Latest Posts

09c2ababe8c6cf526240b751ff11acaa

SOC 2 for Cloud Computing

October 09, 2011 Added by:Chris Schellman, CPA, CISSP, PCI QSA

SOC 2 reports allow cloud providers to communicate information about their services and the suitability of the design and operating effectiveness of their controls to prospective and existing customers in a well-known format that is nearly identical to an SSAE 16 report...

Comments  (2)

4ed54e31491e9fa2405e4714670ae31f

Abusing Windows Virtual Wireless NIC Feature

October 09, 2011 Added by:Kyle Young

If the victim computers are part of a Windows domain and have wireless NICs, by automating Metasploit with a pass-the-hash attack and using my script, one could essentially automate deploying a series of rogue ap points throughout a domain. This would be kind of like a network worm...

Comments  (1)

94ae16c30d35ee7345f3235dfb11113c

The Lexicon Wars and Impediments to Cybersecurity

October 08, 2011 Added by:Joel Harding

What is cyberwar? Someone claimed that denying, degrading or destroying data on a network would be cyberwar. I admit, that would be bad, but by no stretch of the imagination would one single incident be considered a cyberwar. Of course, it honestly would depend on the targeted network...

Comments  (7)

C6dd57cb9806eadc9f7915a90d91aa92

Security Risk Management

October 07, 2011 Added by:Tony Campbell

The author explores the risk management lifecycle, describes methodologies for qualifying and quantifying risk and levels of risk, and provides examples of how these can best be described and/or presented at a senior management level...

Comments  (0)

37d5f81e2277051bc17116221040d51c

Study Shows Banks Blocking More Fraud

October 07, 2011 Added by:Robert Siciliano

The FS-ISAC consists of a group of banks that shares threat information and interacts with the federal government on critical infrastructure issues. Its members include Citi, Prudential, Bank of America, JPMorgan Chase, Goldman Sachs and Wells Fargo, among others...

Comments  (0)

Bbb285308604bc5fbb9b43590d0501f6

Don't Miss the Security BSides Kansas City Event

October 07, 2011 Added by:Security BSides

Each BSides is a community-driven framework for building events for and by information security community members. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening. You don’t want to miss it...

Comments  (0)

53692ae1a8e713373b8a487ce89ee3e2

OS X Lion Captive Portal Hijacking Attack

October 07, 2011 Added by:Tom Eston

OS X Lion's new feature poses a security risk. When an OS X laptop joins a network which contains a captive portal, a window is automatically opened to prompt the user to interact with it. This presents a major security risk if an attacker can control this functionality...

Comments  (1)

69dafe8b58066478aea48f3d0f384820

ISA Embraces House Recommendations on Cybersecurity

October 07, 2011 Added by:Headlines

"The system they have recommended provides a pathway for a sustainable system to of cyber security that will result in securing our nations critical infrastructure while stimulating the IT engine that has provided most of the good news our economy has experienced over the last 20 years..."

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

Notes on the 2011 Verizon Breach Report

October 07, 2011 Added by:PCI Guru

Breaches occur because organizations get sloppy and, even with defense in depth in their security, there are too many controls where execution consistency has dropped leaving gaping holes in the various levels of security. However, once addressed, attackers will find other ways in...

Comments  (1)

7fef78c47060974e0b8392e305f0daf0

Where Will 2012’s Online Threats Come From?

October 07, 2011 Added by:Infosec Island Admin

A recent survey released by PWC cites that over 75% of organizations are in the dark when it comes to online threats to their businesses. Given this rather alarming statistic, we wanted to point you towards two relevant SC magazine webcasts on finding and pre-empting hidden threats...

Comments  (0)

8c4834b99847b9f7c9ee94b45df086f9

Trusted Computing from Portable Devices

October 06, 2011 Added by:Emmett Jorgensen

There are many different ways that secure devices are being used as platforms for collaborative technologies to address growing market requirements. The ability to secure activities anywhere, at any time, from any machine is something that will gain traction over the next few years...

Comments  (0)

B09c361cbdc6cf629affdc7db30a186d

The Dark Side of Collaboration

October 06, 2011 Added by:Steven Fox, CISSP, QSA

Realizing the value of security investments requires teamwork. However, corporate teams play in a competitive arena that demands flexibility and responsiveness. Managers must be ready to recognize when to use tactical collaborations for the benefit of team strategy...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

SpyEye Trumps Mobile Banking SMS Security Systems

October 06, 2011 Added by:Headlines

"This latest SpyEye configuration demonstrates that out-of-band authentication systems, including SMS-based solutions, are not fool-proof... Using a combination of MITB technology and social engineering, fraudsters... fly under the radar of fraud detection systems..."

Comments  (0)

C70bb5cfd0305c9d18312d92f820c321

Risk Management: Context is the Key

October 06, 2011 Added by:Gabriel Bassett

There is a core problem in risk management. Technical people tend towards the “every security risk is important enough to fix” mantra, focusing on technical details and over-rating risks. Management is used to much more tolerant definitions of likelihood and impact quantifiable in dollars...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

AmEx Secures Website Admin Debugging Panel Error

October 06, 2011 Added by:Headlines

“An attacker could inject a cookie stealer combined with jQuery’s .hide() and harvest cookies which can, ironically enough, be exploited by using the admin panel provided by sloppy American Express developers," Femerstrand explained in a blog post...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

Anonymous, Wall Street and Disinformation

October 06, 2011 Added by:Infosec Island Admin

FUD is a great motivator, and an attack on the NYSE or NYNEX, or any of the players here could have ripples later on. Those ripples would come in the form of people selling off their stocks, companies and corporations as well, and the net effect could potentially be large losses in the market...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Researchers Develop Enhanced Security for Cloud Computing

October 06, 2011 Added by:Headlines

SICE - A Hardware-Level Strongly Isolated Computing Environment for x86 Multi-core Platforms: "We have significantly reduced the surface' that can be attacked by malicious software. Previous techniques have exposed thousands of lines of code to potential attacks..."

Comments  (0)

71d85bb5d111973cb65dfee3d2a7e6c9

Happy Birthday MS08-067

October 06, 2011 Added by:f8lerror

As a Penetration Tester, this vulnerability is sought out because it is highly reliable and very low risk. As an attacker, the simple fact is the attack still works. The vulnerability was widely used in conjunction with the conficker worm, which affected more than seven million systems...

Comments  (3)

959779642e6e758563e80b5d83150a9f

Why Less Log Data is Better

October 05, 2011 Added by:Danny Lieberman

One of the crucial phases in estimating operational risk is data collection: understanding what threats, vulnerabilities you have and understanding not only what assets you have (digital, human, physical, reputational) but also how much they’re worth in dollars...

Comments  (1)

065b7cfbbb03ac9d18cbf5ed0615b40a

Optimization: What's a Steiner Tree?

October 05, 2011 Added by:Stefan Fouant

Steiner Tree optimizations are very useful where an ingress PE must send large amounts of data to multiple PEs and it is preferable to ensure that overall bandwidth utilization is reduced, perhaps because of usage-based billing scenarios which require that overall circuit utilization be reduced...

Comments  (0)