Latest Posts

099757b145caa6965ea51494adbc25ba

Establishing Vulnerability Management Programs

May 19, 2011 Added by:Drayton Graham

In the ever changing world of new vulnerabilities and associated threats, it is essential that an inventory is kept of the external systems, associated ports, services, and applications. If any one of these is unknown, or insecure, then the associated Risk Level changes...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Hacker Offers Insight On Sony PSN Breach

May 19, 2011 Added by:Headlines

"The depths they went indicates that this hack wasn't arbitrary... It seems likely to me that Sony got attacked through its web services first, such as the blog, and it opened up the doors to the rest of Sony's servers..."

Comments  (0)

C787d4daae33f0e155e00c614f07b0ee

Every Employee is a Security Partner

May 18, 2011 Added by:Robb Reck

By using a well-tested framework we can ensure that our organization’s security needs are adequately documented. The policies are critical, but they are only the framework. To flesh out the program we need the actual implementation, and that’s where the rest of the staff comes in...

Comments  (4)

Fc152e73692bc3c934d248f639d9e963

Draft PCI DSS v2.0 “Scorecard” Released

May 18, 2011 Added by:PCI Guru

The biggest change I have found thus far is the removal of the requirement to observe network traffic as the Network Monitoring column is gone. Prior to this point, QSAs were required to obtain network traffic via WireShark or similar tool to prove that network traffic is encrypted...

Comments  (0)

59d9b46aa00c70238bb89056cfeb96c0

How to Use Your FCPA Audit

May 18, 2011 Added by:Thomas Fox

In short, do not be afraid of the results and use Paul McNulty’s maxims of “what did you find” and “what did you do about it”. After you have completed the FCPA audit, what steps should you take? This post will explore some of the issues related to the evaluation and response...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Sony PlayStation Network Hacked Once Again

May 18, 2011 Added by:Headlines

"The hack involves the PSN web-based password reset page, where it’s said anyone can change someone else’s password using their PSN account email and date of birth—both details possibly obtained by hackers in the mid-April breach..."

Comments  (2)

924ce315203c17e05d9e04b59648a942

Granular Application Control Drives Next Gen Firewalls

May 18, 2011

Web apps in particular have become a nightmare for IT staff. Should users be allowed to use Twitter, URL shorteners like bit.ly or ur1.ca, or even Facebook? And if they do what should they be allowed to do within the app? Posting updates is one thing. Playing Mafia Wars is another...

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

How to Replace an Enterprise SIEM

May 18, 2011 Added by:Anton Chuvakin

Be prepared to keep the old SIEM running - without paying for the support contract, of course - or at least keep the old data backups – this becomes important if complete data migration is impossible due to architecture differences between the new and old SIEMs...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Geek.com Spreading Malware via Invisible iFrame

May 18, 2011 Added by:Headlines

The main page of the site - including the "Homepage" and the "About Us" section - contain an invisible iframe with JavaScript downloaded from sites contaminated by a custom set of exploits. The malicious code attempts to take advantage of vulnerabilities on the end user’s machine...

Comments  (1)

0dc5fdbc98f80f9aaf2b43b8bc795ea8

Using the Shun Command on the PIX/ASA

May 18, 2011 Added by:Global Knowledge

One command that had a fairly long history first with the PIX Firewall and now the ASA is the shun command. In this post we’ll examine this command’s history, why it’s useful, and its new-found resurgence in threat detection implementation...

Comments  (1)

0a8cae998f9c51e3b3c0ccbaddf521aa

Post-Production Application Security Testing

May 17, 2011 Added by:Rafal Los

I've spent several meetings in the last few months reminding people that even though they perform security testing and validation of their apps before they deploy they're leaving those apps running, in some cases for years, without looking back in on them. This is a bad thing...

Comments  (0)

10e258c8d23d441b915c1b2333b6996a

HIPAA HITECH Breach by a Small Practice: Actual Experience

May 17, 2011 Added by:Jack Anderson

A HIPAA HITECH breach caused by an office burglary resulted in a letter from OCR demanding a large amount of information in a very short time frame. Below are actual quotes from the OCR letter that are as scary as an IRS audit letter...

Comments  (0)

44fa7dab2a22dc03b6a1de4a35b7834a

Web Application Security - Real or Imagined?

May 17, 2011 Added by:Bill Gerneglia

Once an user accesses your databases through a web application, your control over the user's actions diminishes. A malicious user can "craft" inputs into their browser that allow them to do things other than what you want them to do. Security is a real concern in such a situation...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

NATO's Mutual Defense Doctrine Applies to Cyberspace

May 17, 2011 Added by:Headlines

"Cyberspace activities can have effects extending beyond networks; such events may require responses in self-defense. Likewise, interconnected networks link nations more closely, so an attack on one nation’s networks may have impact far beyond its borders..."

Comments  (0)

37d5f81e2277051bc17116221040d51c

Top Five Business Security Risks

May 17, 2011 Added by:Robert Siciliano

At 2010’s Defcon, a game was played in which contestants used the telephone to convince company employees to voluntarily cough up information they probably shouldn’t have. Of 135 “targets” of the social engineering “game,” 130 blurted out sensitive information...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Stuxnet and the Emerging Cyber Arms Race

May 17, 2011 Added by:Headlines

“We have created an arms race because now countries like China are blaming the US for the Iran attack and saying 'we need one too'. I think the next Stuxnet will be cruder but it will go after broad spectrum connections..."

Comments  (0)

4c1c5119b03285e3f64bd83a8f9dfeec

LastPass Demonstrates Impeccable Crisis Handling

May 17, 2011 Added by:Ben Kepes

The actions of LastPass have been exemplary – the actual loss in this instance was either non-existent or negligible. Many larger companies would have simply brushed this under the table and perhaps introduced some new security measures under the cloak of a version update...

Comments  (0)

49afa3a1bba5280af6c4bf2fb5ea7669

Enterprise Information Technology: Skip the Sexy

May 16, 2011 Added by:Mike Meikle

If new technology is attached to a framework that is half-complete or stretched beyond capacity, then a public relations nightmare may be waiting. Consider the PlayStation Network breach. Basic management and security principles were ignored or half-implemented with disastrous consequences...

Comments  (10)

47d6748b0a28ace8263ed75fec1afe4c

Information Security Policies and Procedures Part 5

May 16, 2011 Added by:Alex Hamerstone

The purpose section should include information about why the policy is necessary. You may also wish to add some information about how the issue was dealt with historically. It is also a great place to reiterate some company values. An example is “To ensure compliance with..."

Comments  (1)

Af9c34417f8e5e0d240850bb353b5d40

Vupen Security: The First Pwn Troll Business?

May 16, 2011 Added by:Keith Mendoza

I don't know what credibility Vupen has left as a company in the eyes of the information security industry. They're actions are no different from patent trolls or the many script kiddies who troll around the web showing their half-baked warez...

Comments  (0)