as cover. "Inj3ctor" has ties to Chinese hackers...

Comments  (3)

Ba829a6cb97f554ffb0272cd3d6c18a7

Throwing in the Towel: The Sorry State of Client Security

July 07, 2011 Added by:Kevin McAleavey

TDL4 has publicly caused the security industry to transition into full panic mode and literally throw in the towel as the solution to this and other malware continues to elude the industry according to widespread reports, while our attention was distracted by the kiddie wars on the Lulzboat...

Comments  (13)

69dafe8b58066478aea48f3d0f384820

EastWest Institute Advises Congress on Cybersecurity

July 07, 2011 Added by:Headlines

The first step to international agreements are bilateral and multilateral dialogues. Earlier this year, EWI-led U.S.-Russia talks on “rules of the road” for cyber conflict produced an attention-getting report, and a team of U.S. and Chinese experts published joint recommendations on reducing spam...

Comments  (0)

67a9d83011f3fbb2cf8503aff453cc24

Mitigating Injection Attacks

July 07, 2011 Added by:kapil assudani

The developers job gets easier since if he/she is working on an independent code that is a module for the master code, the variable type is identified and hence corresponding input validation / output encoding technique automatically gets applied through the framework...

Comments  (0)

E313765e3bec84b2852c1c758f7244b6

Three Things About Consumer Cloud Technology

July 07, 2011 Added by:Brent Huston

Organizations need data-centric controls that allow for flexibility in usage and protection. Your IT architectures and controls need to allow for those changes or face increasing levels of danger and obsolesce. You can not stop consumer cloud services from leaking into your enterprise...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Department of Energy Networks Under Siege

July 07, 2011 Added by:Rafal Los

This isn't a joke, or something to be taken lightly. This is the US Department of Energy. These are the people who have invested billions of our dollars into research for tomorrow's energy, including nuclear capability... what if that information got out? What would that cost us?

Comments  (2)

Bc353c4c6a6f7743290ce11723414424

ASA and IPS Parallel Features – Part I

July 07, 2011 Added by:Dawn Hopper

This first part of a two-part series will deal with Application Inspection and Control, sometimes referred to as DPI or Deep Packet Inspection. Rather than give detailed commands, this will serve as a high-level comparison...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Turkish Takedown Thursday: New Anonymous Attack

July 07, 2011 Added by:Headlines

"Our vessel recently encountered a Turkish Government frigate, a chance we could not not let pass. So we simply boarded their vessel (no need to fire any cannons, mind you, they never found out what happened until just now) and collected some booty..."

Comments  (0)

F29746c6cb299c1755e4087e6126a816

What to Do When You Get a Data Breach Letter

July 07, 2011 Added by:Kelly Colgan

A day doesn’t go by when we read news of a data breach at a major company, healthcare facility or financial institution. Epsilon, Sony and now Morgan Stanley, are a good examples. What do you do when a data breach notification letter lands in your mailbox? The short answer: Don’t panic...

Comments  (1)

7fef78c47060974e0b8392e305f0daf0

Infosec Island Call for Interviews at Black Hat Vegas

July 07, 2011 Added by:Infosec Island Admin

Infosec Island will be conducting a series of short video interviews with select presenters and vendors at the Black Hat USA 2011 conference in Las Vegas, NV. The interviews offer the opportunity for subjects to highlight their knowledge of emerging trends in the information security field...

Comments  (0)

9f19bdb2d175ba86949c352b0cb85572

Risk Management and Compliance – Finally Coming Together?

July 07, 2011 Added by:Neira Jones

Compliance is about providing evidence that controls are in place and is a tactical exercise to ensure business continuity. However, it is not inherently risk aware or economically sensitive. Too much emphasis on compliance can actually increase risk by giving a false sense of security...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Defense Research Labs Targeted in Attacks

July 07, 2011 Added by:Headlines

"The good news is no classified information has been compromised or is in danger from this attack. At this time, we have not found any indication of 'exfiltration' of information from our unclassified networks as well," said PNNL spokesman Greg Koller...

Comments  (0)

9259e8d30306ac2ef4c5dd1936e67634

How to Deal With Insider Threats

July 06, 2011 Added by:Dejan Kosutic

Insider threats will remain the biggest risk to the security of information - the complexity of systems and amount of data will only increase this threat in time. And the best way to deal with them is to prevent them - once they happen, you can only hope they won't go too far...

Comments  (3)

8c4834b99847b9f7c9ee94b45df086f9

The Benefits of FUD

July 06, 2011 Added by:Emmett Jorgensen

Fear, Uncertainty, and Doubt. Enemy of skeptic IT Pros, ally of marketers. Why do infosec pros talk about FUD in a negative light? Granted, some vendors push the FUD aspects of their marketing a bit too much. However, I think a little FUD can be a healthy thing. Let me explain...

Comments  (4)

07c90faf3632560a12dd6e98069813f2

HIPAA: Rx For End-User Device Risks

July 06, 2011 Added by:Konrad Fellmann

Basically, if electronic PHI data is encrypted, purged, or physically destroyed before it is inadvertently disclosed, then it doesn’t count as a breach. If the information is protected in a way that it can’t be obtained by an unauthorized individual then you’re safe...

Comments  (0)