Latest Posts


Phishers, Shoulder Surfers and Keyloggers

July 10, 2011 Added by:Robert Siciliano

McAfee’s most unwanted criminals include pickpockets, Trojans, and ATM skimmers, dumpster divers, spies, and wireless hackers and now phishers, shoulder surfers, and keyloggers. The key is awareness, vigilance, and investing in products and services that are designed to protect you...

Comments  (0)


Using DLP to Prevent Credit Card Breaches

July 09, 2011 Added by:Danny Lieberman

PCI DSS 2.0 does not require outbound, real time or any other kind of data loss monitoring. The phrases “real time” and “data loss” don’t appear in the standard. In an informal conversation with a PCI DSS official in the region, he confessed to not even being familiar with DLP...

Comments  (0)


The ABZs of Cybersecurity

July 09, 2011 Added by:Pete Herzog

The points made in this article reflect the research findings outlined in the OSSTMM 3: operational security controls, security and trust metrics, and the Moebius Defense security model where environmental protection precedes security awareness. You can find OSSTMM research at the ISECOM website...

Comments  (1)


How to Log In to Windows Without the Password

July 08, 2011 Added by:Dan Dieterle

This process works on a fully patched and updated Windows 7 system. When I checked it last year, it also worked on all of Windows server products. Windows protects these system files from being modified when Windows is booted, but booting in Linux to alter them just takes a couple minutes at most...

Comments  (14)


Connexion Hack Team Dumps Military and Gov Accounts

July 08, 2011 Added by:Headlines

A new ad-hoc group of hacktivists calling itself "Connexion Hack Team" has published a list of email addresses associated with the US government including account information from the military, the Department of Homeland Security, the National Security Agency, and several state agencies...

Comments  (1)


Team Inject0r: The Multinational Connection

July 07, 2011 Added by:Infosec Island Admin

If it was state sponsored hacking as the China connection really does lead me to believe, then we have a new problem, or perhaps this has been the case all along - that the state sponsored hackers have been within Anonymous, using them as cover. "Inj3ctor" has ties to Chinese hackers...

Comments  (3)


Throwing in the Towel: The Sorry State of Client Security

July 07, 2011 Added by:Kevin McAleavey

TDL4 has publicly caused the security industry to transition into full panic mode and literally throw in the towel as the solution to this and other malware continues to elude the industry according to widespread reports, while our attention was distracted by the kiddie wars on the Lulzboat...

Comments  (13)


EastWest Institute Advises Congress on Cybersecurity

July 07, 2011 Added by:Headlines

The first step to international agreements are bilateral and multilateral dialogues. Earlier this year, EWI-led U.S.-Russia talks on “rules of the road” for cyber conflict produced an attention-getting report, and a team of U.S. and Chinese experts published joint recommendations on reducing spam...

Comments  (0)


Mitigating Injection Attacks

July 07, 2011 Added by:kapil assudani

The developers job gets easier since if he/she is working on an independent code that is a module for the master code, the variable type is identified and hence corresponding input validation / output encoding technique automatically gets applied through the framework...

Comments  (0)


Three Things About Consumer Cloud Technology

July 07, 2011 Added by:Brent Huston

Organizations need data-centric controls that allow for flexibility in usage and protection. Your IT architectures and controls need to allow for those changes or face increasing levels of danger and obsolesce. You can not stop consumer cloud services from leaking into your enterprise...

Comments  (0)


Department of Energy Networks Under Siege

July 07, 2011 Added by:Rafal Los

This isn't a joke, or something to be taken lightly. This is the US Department of Energy. These are the people who have invested billions of our dollars into research for tomorrow's energy, including nuclear capability... what if that information got out? What would that cost us?

Comments  (2)


ASA and IPS Parallel Features – Part I

July 07, 2011 Added by:Dawn Hopper

This first part of a two-part series will deal with Application Inspection and Control, sometimes referred to as DPI or Deep Packet Inspection. Rather than give detailed commands, this will serve as a high-level comparison...

Comments  (0)


Turkish Takedown Thursday: New Anonymous Attack

July 07, 2011 Added by:Headlines

"Our vessel recently encountered a Turkish Government frigate, a chance we could not not let pass. So we simply boarded their vessel (no need to fire any cannons, mind you, they never found out what happened until just now) and collected some booty..."

Comments  (0)


What to Do When You Get a Data Breach Letter

July 07, 2011 Added by:Kelly Colgan

A day doesn’t go by when we read news of a data breach at a major company, healthcare facility or financial institution. Epsilon, Sony and now Morgan Stanley, are a good examples. What do you do when a data breach notification letter lands in your mailbox? The short answer: Don’t panic...

Comments  (1)


Infosec Island Call for Interviews at Black Hat Vegas

July 07, 2011 Added by:Infosec Island Admin

Infosec Island will be conducting a series of short video interviews with select presenters and vendors at the Black Hat USA 2011 conference in Las Vegas, NV. The interviews offer the opportunity for subjects to highlight their knowledge of emerging trends in the information security field...

Comments  (0)


Risk Management and Compliance – Finally Coming Together?

July 07, 2011 Added by:Neira Jones

Compliance is about providing evidence that controls are in place and is a tactical exercise to ensure business continuity. However, it is not inherently risk aware or economically sensitive. Too much emphasis on compliance can actually increase risk by giving a false sense of security...

Comments  (0)


Defense Research Labs Targeted in Attacks

July 07, 2011 Added by:Headlines

"The good news is no classified information has been compromised or is in danger from this attack. At this time, we have not found any indication of 'exfiltration' of information from our unclassified networks as well," said PNNL spokesman Greg Koller...

Comments  (0)


How to Deal With Insider Threats

July 06, 2011 Added by:Dejan Kosutic

Insider threats will remain the biggest risk to the security of information - the complexity of systems and amount of data will only increase this threat in time. And the best way to deal with them is to prevent them - once they happen, you can only hope they won't go too far...

Comments  (3)


The Benefits of FUD

July 06, 2011 Added by:Emmett Jorgensen

Fear, Uncertainty, and Doubt. Enemy of skeptic IT Pros, ally of marketers. Why do infosec pros talk about FUD in a negative light? Granted, some vendors push the FUD aspects of their marketing a bit too much. However, I think a little FUD can be a healthy thing. Let me explain...

Comments  (4)


HIPAA: Rx For End-User Device Risks

July 06, 2011 Added by:Konrad Fellmann

Basically, if electronic PHI data is encrypted, purged, or physically destroyed before it is inadvertently disclosed, then it doesn’t count as a breach. If the information is protected in a way that it can’t be obtained by an unauthorized individual then you’re safe...

Comments  (0)