Latest Posts

3e35900ae6facc6c146a85c435c71d82

Ghost in the Wires: The World's Most Wanted Hacker

September 02, 2011 Added by:Ben Rothke

In Ghost in the Wires: My Adventures as the World's Most Wanted Hacker, the first personal account of what really happened; Mitnick says most of the stories around him were the result of the myth of Kevin Mitnick, and nothing more. In the book, he dispels these myths and set the record straight...

Comments  (5)

7fef78c47060974e0b8392e305f0daf0

Yes Virginia - Hackers and Spooks On Militant Boards

September 01, 2011 Added by:Infosec Island Admin

Some of these sites contain the works of friends of mine in the security community that they have posted as research. We have areas where the jihadi’s have an assortment of upload/download sites for malware, but some of the newer posts have malware and creation kits that are up to standard...

Comments  (1)

Ebb72d4bfba370aecb29bc7519c9dac2

Got A Pile of Logs from an Incident: What to Do?

September 01, 2011 Added by:Anton Chuvakin

If you received any hints with the log pile, then you can search for this and then branch out to co-occurring and related issues and drill-down as needed, but then your investigation will suffer from “tunnel vision” of only seeing this initially reported issue and that is, obviously, a bad idea...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Vivek Kundra Makes the Case for Government Cloud

September 01, 2011 Added by:Headlines

"...governments around the world are wasting billions of dollars on unnecessary information technology. This problem has worsened in recent years because of what I call the 'I.T. cartel.' This powerful group of private contractors encourages reliance on inefficient software and hardware..."

Comments  (0)

69dafe8b58066478aea48f3d0f384820

U.S. Bank Employee Pleads Guilty to Account Theft

September 01, 2011 Added by:Headlines

Hurtado accessed U.S. Bank’s computer system and changed the contact information for the accounts of two elderly customers at the bank. After changing their contact information, Hurtado then allegedly closed these accounts and took out cashier’s checks for the balance of each account...

Comments  (1)

6429389c5e8a4c9555be876f8484331a

Guide: How to Pass an IT Audit

September 01, 2011 Added by:Sasha Nunke

The purpose of this document is to pass along tips we learned that may be useful as you consider adopting QualysGuard PC. This guide covers the steps and procedures to passing an IT GRC audit — as told by an enterprise end-user who deployed QualysGuard Policy Compliance...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Microsoft's Addiction to Collecting Tracking Data

September 01, 2011 Added by:Headlines

"The Windows Mobile operating system is clearly sending information that can lead to accurate location information of the mobile device regardless of whether the user allowed it," said Kamkar, who provided the analysis of the tracking methods for Lawyers seeking to establish a class action lawsuit...

Comments  (0)

94ae16c30d35ee7345f3235dfb11113c

The Cyberworld Points at China

September 01, 2011 Added by:Joel Harding

While the rest of the world is seeking to define and quantify cyberwar, cyber espionage, cyber theft - and only then, finding ways to stop it - I believe the Chinese are nimbly spanking our butts in cyberspace – and we don’t have the guts to stop them...

Comments  (5)

69dafe8b58066478aea48f3d0f384820

EFF Challenges NSA's Domestic Surveillance in Court

September 01, 2011 Added by:Headlines

At stake is whether the courts can judge the legality and constitutionality of the NSA's bulk interception of Americans' phone calls and emails, accomplished through back-door access to AT&T's domestic telecom network and its databases of communications records...

Comments  (3)

0356a83ecb15c8e33b00560d7bebe47f

Nine Reasons Why You're Not Ready for DLP

August 31, 2011 Added by:Stephen Marchewitz

No matter what you are told, simply writing a check to a software vendor and installing some code will not prevent all data loss. Depending on the intricacies of the organization, the money that DLP solutions require may likely be better spent on other security initiates...

Comments  (0)

959779642e6e758563e80b5d83150a9f

Securing Web Servers with SSL

August 31, 2011 Added by:Danny Lieberman

So where does SSL fit in? Well, we know that the vulnerabilities for a PHI data breach can not only happen inside any layer but in particular there are vulnerabilities in the system interfaces between layers. That means between server layers and client-server interfaces...

Comments  (0)

21d6c9b1539821f5afbd3d8ce5d96380

FedPlatform.org Focuses on a Government PaaS

August 31, 2011 Added by:Kevin L. Jackson

FedPlatform.org has been formed as a collaborative initiative to help federal organizations safely learn about and evaluate PaaS technologies. The initiative supports the Federal Cloud Computing Strategy and the Federal CIO’s 25-Point Federal IT Reform Plan...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Apache Killer DoS Vulnerability Patch Released

August 31, 2011 Added by:Headlines

The Apache Software Foundation and the Apache HTTP Server Project are pleased to announce the release of version 2.2.20 of the Apache HTTP Server with a fix for handling of byte-range requests and avoid a denial of service. We consider this release to be the best version of Apache available...

Comments  (0)

B64e021126c832bb29ec9fa988155eaf

Backtrack 5: Linux and Mac Vulnerable to Malicious Scripts

August 31, 2011 Added by:Dan Dieterle

Malicious scripts and executables are encoded and obfuscated to purposely bypass anti-virus programs. Once they are run on a target machine - Windows, Mac or Linux - they connect through the firewall to the attacker's machine. It is imperative to educate your users about these attacks...

Comments  (2)

69dafe8b58066478aea48f3d0f384820

Potentially Hundreds of Bogus Digital Certificates Issued

August 31, 2011 Added by:Headlines

"Chrome's hardcoded certificate blacklist actually increased by 247 entries... When a Comodo reseller was hacked back in March and its infrastructure was used to issue rogue certs for Google, Hotmail, Yahoo and other sites, Chrome's blacklist increased with just 10 certs..."

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

Kicked Out of the PCI DSS Club

August 31, 2011 Added by:PCI Guru

A Qualified Security Assessor Company (QSAC) has finally had their status revoked by the PCI SSC. Based on the FAQ, it seems that CSO was not able to provide documentation that supported their conclusions regarding assessment opinions in their ROC's and ROV's they had issued...

Comments  (0)

Bbb285308604bc5fbb9b43590d0501f6

Don't Miss the Security BSides Portland Event

August 31, 2011 Added by:Security BSides

The goal is to expand the spectrum of conversation beyond the traditional confines of space and time. It creates opportunities for individuals to participate in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos, and interaction from participants...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

FireEye Releases First Advanced Threat Report

August 31, 2011 Added by:Headlines

"The FireEye Advanced Threat Report focuses on the threats that have successfully evaded traditional defenses. These are the unknown threats and advanced attacks that are dynamic, targeted, and stealthy. And, they are extremely effective for compromising organizations’ networks..."

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Cloudpocalypse - When the Cloud Eats Your Corporate IP

August 30, 2011 Added by:Rafal Los

The Cloudpocalypse - where you've bought into a cloud service, neglected to understand what you're buying into (service level, liability, etc.) and then are left crying onto your keyboard as your cloud provider tells you, "Sorry, we've lost all your data... but you have a backup somewhere, right?"

Comments  (2)

E973b16363b3de77b360563237df7e32

RAID and Disk Size - Search for Performance

August 30, 2011 Added by:Bozidar Spirovski

Centralizing your storage is always a very good idea - you can manage storage requirements of most servers through a central storage system, without the hassle of juggling local disks within servers. But centralizing a storage opens a whole new world of hassles...

Comments  (0)