Latest Posts


Web Insecurity: 7 Steps We Should Demand of Advertisers

September 12, 2011 Added by:Chris Weber

The advertising industry can should mitigate the threat of malware by constraining the capabilities of scripting to address arbitrary content, proxying content, and filtering content for malware. Here are seven security essentials that web servers and advertisers must undertake...

Comments  (0)


Insider Threat: Top Scientist Pleads Guilty to Espionage

September 12, 2011 Added by:Headlines

“Preventing the loss or compromise of high-technology and vital national security information is a top priority of the FBI. This case is a prime example of what happens when a person decides to sell our nation’s most valuable secrets for individual gain..."

Comments  (0)


The Psychology of “Neo Jihad” Radicalization

September 11, 2011 Added by:Infosec Island Admin

The AQ core will continue to reach out to the lonely and dispossessed to radicalize the newcomers as well as use the technologies we have created (privacy/hacking utilities included) to effect the outcomes they desire and we need to be able to counter them...

Comments  (0)


Iran Prepares for Cyberwar

September 11, 2011 Added by:Joel Harding

Last year a website I was running on information warfare was hacked. Rather, I should say, it was defaced. Someone got onto the website and exchanged my main HTML page with theirs. It was the Iranian Cyber Army, they left their calling card along with some funky looking furling flag...

Comments  (0)


How to Avoid the 9/11 Scams

September 10, 2011 Added by:Kelly Colgan

Osama bin Laden’s death wasn’t a day old before hackers moved in, flooding social network sites with spam—links that promised images of the al-Qaeda leader but that led to corrupted Flash plug-ins. Today's 10th anniversary of the 9/11 attacks will be no different...

Comments  (0)


A Bunch of Virtual Machines Does Not a Cloud Make

September 09, 2011 Added by:Rafal Los

Allow me to interject some sanity here for a moment, because I seem to have stumbled upon a very interesting point which should be quite clear, but apparently is not. Just because you're running a bunch of virtual servers does not mean you're adopting cloud computing. Here's the situation...

Comments  (0)


Hacker Halted USA 2011 Miami - Discounted Special

September 09, 2011 Added by:Infosec Island Admin

9/9 Special: First 25 that sign up on Sep 9 for ANY training get a $500 discount! With a comprehensive agenda, and a star-studded line up of speakers, Hacker Halted promises to be the premier information security conference of the year in the East Coast. Hackers Are Here. Where Are You?

Comments  (0)


Linking Cyberspace and 4th Generation Warfare - Act Deux

September 09, 2011 Added by:Don Eijndhoven

It is easily conceivable that online collectives such as Anonymous and LulzSec, who are known to harbor militant types, will eventually get bored with relatively innocuous attacks and start targeting digital weak points to critical infrastructure to bring their point across...

Comments  (5)


Anonymous Unveils Twitter Hijack Tool: URGE

September 09, 2011 Added by:Headlines

Anonymous has released an purported Twitter hijacking tool called URGE, posting the source code for the exploit on Github. Using the tool could be considered an illegal act, and those that choose to download and perform Twitter hijacking operations could find themselves facing legal repercussions...

Comments  (0)


Paper Frames Debate on Big Brother in Critical Infrastructure

September 08, 2011 Added by:Chris Blask

The three scenarios exercise the legal issues of government access to information of increasing depth. The first two speak to capabilities that should be further developed -honeynets and continuous monitoring - while the third scenario in part touches on workforce development...

Comments  (1)


Smarter Security Steps Part 2: Information Management

September 08, 2011 Added by:Brian McGinley

Make sure your company has a policy and operational execution against that policy that looks at data protection, remote access and computer account privileges during terminations that provide for securing company property, password changeovers within the company and outside vendors...

Comments  (0)


Card Brand Merchant Level Tables

September 08, 2011 Added by:PCI Guru

Sometimes you can negotiate with your processor or acquiring bank to get your multiple legal entities treated as a single entity and do one compliance filing. The key is that you need to negotiate this change before you start your PCI compliance efforts, not after the fact...

Comments  (1)


Facebook Implements New Privacy Feature

September 08, 2011 Added by:Headlines

Users will be prompted when another member tags them, and the content will not be displayed on the users wall publicly until approved. The new feature allows members more active control over the type of content they can be associated with at the request of other Facebook users...

Comments  (0)


Reverse Engineering the RSA Malware Attack

September 08, 2011

In March of this year, RSA - the security division of EMC - had announced they suffered a breach stemming from a "sophisticated attack" on their network systems. In this video, security expert J. Oquendo attempts to reverse engineer the attack using open source forensics tools...

Comments  (0)


WikiLeaks: An Insider's Perspective

September 08, 2011 Added by:John Linkous

Many asked why, given that Agencies had the latest incident and event management technologies, the breach had not at least been spotted sooner - even if they were unable to prevent it completely. What followed is a response unlike any I've seen to date in the commercial sector...

Comments  (0)


Comodo: Iran Responsible for Rogue Digital Certificates

September 08, 2011 Added by:Headlines

"The attack on Diginotar doesn't rival Stuxnet in terms of sophistication or coordination. However, the consequences of the attack on Diginotar will far outweigh those of Stuxnet. The attack on Diginotar will put cyberwar on or near the top of the political agenda of Western governments..."

Comments  (0)


Taming the Cloud - Provisioning and Security

September 08, 2011 Added by:Rafal Los

Whether deploying IaaS, PaaS, or SaaS, provisioning is the key to having a safe, secure, and stable environment. With the fragility and complexity of today's cloud deployments, you can't afford a single error which could unwind everything. I seem to recall this happening to a Cloud vendor recently...

Comments  (0)


Take the CyberLympics Ethical Hacking Challenge

September 08, 2011 Added by:Headlines

The Global CyberLympics - the world’s first international team ethical hacking championships - will be held in September across six continents. It is endorsed by the U.N.’s cybersecurity executing arm – IMPACT - and the EC-Council is sponsoring over $400,000 worth of prizes...

Comments  (0)


The Growth of Cyber Terror

September 07, 2011 Added by:Craig S Wright

SCADA systems and other critical infrastructure is taken for granted and we forget just how much of our lives are managed through private systems. Exploits have been noted as being of critical concern in US government briefs. We also forget that SCADA systems are connected to the world...

Comments  (15)


California Amends Data Breach Law - For Real This Time

September 07, 2011 Added by:David Navetta

SB 24 requires the inclusion of certain content in data breach notifications, including a description of the incident, the type of information breached, the time of the breach, and toll-free telephone numbers and addresses of the major credit reporting agencies in California...

Comments  (0)