Latest Posts


Rogue Admins Allow Games on Company Servers

April 19, 2011 Added by:Bill Gerneglia

A sizable number of comments took the line that playing games on corporate systems was either beneficial to the company or caused no significant harm. One agreed with an IT professional quoted in the story, who said that gaming helps IT employees “stay sharp"...

Comments  (1)


The Art of Cyber Warfare: Counterattack Fail

April 18, 2011 Added by:J. Oquendo

The sole purpose of Ensatus is deception and it drives the point of "fail" when it comes to counterattacking. If I were performing a sanctioned penetration test, I would be using decoys. In the event counterattacking were legal, you would be counterattacking an innocent victim...

Comments  (2)


Information Security Risk Management Programs Part Two

April 18, 2011 Added by:kapil assudani

In many companies, the culture is to embrace security only where it is absolutely necessary, and this usually comes through corporate security policies and industry regulations. Beyond these, security groups hardly have any teeth - unless its a critical security issue...

Comments  (0)


Detailed FISMA Logging Guidance Continued

April 18, 2011 Added by:Anton Chuvakin

Configuring tools needs to happen after the policy is created. Goals first, infrastructure choices second. In case of privacy and other regulations on top of FISMA, the legal department should also have their say, however unpalatable it may be to the security team...

Comments  (0)


Senators Introduce Cyber Security Public Awareness Act

April 18, 2011 Added by:Headlines

“The government keeps the damage we are sustaining from cyber attacks secret because it is classified. The private sector keeps the damage they are sustaining from cyber attacks secret so as not to look bad... The net result of that is that the American public gets left in the dark..."

Comments  (0)


The Rise of Smartphones and Related Security Issues

April 18, 2011 Added by:Robert Siciliano

As more and higher speed networks are built, more consumers will gravitate toward the mobile web. Smartphone users are downloading billions of apps and spending millions via mobile payments. For the younger generation, smartphones are used for a majority of ecommerce transactions...

Comments  (0)


Epsilon: Be Wary of Phishing Attempts

April 18, 2011 Added by:Rod MacPherson

Another scam that they are running is a fake Epsilon breach news update site (copied from the actual press release site) that offers up a downloadable tool that they tell you to run to see if the hackers have your e-mail address. That tool is a Trojan...

Comments  (0)


Defining the Insider Threat

April 17, 2011 Added by:Danny Lieberman

Mitigating the insider threat requires defining whether or not there IS a threat, and if so, finding the right security countermeasures to mitigate the risk. One wonders whether or not RSA eats their own dog food, and had deployed a data loss prevention system. Apparently not...

Comments  (8)


Mobile Devices Continue to Attract Cyber-Scamsters

April 17, 2011 Added by:Rahul Neel Mani

While it’s only beginning to percolate, a trend is clearly emerging— cyber criminals are looking for new opportunities outside of the PC environment. They are investing more resources toward developing exploits that specifically target users of mobile devices...

Comments  (0)


Forklifting Apps to the Cloud – Realistic or Not?

April 17, 2011 Added by:Ben Kepes

Aspects of this discussion are little more than cloud elites arguing finer points. There are some issues in the message used to justify the cloud to enterprises. We need to have a consistent story about what the cloud really means for an enterprise – something that is sadly lacking today...

Comments  (0)


SSL Issues: From Man-in-the-Middle Attacks to Hackers

April 16, 2011 Added by:Dan Dieterle

There seems to be little verification before certificates are handed out. When you add in reports of hackers stealing or creating fake certificates and also hardware devices that perform SSL man-in-the-middle attacks, it sounds like SSL is really in need of an overhaul...

Comments  (0)


Introduction to Security Troubleshooting

April 15, 2011 Added by:Global Knowledge

In diagnosing connection and VPN problems, too often SSL or IPSec VPN client logs don’t provide enough information on why connections fail. Consequently, the receiver frequently provides the detail needed through selective debugging and logging...

Comments  (0)


Twitter Scam Hooks Thousands

April 15, 2011 Added by:Robert Siciliano

Twitter’s numbers are astounding. In the physical world, when communities become larger and more densely populated, crime rises. The same applies to online communities. Spammers, scammers, and thieves are paying attention...

Comments  (0)


Software Security Assurance in a "One Man Show"

April 15, 2011 Added by:Rafal Los

Down-scaling an enterprise security challenge into a smaller fit is more of a challenge than you'd think, because it's just too easy to say 'outsource it all'... but how does that actually help an organization write more secure software? The answer is that it doesn't...

Comments  (0)


Information Security Risk Management Programs

April 15, 2011 Added by:kapil assudani

In many organizations the CISO reports to the CTO – which usually results in a conflict of interest. The goals of IT groups are performance and speedy implementation, which usually takes precedence over security considerations. As a result, security takes a back seat..

Comments  (0)


HBGary's Open Letter to Customers and the Defense Marketplace

April 15, 2011 Added by:Headlines

While some details seem to jibe with the information contained in the tens-of-thousands of leaked emails, the letter for the most part just comes off as a generic attempt to rewrite the record and further distance HBGary Inc. from the activities of Aaron Barr and HBGary Federal..

Comments  (0)


Detailed FISMA Logging Guidance

April 14, 2011 Added by:Anton Chuvakin

FISMA emphasizes the need for each Federal agency to develop, document, and implement an organization-wide program to secure the information systems that support its operations and assets. Here is what is likely needed for a successful FISMA-driven log management implementation...

Comments  (0)


Data Loss Prevention: Less Flip this Week

April 14, 2011 Added by:Ron Lepofsky

Data leakage prevention technology tackles both data at rest residing within a network and specifically on disk storage and of course when data is in motion. Vendors of these technologies vary in what elements of the problem they wish to tackle. Some try to solve all possible problems...

Comments  (0)


Advantages of Hosted Software and Data Security

April 14, 2011 Added by:Lindsay Walker

Every workplace has "super-users," people who can hack into systems and extract sensitive information. Having information stored offsite makes it challenging for anyone inside your organization to get their eyes on information they aren't permitted to see...

Comments  (0)


China Holds the Advantage in Cyber Espionage Game

April 14, 2011 Added by:Headlines

According to Brenner, thousands of U.S. companies were targeted in the Aurora attacks, a great deal more than the 34 companies publicly identified. Brenner says the scale of the operation demonstrates China's "heavy-handed use of state espionage against economic targets..."

Comments  (0)