Latest Posts

A6f6ba95b73de19f947cf4eceecb2bed

Patching WordPress Username Disclosure

June 05, 2011 Added by:Ryan Dewhurst

According to OSVDB 55713 this vulnerability was reported to WordPress by Core Security Technologies in June 2009. At the time of writing, the latest version of WordPress is 3.1.3 and is still vulnerable to this vulnerability. Here is how to patch the vulnerability yourself...

Comments  (2)

F29746c6cb299c1755e4087e6126a816

Understanding Network Forensics Makes Security Smarter

June 05, 2011 Added by:Kelly Colgan

Recovering successfully from a breach is definitely something to shoot for. But nothing makes executives smile, or helps build back customer confidence, more then putting the bad guys behind bars. It makes for good news headlines. Plan for it...

Comments  (0)

4ff49873e3fed9a24adf0d37ae00b780

Why Your Router is the Weak Point of Your Home Security

June 05, 2011 Added by:Lee Munson

When it comes to the home router while the device is very useful, it is also riddled with many security problems. This is a real weakness in the home network. Most people do not know how the router works, so they also have no idea that they must make security adjustments to the device...

Comments  (2)

F520f65cba281c31e29c857faa651872

GRC is Not a Tool But a Business Enabler

June 04, 2011 Added by:Rahul Neel Mani

GRC is not an out of the box solution, which would immediately make you compliant. It is a tool that will allow you to collect information, report to you, help you to make changes in it, put the feedback into the new policy, see how much variance exists...

Comments  (0)

44a2e0804995faf8d2e3b084a1e2db1d

Security Awareness and Why Things Aren't Improving

June 03, 2011 Added by:Don Eijndhoven

While the use of internet technology has grown exponentially over the last decade, users have not grown much wiser in terms of security. Largely this is because the populace simply does not see the danger in having their online identities compromised; its too abstract a notion...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Security Vendor Vulnerabilities: It's All About Reaction Time

June 03, 2011 Added by:Rafal Los

Holding a vendor accountable is understandable, since that is their primary business. There's really no excuse when a vendor of security products gets exploited or has a publicly disclosed exploit... well, sort of right? In the final analysis, what is it really all about?

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Believe It or Not: Hackers Hit Sony Networks Again

June 03, 2011 Added by:Headlines

"SonyPictures.com was owned by a very simple SQL injection, one of the most primitive and common vulnerabilities... From a single injection, we accessed EVERYTHING. Why do you put such faith in a company that allows itself to become open to these simple attacks?"

Comments  (0)

65be44ae7088566069cc3bef454174a7

HIPAA: Designated Record Sets - Know What They Are

June 03, 2011 Added by:Rebecca Herold

When trying to understand HIPAA regulations, and how to put them into practice within an organization, I’ve found it is best to break them down into bite-sized chunks, starting from the basics and building from there. Today I want to spend a little time looking at what makes up a DRS...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

One in Three Employees Admit Taking Risks with Data

June 03, 2011 Added by:Headlines

"Businesses can make the mistake of viewing data security as an on-site issue. Often the risks can lie with physical loss or with personal computers. Firms should identify how their staff transfer and handle business documents outside of the work-place, and minimize the risks..."

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

RSA Tokens, Lockheed Martin, APT, OH MY!

June 03, 2011 Added by:Infosec Island Admin

I can hear certain people in the community now groaning at the use of the APT acronym but let me put it to you all straight. If there was a hack on LMCO, maker of the JSF and numerous black type projects to boot, then it was likely China or another nation state’s actors...

Comments  (0)

F29746c6cb299c1755e4087e6126a816

Game Over: Cloud Computing and the Sony Breach

June 02, 2011 Added by:Kelly Colgan

We often use words like “robust,” “comprehensive,” and “strong” to describe security programs. Nice as that may sound, security isn’t only the strength of a system, but about the mindset of the people working it. Have they asked all the questions? Have they covered all their bases?

Comments  (0)

850c7a8a30fa40cf01a9db756b49155a

Cybersecurity and the U.S. House of Nonsense

June 02, 2011 Added by:J. Oquendo

When it comes to mission critical, sensitive information, why are government officials using anything outside of vetted networks, connections, and / or software. This is not only puzzling but borders on outright stupidity and negligence...

Comments  (3)

69fd9498e442aafd4eb04dfdfdf245c6

The Security Industry’s Dirty Linen

June 02, 2011 Added by:Luis Corrons

In the security industry we don’t usually look at copyright violations, but at cybercriminals that want to steal money and information. The fight takes place in a number of fields, but we shouldn’t forget that we are not police officers even though we are fighting against the same bad guys...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

China Denies Orchestrating Gmail Hijacking Campaign

June 02, 2011 Added by:Headlines

"We are obviously very concerned about Google's announcement regarding a campaign that the company believes originated in China to collect the passwords of Google email account holders... These allegations are very serious... We're looking into them," said Secretary of State Hillary Clinton...

Comments  (0)

959779642e6e758563e80b5d83150a9f

The Importance of Data Collection in Risk Assessments

June 02, 2011 Added by:Danny Lieberman

Many times we feel secure but are not, or don’t feel secure when we really are. A company may feel secure behind a well-maintained firewall but if employees are bringing smart phones and flash drives to work, this is an attack vector which may result in a high level of risk...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

NATO Threatens to "Persecute" Anonymous Hacktivists

June 02, 2011 Added by:Headlines

"It remains to be seen how much time Anonymous has for pursuing such paths. The longer these attacks persist the more likely countermeasures will be developed, implemented, the groups will be infiltrated and perpetrators persecuted..."

Comments  (0)

4ff49873e3fed9a24adf0d37ae00b780

A Review of the New Backtrack 5 Operating System

June 02, 2011 Added by:Lee Munson

If you are a computer security consultant, there is no better tool to use than Backtrack. If you own a company that has to store important data, then it is vital for you to have a tool like this so your security people can test your network with the same tools the bad guys are using...

Comments  (0)

9259e8d30306ac2ef4c5dd1936e67634

Return on Security Investment (ROSI) Calculator Launched

June 02, 2011 Added by:Dejan Kosutic

This is the most detailed ROSI Calculator that can be found on the Internet, and it aims to calculate as precisely as possible whether the potential decrease of security incidents (i.e. the risk mitigation) will outweigh the investment in security measures. It's completely free...

Comments  (0)

C787d4daae33f0e155e00c614f07b0ee

Focusing on Success or Failure in IT and Infosec

June 01, 2011 Added by:Robb Reck

Information security works differently than IT. Rather than focusing on how to build a system that can meet a requirement, the security-minded will focus on how to build a system that cannot do anything but meet a requirement. The difference is subtle, but critically important...

Comments  (0)

D8853ae281be8cfdfa18ab73608e8c3f

Dumping Hashes on Win2k8 R2 x64 with Metasploit

June 01, 2011 Added by:Rob Fuller

When trying to dump password hashes on a Windows 2008 R2 64 bit box I constantly run into the "The parameter is incorrect" error in Meterpreter. Well, with a bit of migration you'll be back to passing the hash. Here is how, with a bit of the thought process first...

Comments  (0)