Latest Posts

F29746c6cb299c1755e4087e6126a816

Yale Gets Google Dorked

August 24, 2011 Added by:Kelly Colgan

Knowing where your data is located, what are the access control mechanisms, and having an audit process to verify that resources are properly used, is generally part of every cyber risk program. When one of them fails, a data breach is inevitable...

Comments  (0)

37d5f81e2277051bc17116221040d51c

What Identity Theft Protection Is and Is Not

August 24, 2011 Added by:Robert Siciliano

A true identity theft protection service monitors your identity by checking credit reports and scanning the Internet for your personal information. It looks out for your Social Security number, and if something goes wrong, has people who’ll work with you to resolve the problem...

Comments  (2)

69dafe8b58066478aea48f3d0f384820

Black Hat USA 2011 Presenters - A Live Webcast

August 24, 2011 Added by:Headlines

The organizers of the Black Hat USA 2011 conference which took place earlier this month are inviting those who attended and those who missed the event to join them for a live webcast featuring some of the conference's speakers. The free webcast airs on Thursday, Aug 25, 2011...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

EC-Council Certified Ethical Hacker v7 Discounts

August 24, 2011 Added by:Infosec Island Admin

Receive up to a 20% discount on the EC-Council Certified Ethical Hacker v7 course. Students will learn how intruders escalate privileges, what steps can be taken to secure a system, Intrusion Detection, Policy Creation, Social Engineering, DDoS Attacks, Buffer Overflows and Virus Creation...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Caveman to Spaceman - Evolutionary Stages of Infosec

August 24, 2011 Added by:Rafal Los

We've given up on the notion of securing things and are starting to focus on the idea that security is a journey, and while we're keeping things safe to a pre-defined level of risk tolerance, we need to minimize the damage when the bad people find their ways in and start to kick down doors...

Comments  (2)

69dafe8b58066478aea48f3d0f384820

Consumers Still Prefer Convenience Over Security

August 24, 2011 Added by:Headlines

"Any change to the way a customer accesses their account is going to take a while to get used to. But this small extra step delivers such an increase in security to our internet banking users, that we are confident we have got the balance right," an HSBC official said...

Comments  (4)

959779642e6e758563e80b5d83150a9f

Message Queuing Insecurity

August 24, 2011 Added by:Danny Lieberman

Well placed attacks on message queues in an intermediary player, for example a payment clearing house, could result in the inability of the processor to clear transactions but also serve as an entry point into upstream and downstream systems. These attacks can and do cascade...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Zeus Trojan Spreading via Facebook Friend Requests

August 24, 2011 Added by:Headlines

The malware is spreading by sending messages through Facebook notifications. When a user clicks the link to approve a "friend" request it opens a page that invites him to install the what is purported to be the latest version of Adobe Flash Player, but actually installs the malware...

Comments  (0)

6d117b57d55f63febe392e40a478011f

Black Hat USA 2011: Rainer Enders - CTO - NCP Engineering

August 23, 2011

Rainer Enders is the CTO at NCP Engineering, and is interested in solving security related issues on all levels of data transfer and communication. NCP engineering delivers software that allows enterprises to rethink their secure remote access and overcome the network complexities...

Comments  (0)

4085079c6fe0be2fd371ddbac0c3e7db

Red Hat 5 STIG: Network Settings

August 23, 2011 Added by:Jamie Adams

I would caution administrators from rushing to add all because most are defaults. The settings must be implicitly set in the sysctl.conf config file. My recommendation is to review the entire STIG in order to define a complete sysctl.conf file, so that it can be deployed and tested all at once...

Comments  (0)

B32b392ce3a707f05f4838c48c67d9cf

Sentence Your Password

August 23, 2011 Added by:Christopher Hudel

One risk is that by telling people to "Sentence their password", they may be steered unconsciously to create sentences that make sense which will significantly weaken the power of apparently random words. And of course, apparently random words may ultimately prove not to be too random...

Comments  (0)

4c1c5119b03285e3f64bd83a8f9dfeec

Microsoft and Amazon Outages – The Need for More Redundancy

August 23, 2011 Added by:Ben Kepes

I’ll not delve into the issues around failover – clearly the lightning strike was a catastrophic event that overcame the protection that both providers have against upstream events. But imagine an uber-catastrophic event that knocked out the entire Dublin Amazon data center...

Comments  (0)

37d5f81e2277051bc17116221040d51c

Mobile Banking More Secure than PC E-Commerce?

August 23, 2011 Added by:Robert Siciliano

Over the past decade criminals have learned the ins and outs of exploiting online banking using PC’s. In the past 15 years or so, the desktop computer has been hacked in every possible way, making the computer and the data it contains and transmits extremely vulnerable to fraud...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

A Look Inside the Anonymous DDoS Attack Code

August 23, 2011 Added by:Headlines

"Many think of DDoS as a computer network such as a bot network of rogue or infected machines which carry out the orders of whoever controls them. In the case of this specific code, Anonymous only needed to control a single system to begin the attack. The rest is carried out by unwitting accomplices..."

Comments  (0)

Aecf1189abe745df32ec68f5864649a6

Financial Analysis for Infosec Professionals

August 23, 2011 Added by:Nick Owen

My goal is to provide infosec professionals a basis for discussing risks with business professionals - especially finance people - and to dispel some myths. The goal of this post is to lay some groundwork for proper financial analysis techniques - or at least minimize the dumber ones...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Skype Vulnerable to HTML/JavaScript Code Injection

August 23, 2011 Added by:Headlines

"Does it make sense to allow users to 'embed' HTML code in their Skype profile and especially in those 'phone number' fields? Also, there is no option to define any HTML code in Skype client. I was able to find those bugs with Linux Skype client. I guess they don't focus so much on that client..."

Comments  (0)

A966b1b38ca147f3e9a60890030926c9

The Unfinished State of our National ICS Reporting System

August 23, 2011 Added by:Chris Blask

The rather petulant tone of the advisory indicates problems with the way our system is setup as well as insufficient process and staffing being applied to outbound communications. Certainly, advisories with content and tone like this one are not a step in the right direction...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Chinese Documentary Reveals Cyber Attack Software

August 23, 2011 Added by:Headlines

"Now we've got proof. They're also extending their persecution of Falun Gong overseas, attacking a civil website in the U.S. These are the clear messages revealed in these six seconds of video." said Jason Ma, a commentator for New Tang Dynasty Television...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Cryptography for Emerging Technologies and Applications

August 23, 2011 Added by:Headlines

The National Institute of Standards and Technology (NIST) is hosting a workshop on Cryptography for Emerging Technologies and Applications that is intended to identify the cryptographic requirements for emerging technologies and applications...

Comments  (0)

6d117b57d55f63febe392e40a478011f

Black Hat USA 2011: Alex Quilter - Product Manager - Qualys

August 22, 2011

Qualys is the only security company that delivers these solutions through a single Software-as-a-Service platform: QualysGuard'. All of Qualys' on demand solutions can be deployed within hours anywhere around the globe, providing customers an immediate view of their security and compliance posture...

Comments  (0)