Latest Posts

12ea1d6ac442fbf368f1da078fd43220

Keeping Privileged Users Under Control in Oracle Database

October 03, 2011 Added by:Esteban Martinez Fayo

SYSDBA privilege has unlimited access to all data and can make any configuration change. With DatabaseVault installed, it is possible to restrict SYSDBA users from accessing certain data but the protection is not complete. There are ways to bypass the defenses and compromise the data...

Comments  (1)

A8054e07abdfdcadb09322585cb2e085

Wow! So That Was DerbyCon...

October 03, 2011 Added by:Michael SecurityMoey

One talk that I thought was absolutely phenomenal was "Steal Everything, Kill Everyone, Cause Total Financial Ruin" with Jayson Street who walked through his antics and general mayhem. There was one major take away I got from Jayson’s talk: If your users are doing dumb stuff, it’s yours fault...

Comments  (2)

69dafe8b58066478aea48f3d0f384820

HTC Android Devices are Leaking Sensitive User Data

October 03, 2011 Added by:Headlines

"The only reason the data is leaking left and right is because HTC set their snooping environment up this way. It's like leaving your keys under the mat and expecting nobody who finds them to unlock the door..."

Comments  (0)

69dafe8b58066478aea48f3d0f384820

DHS: National Cyber Security Awareness Month

October 03, 2011 Added by:Headlines

The most serious economic and national security challenges we face are cyber threats. America's economic prosperity and competitiveness in the 21st Century depends on effective cybersecurity. Every Internet user has a role to play in securing cyberspace...

Comments  (0)

91648658a3e987ddb81913b06dbdc57a

RIP - Cyber Security Expert Dr. Eugene Schultz

October 03, 2011 Added by:Ron Baklarz

Schultz authored/co-authored five books, wrote over 120 published papers and was also a certified SANS instructor, a senior SANS analyst, a member of the SANS NewsBites editorial board, and co-author of the 2005 and 2006 Certified Information Security Manager preparation materials...

Comments  (1)

7fef78c47060974e0b8392e305f0daf0

Open Call for Interviews: Hacker Halted Miami

October 03, 2011 Added by:Infosec Island Admin

Open Call: Infosec Island will be conducting a series of video interviews with attendees at the Hacker Halted conference in Miami, FL in late October. The interviews offer the opportunity for companies to highlight their knowledge of emerging trends in the information security field...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Internet Giants Enlisted for Government Surveillance

October 03, 2011 Added by:Headlines

"When the possibility exists for information to be obtained that wasn't possible before, it's entirely understandable that law enforcement is interested. Then the issue would be, what's the right policy? And that, or course, engenders a lot of debate..."

Comments  (1)

94ae16c30d35ee7345f3235dfb11113c

Cyber Attacks: Iran Will Retaliate

October 03, 2011 Added by:Joel Harding

What does Iran mean by ‘We will retaliate in cyberspace’? Iran has a record of Shamshir rattling and ‘trash talk’. Yes, Iran has formed a cyber command. Yes, there is a hacker group called the Iranian Cyber Army, and they were defacing pages in China and even took down Baidu...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Insider Threat: Guard Indicted for Chinese Espionage

October 03, 2011 Added by:Headlines

Bryan Underwood, a former contract guard working at a U.S. Consulate in China, has been charged in a superseding indictment with one count of attempting to communicate national defense information to a foreign government...

Comments  (0)

5e402abc3fedaf8927900f014ccc031f

Protecting Your Privacy Is Your Responsibility

October 02, 2011 Added by:Allan Pratt, MBA

Do you wonder what happens with your financial information when a background check is conducted for a job? Do you wonder what happens to your driver’s license information when you’re asked to provide it on a medical form? Truth is, you’re the only one who can safeguard your privacy...

Comments  (1)

59d9b46aa00c70238bb89056cfeb96c0

How Social Media Impacts Your Compliance Program

October 02, 2011 Added by:Thomas Fox

In a September 26, 2011 article in Forbes magazine, titled “Social Power and the Coming Corporate Revolution”, author David Kirkpatrick argues that the social media revolution has so empowered employees and customers that they will soon be calling the shots, not management...

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

Requirements that Cannot be Marked ‘Not Applicable’

October 01, 2011 Added by:PCI Guru

QSAs are questioning the relevance of this clarification in outsourced and environments totally operated through bank-owned terminals and networks. TPCI SSC is clarifying these requirements is to ensure that QSAs are confirming that outsourced environments truly are out of scope...

Comments  (0)

8b5e0b54dfecaa052afa016cd32b9837

Legal Consequences of Breaches to Security and Privacy

October 01, 2011 Added by:Craig S Wright

Intermediaries have the ability to stop transgressions on the Web now, but the lack of clear direction and potential liability associated with action remains insufficient to modify behavior. In the face of tortuous liability, the economic impact of inaction is unlikely to lead to change...

Comments  (0)

E973b16363b3de77b360563237df7e32

Maintaining Quality in Outsourcing Telco Services

September 30, 2011 Added by:Bozidar Spirovski

The issue with telco services is that quality is difficult to define because there are parameters that are difficult to track: sound quality, response of system to tone-dial menu selection of an IVR, intermittent interruptions of communications, and temporarily unavailable service...

Comments  (0)

37d5f81e2277051bc17116221040d51c

Usernames and Passwords Are Facilitating Fraud

September 30, 2011 Added by:Robert Siciliano

Here we are in 2011 and well over half a billion records have been breached. While not all of the compromised records were held by financial institutions or were accounts considered “high-risk”, many of those breached accounts have resulted in financial fraud or account takeover...

Comments  (0)

A7290c5bd7bc2aaa7ea2b6c957ef639b

FTC Proposes Revisions to COPPA Rule

September 30, 2011 Added by:David Navetta

The proposed amendments would modify the Rule in five areas: definitions, parental notice, parental consent mechanisms, confidentiality and security of children’s personal information, and safe harbor programs. Each may have a significant impact on a company’s current online practices...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

Hacker Halted: 10% Discount plus Get a Free iPad2 and 2 Nights Accommodations

September 30, 2011 Added by:Infosec Island Admin

Special for Infosec Island Members: Attend EC-Council's signature event in Miami - Hacker Halted USA - and get a free iPad2 + two nights hotel + an additional 10% discount when signing up for the conference pass or for selected training. Offer ends September 30, 2011...

Comments  (0)

94ae16c30d35ee7345f3235dfb11113c

Microsoft is Waging Cyberwar

September 30, 2011 Added by:Joel Harding

A federal court judge taps his gavel and the request for taking down a domain and all sub-domains is approved. This indicates to me that a corporation is taking care of me, a private citizen. It also indicates that the government cannot or will not protect me...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Researchers Demonstrate Diebold Voting Machine Hack

September 30, 2011 Added by:Headlines

"These man-in-the-middle attacks are potentially possible on a wide variety of electronic voting machines. We think we can do similar things on pretty much every electronic voting machine. This is a national security issue. It should really be handled by the Department of Homeland Security..."

Comments  (0)

15058930cc374dcfa98c0342a08be0b2

Security Trends: Which to Avoid and Which to Embrace

September 30, 2011 Added by:Ken Stasiak

With Enterprise Risk Management (ERM) comes a comprehensive risk assessment equation and process. Defining one process that can be used and incorporated into the entire organization will allow for conformity, efficiency, and effective alignment between departments...

Comments  (0)