Latest Posts

6d117b57d55f63febe392e40a478011f

Black Hat USA 2011: Theresa Payton - CEO - Fortalice

August 16, 2011

Theresa Payton is the Chief Advisor and CEO of Fortalice, and has over twenty years of business and technology leadership experience. From May 2006 until September 2008, Theresa worked for the Bush Administration as the White House Chief Information Officer, the first woman to hold this position...

Comments  (1)

C6dd57cb9806eadc9f7915a90d91aa92

Plagiarism and the State of Infosec Publishing

August 16, 2011 Added by:Tony Campbell

Book publishers need to up their game in terms of their quality assurance processes in order to demonstrate their true worth to their customers, something that the charlatans, such as Gregory Evans and Ali Jahangiri, will always fail to deliver upon – since these guys are not publishers...

Comments  (2)

Aecf1189abe745df32ec68f5864649a6

For Infosec Pros: How Firms Create Value

August 16, 2011 Added by:Nick Owen

My goal is to provide information security pros a basis for discussing risks with business pros. For information security pros, the goal should be to reduce the risks of cash flow streams so that the cost of capital for projects are less than the firms weighted-average cost-of-capital...

Comments  (0)

4c1c5119b03285e3f64bd83a8f9dfeec

The Great Cloud Blockage: 80/20

August 16, 2011 Added by:Ben Kepes

The Catch 22 situation – IT cannot free up sufficient dollars to move legacy applications to the Cloud. And because they therefore have to focus a significant proportion of their budget on keeping the lights on, the opportunities for investment in these activities are eroded...

Comments  (0)

37d5f81e2277051bc17116221040d51c

Myth: Apple Products Don’t Get Viruses

August 16, 2011 Added by:Robert Siciliano

The growing popularity of Apple products has inspired cybercriminals to create viruses that will harm Macs. Until now, Macs have been immune to these threats, but McAfee Labs is seeing the very first wave of fake programs targeted at Mac users...

Comments  (3)

69dafe8b58066478aea48f3d0f384820

Vanguard Defense Industries Hit by AntiSec Hackers

August 16, 2011 Added by:Headlines

The AntiSec hacker collective has breached the email accounts of defense contractor Vanguard Defense Industries. The firm was targeted due to their relationships with law enforcement agencies, and the attackers plan to release several thousand emails and documents that were stolen in the operation...

Comments  (1)

6429389c5e8a4c9555be876f8484331a

Avoiding 7 Common Mistakes of IT Security Compliance

August 16, 2011 Added by:Sasha Nunke

Ambiguity abounds due to lack of a universal philosophy of compliance. A big challenge for security professionals is navigating this ambiguity, especially when financial auditing terms such as GRC are loosely applied to IT security solutions. Let the buyer beware...

Comments  (2)

69dafe8b58066478aea48f3d0f384820

Spear-Phishing Operation Targets Senior US Officials

August 16, 2011 Added by:Headlines

"Victims get a message from an address of a close associate or a collaborating organization/agency, which is spoofed. The message is crafted to look like a subscription form offering to enter Gmail credentials to activate it..."

Comments  (0)

59d9b46aa00c70238bb89056cfeb96c0

Who Should Handle Serious Internal Investigations?

August 16, 2011 Added by:Thomas Fox

If a regulatory authority, such as the SEC or DOJ cannot rely on a company’s internal investigation, it may perform the investigation with its own personnel. Further, these regulators may believe that the company has engaged in a cover-up. This is certainly not the way to buy credibility...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

NIST Seeks Comments on National Initiative for Cybersecurity

August 16, 2011 Added by:Headlines

The plan, "Building a Digital Nation," outlines NICE's mission, vision, goals and objectives. NIST and its interagency NICE partners seek comments from all interested citizens and organizations concerned with cybersecurity awareness, training and education...

Comments  (1)

6d117b57d55f63febe392e40a478011f

Black Hat USA 2011: Chris Blask of AlienVault

August 15, 2011

Chris Blask is the VP of the Industrial Control Systems Group at AlienVault. He has been involved in the information security industry for twenty years. He also invented one of the first commercial firewall products, the BorderWare Firewall Server, and is on the faculty at IANS...

Comments  (1)

0f57a863af3b7e5bf59a94319a408ff7

Auditing: Remote Access Security in 2011

August 15, 2011 Added by:Enno Rey

When the standards were written, endpoints were supposed to be mostly company managed Windows systems. In the meantime most organizations face an unmanaged mess composed of a growing number of smartphones and tablets, some company managed, while some are predominantly free floating...

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

Top Ten Criteria for an SIEM

August 15, 2011 Added by:Anton Chuvakin

I spent years whining about how use cases and your requirements should be driving your SIEM purchase. And suddenly Anton shows up with a simple Top 10 list. This list was built with some underlying assumptions which I am not at liberty to disclose. Think large, maybe think SOC, think complex environment...

Comments  (0)

A88973e7d0943d295c99820ab9aeed27

Mobile Device Security: The Matrix in 2011

August 15, 2011 Added by:Simon Heron

Remember that scene in the Matrix where our hero Neo is on the run and he just grabs a phone off some bystander and is immediately able to cancel the existing call and dial a new one? That seemed totally believable at the time. I just wondered what the equivalent might be these days?

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

Operation Shady Rat: Or As I like To Call It...

August 15, 2011 Added by:Infosec Island Admin

It is readily apparent from this POS that McAfee has put out that they are just fishing for some press here for their flagging AV sales. This paper gives nothing relevant to the story around APT and as such, it should be just relegated to the dustbin of the internet and forgotten...

Comments  (2)

69dafe8b58066478aea48f3d0f384820

ISO and IEC Publish Biometric Authentication Standard

August 15, 2011 Added by:Headlines

Unlike other authentication systems, the breach of biometric data is difficult to remedy. Users can not simply alter the authenticating data used to access secure networks, as one would with usernames and passwords - the data is permanently and uniquely identifiable to the individual user...

Comments  (0)

B64e021126c832bb29ec9fa988155eaf

Hackers Could Target Automated Military Systems

August 15, 2011 Added by:Dan Dieterle

Congress has created a requirement that 1/3 of ALL military ground vehicles be automated or unmanned by 2015. Are automated systems susceptible to malfunctions, glitches or software errors? Are there any instances of these systems turning on their creator? Unfortunately, yes...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

ISA President Larry Clinton Elected the ITSCC Vice Chair

August 15, 2011 Added by:Headlines

Clinton’s election to the ITSCC is critical at this point in time, as some of the legislative efforts underway may serve to fundamentally alter the public-private partnership envisioned in the National Infrastructure Protection Plan and the Obama Administration’s Cyberspace Policy Review...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Anonymous Defaces BART Site - Posts User Data

August 15, 2011 Added by:Headlines

Hacktivist group Anonymous has hacked into myBART.org website belonging to San Francisco’s BART system. The attack was an SQL injection which was able to extract more than 2,000 records containing names, usernames, passwords (plain text), emails, phone numbers, addresses and zip codes...

Comments  (0)

6d117b57d55f63febe392e40a478011f

Black Hat USA 2011: Rodrigo Branco - Vulnerability Research - Qualys

August 14, 2011

Rodrigo Branco is the Vulnerability and Malware Research Director for Qualys, the leading provider of on demand IT security risk and compliance solutions. Qualys enables organizations to easily and cost-effectively ensure that their business technology systems remain highly secure...

Comments  (0)