June 03, 2011 Added by:Infosec Island Admin
I can hear certain people in the community now groaning at the use of the APT acronym but let me put it to you all straight. If there was a hack on LMCO, maker of the JSF and numerous black type projects to boot, then it was likely China or another nation state’s actors...
June 02, 2011 Added by:Kelly Colgan
We often use words like “robust,” “comprehensive,” and “strong” to describe security programs. Nice as that may sound, security isn’t only the strength of a system, but about the mindset of the people working it. Have they asked all the questions? Have they covered all their bases?
June 02, 2011 Added by:J. Oquendo
When it comes to mission critical, sensitive information, why are government officials using anything outside of vetted networks, connections, and / or software. This is not only puzzling but borders on outright stupidity and negligence...
June 02, 2011 Added by:Luis Corrons
In the security industry we don’t usually look at copyright violations, but at cybercriminals that want to steal money and information. The fight takes place in a number of fields, but we shouldn’t forget that we are not police officers even though we are fighting against the same bad guys...
June 02, 2011 Added by:Headlines
"We are obviously very concerned about Google's announcement regarding a campaign that the company believes originated in China to collect the passwords of Google email account holders... These allegations are very serious... We're looking into them," said Secretary of State Hillary Clinton...
June 02, 2011 Added by:Danny Lieberman
Many times we feel secure but are not, or don’t feel secure when we really are. A company may feel secure behind a well-maintained firewall but if employees are bringing smart phones and flash drives to work, this is an attack vector which may result in a high level of risk...
June 02, 2011 Added by:Headlines
"It remains to be seen how much time Anonymous has for pursuing such paths. The longer these attacks persist the more likely countermeasures will be developed, implemented, the groups will be infiltrated and perpetrators persecuted..."
June 02, 2011 Added by:Lee Munson
If you are a computer security consultant, there is no better tool to use than Backtrack. If you own a company that has to store important data, then it is vital for you to have a tool like this so your security people can test your network with the same tools the bad guys are using...
June 02, 2011 Added by:Dejan Kosutic
This is the most detailed ROSI Calculator that can be found on the Internet, and it aims to calculate as precisely as possible whether the potential decrease of security incidents (i.e. the risk mitigation) will outweigh the investment in security measures. It's completely free...
June 01, 2011 Added by:Robb Reck
Information security works differently than IT. Rather than focusing on how to build a system that can meet a requirement, the security-minded will focus on how to build a system that cannot do anything but meet a requirement. The difference is subtle, but critically important...
June 01, 2011 Added by:Rob Fuller
When trying to dump password hashes on a Windows 2008 R2 64 bit box I constantly run into the "The parameter is incorrect" error in Meterpreter. Well, with a bit of migration you'll be back to passing the hash. Here is how, with a bit of the thought process first...
June 01, 2011 Added by:Thomas Fox
The questions are not intended to be an exact checklist, but rather a way to provide insight and stimulate discussion on the topic of compliance. The questions provide directors with a basis for critically assessing the answers they get and digging deeper as necessary...
June 01, 2011 Added by:Headlines
“We must plan, train, exercise and operate in a way which integrates our activities in both cyber and physical space. We will grow a cadre of dedicated cyber experts to support our own and allied cyber operations and secure our vital networks...”
June 01, 2011 Added by:Rafal Los
I've been learning a lot lately from one of my senior colleagues who's been doing this software security assurance thing much longer than I have, and the more time I spend with him the more I understand that it all comes down to one very simple question: Why?
June 01, 2011 Added by:Rebecca Herold
Covered entities and business associates would need to account for disclosures of PHI in electronic health records that are part of a designated record set for treatment, payment and health care operations in addition to the existing requirements for accounting for access to PHI...
May 31, 2011 Added by:J. Oquendo
It should come as no surprise that ModSecurity is not an offensive tool. Far from it however, I am going to use it as a method to redirect my targets over to my Metasploit machine. My goal is to explain the use a of defensive tool for offensive purposes...
May 31, 2011 Added by:Infosec Island Admin
You have the right to privacy in your papers and your domicile, but does this actually apply to digital papers, computers, hard drives, and anything you pass over telco lines to the cloud? Or is it considered public domain like your trash being placed at the end of your driveway?
May 31, 2011 Added by:Kelly Colgan
The proposed bill is nothing more than an outdated, bandwagon approach that creates more red tape for businesses, weakens state law, and overprotects small- to medium-sized companies that suffer data breaches. Bottom line: It offers little, meaningful help to the consumer...
May 31, 2011 Added by:Headlines
"We have a solution that can address the security and compliance needs of customers in process control industries including electric power utilities, public works and oil & gas. You just cannot get that level of capability, reliability and integration with legacy IT or ICS solutions..."