Latest Posts

Ebb72d4bfba370aecb29bc7519c9dac2

PCI DSS eCommerce Questions Answered

May 20, 2011 Added by:Anton Chuvakin

All data is potentially under risk – but payment card data - and now ACH credentials - are easier to profit from if you are a criminal. Many companies use PCI DSS to learn about security and then expand their knowledge to protect other kinds of data, beyond the card numbers.,,

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Symantec: SMB's Lack Understanding of Mobile Security

May 20, 2011 Added by:Headlines

The study also found that 23% of respondents believe allowing employees to use the mobile device of their choice has no significant impact on the overall security of the company's networks, while 52% believe that employee choice only decreases overall security somewhat...

Comments  (0)

F520f65cba281c31e29c857faa651872

WAN Optimization and Catalysts for Cloud Deployment

May 20, 2011 Added by:Rahul Neel Mani

Amazon needs to spend time with IT professionals and put in place the right processes, hence, minimizing the risks. They also have to put in place new data centers and improve redundancy for risk management. Risks have to be covered...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

EFF Seeks Answers About Secret FBI Surveillance

May 20, 2011 Added by:Headlines

"Even officials within the Justice Department itself are concerned that the FBI's secret legal theory jeopardizes privacy and government accountability, especially considering the FBI's demonstrated history of abusing surveillance law," said EFF Senior Staff Attorney Kevin Bankston...

Comments  (0)

8c4834b99847b9f7c9ee94b45df086f9

Convenience or Security?

May 19, 2011 Added by:Emmett Jorgensen

Can mobile devices be managed without limiting their functionality and convenience? Obviously, there’s no easy answer to this question. Much of how an organization handles its security policy depends on the type of business it is and the sensitivity of the information being handled...

Comments  (0)

E313765e3bec84b2852c1c758f7244b6

Think You Can’t Afford Code/App Testing? Think Again...

May 19, 2011 Added by:Brent Huston

Today, you have a plethora of code review automation tools and source code scanners. These tools make an easy way to pick the low hanging (and sometimes higher) vulnerabilities out of your code long before it is exposed to malicious outsider/insider contact...

Comments  (1)

0a8cae998f9c51e3b3c0ccbaddf521aa

Looking Back at InterOP 2011 and Other Trade Shows

May 19, 2011 Added by:Rafal Los

The small cons are thriving, and the big trade shows are left trying to keep their attendance levels. Each attracts their own 'niche' - but we like it that way because people like me prefer to preach to the crowd who hasn't heard the message yet, and really needs to...

Comments  (0)

37d5f81e2277051bc17116221040d51c

Job Scams Up As Economy Struggles

May 19, 2011 Added by:Robert Siciliano

If you are paying attention to the economists, we aren’t out of this just yet. High unemployment is keeping scammers employed by preying on the vulnerable. Rule of thumb is if it isn’t a job that you are familiar with or a service you have heard of, it is probably a scam...

Comments  (1)

69dafe8b58066478aea48f3d0f384820

Android Privacy Flaw Exposes 99.7% of Users

May 19, 2011 Added by:Headlines

"Today we're starting to roll out a fix which addresses a potential security flaw that could, under certain circumstances, allow a third party access to data available in calendar and contacts. This fix requires no action from users and will roll out globally over the next few days..."

Comments  (0)

A7290c5bd7bc2aaa7ea2b6c957ef639b

Ponemon Study: Cloud Providers and Confidential Info

May 19, 2011 Added by:David Navetta

A majority of cloud computing providers surveyed do not believe their organization views security as a competitive advantage. Further, they do not consider security as an important responsibility and do not believe they adequately secure the confidential information of their customers...

Comments  (0)

099757b145caa6965ea51494adbc25ba

Establishing Vulnerability Management Programs

May 19, 2011 Added by:Drayton Graham

In the ever changing world of new vulnerabilities and associated threats, it is essential that an inventory is kept of the external systems, associated ports, services, and applications. If any one of these is unknown, or insecure, then the associated Risk Level changes...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Hacker Offers Insight On Sony PSN Breach

May 19, 2011 Added by:Headlines

"The depths they went indicates that this hack wasn't arbitrary... It seems likely to me that Sony got attacked through its web services first, such as the blog, and it opened up the doors to the rest of Sony's servers..."

Comments  (0)

C787d4daae33f0e155e00c614f07b0ee

Every Employee is a Security Partner

May 18, 2011 Added by:Robb Reck

By using a well-tested framework we can ensure that our organization’s security needs are adequately documented. The policies are critical, but they are only the framework. To flesh out the program we need the actual implementation, and that’s where the rest of the staff comes in...

Comments  (4)

Fc152e73692bc3c934d248f639d9e963

Draft PCI DSS v2.0 “Scorecard” Released

May 18, 2011 Added by:PCI Guru

The biggest change I have found thus far is the removal of the requirement to observe network traffic as the Network Monitoring column is gone. Prior to this point, QSAs were required to obtain network traffic via WireShark or similar tool to prove that network traffic is encrypted...

Comments  (0)

59d9b46aa00c70238bb89056cfeb96c0

How to Use Your FCPA Audit

May 18, 2011 Added by:Thomas Fox

In short, do not be afraid of the results and use Paul McNulty’s maxims of “what did you find” and “what did you do about it”. After you have completed the FCPA audit, what steps should you take? This post will explore some of the issues related to the evaluation and response...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Sony PlayStation Network Hacked Once Again

May 18, 2011 Added by:Headlines

"The hack involves the PSN web-based password reset page, where it’s said anyone can change someone else’s password using their PSN account email and date of birth—both details possibly obtained by hackers in the mid-April breach..."

Comments  (2)

924ce315203c17e05d9e04b59648a942

Granular Application Control Drives Next Gen Firewalls

May 18, 2011

Web apps in particular have become a nightmare for IT staff. Should users be allowed to use Twitter, URL shorteners like bit.ly or ur1.ca, or even Facebook? And if they do what should they be allowed to do within the app? Posting updates is one thing. Playing Mafia Wars is another...

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

How to Replace an Enterprise SIEM

May 18, 2011 Added by:Anton Chuvakin

Be prepared to keep the old SIEM running - without paying for the support contract, of course - or at least keep the old data backups – this becomes important if complete data migration is impossible due to architecture differences between the new and old SIEMs...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Geek.com Spreading Malware via Invisible iFrame

May 18, 2011 Added by:Headlines

The main page of the site - including the "Homepage" and the "About Us" section - contain an invisible iframe with JavaScript downloaded from sites contaminated by a custom set of exploits. The malicious code attempts to take advantage of vulnerabilities on the end user’s machine...

Comments  (1)

0dc5fdbc98f80f9aaf2b43b8bc795ea8

Using the Shun Command on the PIX/ASA

May 18, 2011 Added by:Global Knowledge

One command that had a fairly long history first with the PIX Firewall and now the ASA is the shun command. In this post we’ll examine this command’s history, why it’s useful, and its new-found resurgence in threat detection implementation...

Comments  (1)