Latest Posts

7fef78c47060974e0b8392e305f0daf0

Anonymous, Conspiracies, and Blowback

October 05, 2011 Added by:Infosec Island Admin

A video posted on YouTube has some ominous overtones, with heavy imagery to incite people to do more than just protest. What is most worrisome is that there may be individuals out there who will heed the call and go for an all out “run” against Wall Street bankers...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

TakeDownCon Las Vegas: Mobile and Wireless Security

October 05, 2011 Added by:Infosec Island Admin

Due to the rapid escalation of threats affecting wireless operations, TakeDownCon Las Vegas now brings you a highly technical platform which addresses highly technical knowledge which focuses on securing your channels, your data, and ultimately and most importantly – your very own privacy...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Dynamic Application Security Testing (DAST)

October 05, 2011 Added by:Rafal Los

Dynamic Application Security Testing (DAST) is one of the long-standing staples of Software Security Assurance, and has been the anchor by which many organization have boot-strapped their efforts to write better code. Whether this is the correct approach or not is not the question...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Email Authentication Rates Rise in 2011

October 05, 2011 Added by:Headlines

“The increased incidents of spear phishing targeting consumers, business and government users have accelerated the business value of email authentication. Organizations who fail to adopt are putting their employees, data and consumers at an unacceptable level of risk..."

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

The Twenty Controls That Aren't

October 04, 2011 Added by:Infosec Island Admin

"Controls" advocate practices that simply cannot be met by the average small firm. DLP for everybody? A well-trained security staff that is expert in secure network engineering? If nothing else, this list should encourage small firms to simply outsource everything, even if it costs more...

Comments  (0)

21d6c9b1539821f5afbd3d8ce5d96380

Cloud Computing Solutions in Federal Agencies part 4

October 04, 2011 Added by:Kevin L. Jackson

Cloud computing is unique in its ability to address critical defense and intelligence needs. That’s why the cloud is critical to our national defense. As a bonus, cloud computing offers defense and intelligence agencies the ability to increase efficiency and incur cost savings...

Comments  (0)

D8853ae281be8cfdfa18ab73608e8c3f

Who's Logged In? A Quick Way to Pick Your Targets

October 04, 2011 Added by:Rob Fuller

Say you need to get your bearings quickly on an internal test and going into each shell and doing a PS, then looking through the list for all the users logged in is a definitely not ideal. I wrote a quick script that you can throw in the Meterpreter scripts folder to aide you a bit with this...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Government Proposes ISP's Notify Victims of Botnets

October 04, 2011 Added by:Headlines

"While security risks on the Internet exist in many areas, one current widely exploited threat comes from `botnets.' Through this Request for Information and any follow-on work, the two Departments aim to reduce the harm that botnets inflict on the nation's computing environment..."

Comments  (0)

509ea0c1f4a210534eb004d35c10aa2d

ISA: Financial Management of Cyber Risk

October 04, 2011

ISA President Larry Clinton was joined by former ISA Chair Ty Sagalow, ISA Chief outside counsel Tom Jackson and Ed Stull from DCR in illustrating how and why cyber events are often misanalyzed by organizations leading to financial impacts which can also be underestimated...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

GAO: Federal Security Incidents Increased 650%

October 04, 2011 Added by:Headlines

"Weaknesses in information security policies and practices at 24 major federal agencies continue to place... sensitive information and information systems at risk... reports of security incidents from federal agencies are on the rise, increasing over 650 percent over the past 5 years..."

Comments  (0)

8b5e0b54dfecaa052afa016cd32b9837

IPv6 - The Death of SSL

October 04, 2011 Added by:Craig S Wright

When IPv6 finally becomes the norm, IPSec will become ubiquitous. It will be deployed far wider than SSL. As for being as good or better than SSL, well SSL is flawed. It was from the start and it remains flawed. This point is moot as it would be difficult to make the protocol worse...

Comments  (10)

69dafe8b58066478aea48f3d0f384820

Anonymous Splinters over Planned NYSE Attacks

October 04, 2011 Added by:Headlines

While the tough sounding rhetoric may work to inspire some followers of Anonymous to join the attacks, other members of the collective have issued warnings that the attacks will simply result in more arrests, stating "We do not want history to repeat itself, and are sincerely worried..."

Comments  (0)

Ad5130e786d13531cc0f2cde32dacd0f

The Holy Grail and the PA-DSS Implementation Guide

October 04, 2011 Added by:Andrew Weidenhamer

As a QSA it is very frustrating to walk in, ask the merchant for the PA-DSS Implementation Guide, and receive a glazed over eye look. It's even more frustrating when you then ask the Vendor/Reseller for the Implementation Guide and they look at you as if you have three heads....

Comments  (0)

69dafe8b58066478aea48f3d0f384820

EastWest Institute Builds Consensus on Cybersecurity

October 04, 2011 Added by:Headlines

At the EastWest Institute's Worldwide Security Conference (WSC) in Brussels, experts from the United States, Russia, China and other countries advanced ongoing efforts to develop recommendations for areas of potential cooperation to protect critical infrastructure...

Comments  (0)

0f57a863af3b7e5bf59a94319a408ff7

Broken Trust Part 2: Applying the Approach to Dropbox

October 03, 2011 Added by:Enno Rey

After having introduced the basic elements of the concepts of trust, control and confidence in a previous post on the RSA breach, today I’ll try to strengthen your understanding of these ideas - and maybe even my own as well - by applying them to another candidate: Dropbox...

Comments  (2)

12ea1d6ac442fbf368f1da078fd43220

Keeping Privileged Users Under Control in Oracle Database

October 03, 2011 Added by:Esteban Martinez Fayo

SYSDBA privilege has unlimited access to all data and can make any configuration change. With DatabaseVault installed, it is possible to restrict SYSDBA users from accessing certain data but the protection is not complete. There are ways to bypass the defenses and compromise the data...

Comments  (1)

A8054e07abdfdcadb09322585cb2e085

Wow! So That Was DerbyCon...

October 03, 2011 Added by:Michael SecurityMoey

One talk that I thought was absolutely phenomenal was "Steal Everything, Kill Everyone, Cause Total Financial Ruin" with Jayson Street who walked through his antics and general mayhem. There was one major take away I got from Jayson’s talk: If your users are doing dumb stuff, it’s yours fault...

Comments  (2)

69dafe8b58066478aea48f3d0f384820

HTC Android Devices are Leaking Sensitive User Data

October 03, 2011 Added by:Headlines

"The only reason the data is leaking left and right is because HTC set their snooping environment up this way. It's like leaving your keys under the mat and expecting nobody who finds them to unlock the door..."

Comments  (0)

69dafe8b58066478aea48f3d0f384820

DHS: National Cyber Security Awareness Month

October 03, 2011 Added by:Headlines

The most serious economic and national security challenges we face are cyber threats. America's economic prosperity and competitiveness in the 21st Century depends on effective cybersecurity. Every Internet user has a role to play in securing cyberspace...

Comments  (0)

91648658a3e987ddb81913b06dbdc57a

RIP - Cyber Security Expert Dr. Eugene Schultz

October 03, 2011 Added by:Ron Baklarz

Schultz authored/co-authored five books, wrote over 120 published papers and was also a certified SANS instructor, a senior SANS analyst, a member of the SANS NewsBites editorial board, and co-author of the 2005 and 2006 Certified Information Security Manager preparation materials...

Comments  (1)