April 07, 2011 Added by:Anthony M. Freed
In the case of defending critical infrastructure, translating security concerns for the CxO level needs to go beyond merely conveying network defense efforts in terms of mitigating enterprise risk, the conversation needs to touch on the issue of strengthening our national security...
April 07, 2011 Added by:Infosec Island Admin
A source has sent in some information on the DoS attacks ongoing at Sony, and I have to say I was surprised that the Anon’s are still using the LOIC. There is some interesting information in the data sent, Such as a server called: "staff.anonops.ru vlad.anonops.ru". Really? Staff???
April 07, 2011 Added by:Headlines
"When we put ourselves in state of chaos like this, and this is what it will be, think of the opportunities for striking through the APTs (advanced persistent threats), they can pick and choose the targets with much less security behind them..."
April 07, 2011 Added by:Global Knowledge
As users have to create several passwords for different systems and change them every 60 or 90 days, it’s little wonder they default to the least complicated password their systems allow and make only minor variations when forced to change them. Unfortunately, such passwords are easy to guess...
April 06, 2011 Added by:Robb Reck
Next time an information security expert tells you that a system is secure ask him, “What kind of secure?” We know that choices are always made and vulnerabilities always left unmitigated. Knowing which ones to address and which to accept is what makes a security program effective...
April 06, 2011 Added by:Ron Lepofsky
Pro-active DLP products stop potentially threatening situations from developing, and if they do occur it blocks, encrypts, and suggests reconfigurations on the fly. More comprehensive enterprise versions are highly integrated with many of these features all packed into one product...
April 06, 2011 Added by:Wayde York
I was playing with an application to spoof incoming caller ids on my Android-based phone and was attempting to fool my nephew with a crank call. Turns out, when I called his phone with his own number as the spoofed caller id, it went straight into his voice mail controls...
April 06, 2011 Added by:Robert Siciliano
Americans have become accustomed to handing over the last four digits of their SSN as an identifier. The coder or marketer at Google who believes it’s reasonable to request the last four digits of children’s SSNs probably readily shares his or her number, which is not a good idea...
April 06, 2011 Added by:Dan Dieterle
WPA2 Enterprise is the best if your organization supports it, but WPA2 Personal is great for home and small offices. Do not use WEP. It was cracked a long time ago, and an attacker does not even have to crack it, as the WEP key can be passed just like NTLM passwords...
April 06, 2011 Added by:Danny Lieberman
In order to improve IT security countermeasure effectiveness in the Federal Government, the OMB should reduce base payments to contractors who provide IT security services and link their compensation to a reduction in the damage caused to government data and network assets...
April 06, 2011 Added by:Headlines
There is more than a touch of irony to the notion that a "jailbroken" PlaySation3 running an unsanctioned Linux operating system, the very impetus for the legal action brought by Sony against Hotz and Egorenkov, would be employed in a DDoS attack against Sony domains...
April 05, 2011 Added by:Jamie Adams
System admins must take into account all methods in which software may get installed onto systems. A strong change management program and strict access is required. Unfortunately, I have yet to experience an all-encompassing software version scanner and patch management tool...
April 05, 2011 Added by:PCI Guru
The ASV training program has blindsided the ASV community as it was a total surprise. Yes, there has been talk over the years at the Community Meetings and in other venues regarding ASV qualifications and training, but nothing ever seemed to come from those discussions...
April 05, 2011 Added by:Ben Kepes
Unfortunately, in the light of what can only be called FUD on the part of more traditional vendors, it is natural that those building clouds in the most efficient (read cheapest) of ways, fight back against some of that spin...
April 05, 2011 Added by:Headlines
The U.S. Army has confirmed that accused WikiLeaks source Bradley Manning had installed data-mining software on his SIPRnet-linked computer during the same period he is suspected of harvesting hundreds-of-thousands of classified government documents...
April 05, 2011 Added by:Rafal Los
Multi-factor authentication systems that use one-time passwords give the attacker a very small window within which to strike. They have that one session, and then they have to orchestrate the attack again, whereas with a password compromise you can keep attacking over and over...
April 05, 2011 Added by:Ben Zvaifler
A new wave of cyber warfare has taken form, targeting our information and threatening the stability of our nation's government and corporations worldwide. Security and privacy professionals have answered with innovative techniques in a constantly shifting environment...
April 04, 2011 Added by:J. Oquendo
Is there a solution to the ever continuing FUD machine? Cyberwarfare is over-hyped and misrepresented. The fact is, even responsible individuals get it wrong consistently. This is how and why we fail, and will continue to fail, to defend against "computer related" attacks...
April 04, 2011 Added by:David Navetta
Shortly after the FTC Privacy Framework's release and its “Do Not Track” proposal, the response was robust to say the least. Several major web browsers announced support for a browser-based means of defeating persistent online tracking...
April 04, 2011 Added by:Robert Siciliano
Spyware is sold legally in the United States. This software records chats, emails, browsing history, usernames, passwords, and basically everything a person does on that PC. Some spyware programs can record everything in a video file, which can then be accessed remotely...