Latest Posts


Fake Security Firms Will Be Exposed

June 09, 2011 Added by:Boris Sverdlik

Joe Black has built a reputation around certifications and misinformation. He has a very interesting career, that we can trace back to his days at Wright Printing in 2005 according to his LinkedIn Profile which is also about the time he was supposedly enrolled at ITT...

Comments  (9)


To Disclose or NOT to Disclose...

June 09, 2011 Added by:Andrew Baker

The issue of disclosure is a sensitive one, and it is important not to feed more bad guys with more information that will allow them to have greater success, but it is abundantly clear that two months of saying essentially nothing is at least just as bad as saying too much, if not worse...

Comments  (0)


Citigroup Suffers Breach of Customer Information

June 09, 2011 Added by:Headlines

Citigroup has confirmed an unauthorized network access event may have compromised the account details of as many as two hundred thousand North American banking clients. Representatives said they detected the breach of the Citi Account Online network in May through routine monitoring...

Comments  (0)


PCI Self-Assessment Questionnaires

June 09, 2011 Added by:PCI Guru

Where most organizations go wrong with the original SAQ C is when they have an integrated POS that connects back to a corporate network. Remote management is allowed in this environment, but the entity that remotely connects must not have uncontrolled access to the POS environment...

Comments  (0)


Sony Breach Highlights Secure Password Storage

June 08, 2011 Added by:Emmett Jorgensen

Secure password storage is crucial to any secure system. From sites such as Sony to operating systems and data backups on encrypted hard drives, if the password is in plain text your account and data is not safe. After all, why try to guess a password if you can just copy and paste it?

Comments  (0)


Solution Architecture: A Critical Service or Sales Talk?

June 08, 2011 Added by:Rafal Los

Over time the term has become widely over-used to the point where meaning is largely lost, and sadly most people on the buyer side of the aisle think it's just some marketing term or a way to get them to buy more of whatever widget is being sold...

Comments  (0)


APTs Require a Comprehensive Architecture

June 08, 2011 Added by:Rahul Neel Mani

APTs are becoming more and more complicated. However, there are certain security measures that organisation still need to take. Take the case of Epsilon data breach, or RSA breach. Hacked using simple social engineering tools like spear phishing and phishing e-mail to succeed...

Comments  (0)


Disabling Facebook's Facial Recognition for Privacy

June 08, 2011 Added by:Headlines

What is truly annoying about Facebook's setup from a privacy perspective is that users have very little control over what other members post about them, particularly when it comes to photos and tagging, and the facial recognition feature further aggravates the situation...

Comments  (0)


FBI Recruits One in Four U.S. Hackers as Informants

June 08, 2011 Added by:Headlines

"The FBI are always there. They are always watching, always in the chatrooms. You don't know who is an informant and who isn't, and to that extent you are vulnerable..."

Comments  (0)


Application Software in the Cloud – Power to the People

June 08, 2011 Added by:Danny Lieberman

We all use the term ”IT Governance” as if security of data was dependent on policy. Since we have lots of IT governance and lots of data breaches, we may safely assume that writing procedures while the hackers attack software and steal data is not an effective security countermeasure...

Comments  (0)


How Secure is RSA’s SecurID?

June 08, 2011 Added by:Headlines

Once installed on the authentication server, most of the cryptographic protection of the seed values could be removed by anyone with sufficient time and effort, and in fact the previous secret 64-bit algorithm was revealed about 10 years ago through such reverse engineering...

Comments  (0)


Flying Blind in Critical Infrastructure

June 07, 2011 Added by:Chris Blask

Once you get your head around the idea that you cannot trust your cyber devices you find it fits with existing industrial ideology quite well. The answer is to do your best to build a reliable cyber system - just as you do with the physical assets - then monitor it like a convicted criminal...

Comments  (2)


X.509 Certificates vs. Webs Of Trust (e.g., PGP, SSH)

June 07, 2011 Added by:Jonathan Lampe

My belief is that WOT is fading, not just because PGP Corp was acquired, but also because PGP Corp itself was making or had made several technology decisions to integrate X.509 into PGP encryption and signing processes and even to act as an X.509 certificate authority...

Comments  (2)


Find Out Who Has Accessed Your Health Records

June 07, 2011 Added by:David Navetta

Access reports would include the date and time of access, and the name of the individual or entity accessing an individual’s health information. Additionally, an access report would include a description of the information that was accessed and of the action taken by the user...

Comments  (0)


UPDATED: LIGATT's LulzSec Investigation PR Was Fake

June 07, 2011 Added by:Headlines

UPDATE: LIGATT Security's Gregory Evans returned Infosec Island's phone call regarding an article we ran based on a press release issued at Free Press Release. Evans confirmed that the press release was fake, and was not drafted or submitted my LIGATT security staff as indicated...

Comments  (4)


Five Reasons Why Your Workplace Blocks Facebook

June 07, 2011 Added by:Global Knowledge

Don’t you just love Facebook? Whether it’s adding new members to Mafia Wars, finding new busboys for Café World, or cyberstalking your ex-girlfriend’s new boyfriend, Facebook has endless options to keep you entertained. If only you could logon at work, then your life would be complete...

Comments  (0)


Attribution Problems Hinder U.S. Cyberwar Strategy

June 07, 2011 Added by:Headlines

"The military is setting itself up for failure because attribution is difficult, and it's easy to spoof your identity thereby falsely implicating the wrong group. A military attack could be misplaced... but at the same time not responding will now be seen as a sign of weakness..."

Comments  (0)


China Linked to RSA and Defense Contractor Breaches

June 07, 2011 Added by:Headlines

"If it's any kind of military espionage, military adversaries are going to be high on the list. The question then is who in China--is it government agents or independent contractors selling to the Chinese government?" asked Veracode's Chris Wysopal...

Comments  (3)


China’s Rise from Hacking To Digital Espionage

June 06, 2011 Added by:Infosec Island Admin

China's Dark Visitor movement of the 1990′s has morphed into a government espionage wing. What was once a loosely affiliated group of patriotic hackers has been honed by the Peoples Liberation Army into a force to be reckoned with on the stage of digital espionage and data theft...

Comments  (0)


Cloud Computing and ISO 27001 / BS 25999

June 06, 2011 Added by:Dejan Kosutic

Although the risks related to cloud computing are high, it doesn't mean they cannot be mitigated. Therefore, use your common sense when choosing your cloud computing provider - if you don't trust your provider fully, then don't entrust them with your sensitive information...

Comments  (0)