Latest Posts

69dafe8b58066478aea48f3d0f384820

NATO Threatens to "Persecute" Anonymous Hacktivists

June 02, 2011 Added by:Headlines

"It remains to be seen how much time Anonymous has for pursuing such paths. The longer these attacks persist the more likely countermeasures will be developed, implemented, the groups will be infiltrated and perpetrators persecuted..."

Comments  (0)

4ff49873e3fed9a24adf0d37ae00b780

A Review of the New Backtrack 5 Operating System

June 02, 2011 Added by:Lee Munson

If you are a computer security consultant, there is no better tool to use than Backtrack. If you own a company that has to store important data, then it is vital for you to have a tool like this so your security people can test your network with the same tools the bad guys are using...

Comments  (0)

9259e8d30306ac2ef4c5dd1936e67634

Return on Security Investment (ROSI) Calculator Launched

June 02, 2011 Added by:Dejan Kosutic

This is the most detailed ROSI Calculator that can be found on the Internet, and it aims to calculate as precisely as possible whether the potential decrease of security incidents (i.e. the risk mitigation) will outweigh the investment in security measures. It's completely free...

Comments  (0)

C787d4daae33f0e155e00c614f07b0ee

Focusing on Success or Failure in IT and Infosec

June 01, 2011 Added by:Robb Reck

Information security works differently than IT. Rather than focusing on how to build a system that can meet a requirement, the security-minded will focus on how to build a system that cannot do anything but meet a requirement. The difference is subtle, but critically important...

Comments  (0)

D8853ae281be8cfdfa18ab73608e8c3f

Dumping Hashes on Win2k8 R2 x64 with Metasploit

June 01, 2011 Added by:Rob Fuller

When trying to dump password hashes on a Windows 2008 R2 64 bit box I constantly run into the "The parameter is incorrect" error in Meterpreter. Well, with a bit of migration you'll be back to passing the hash. Here is how, with a bit of the thought process first...

Comments  (0)

59d9b46aa00c70238bb89056cfeb96c0

Compliance: Twenty Questions Directors Should Ask

June 01, 2011 Added by:Thomas Fox

The questions are not intended to be an exact checklist, but rather a way to provide insight and stimulate discussion on the topic of compliance. The questions provide directors with a basis for critically assessing the answers they get and digging deeper as necessary...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Governments Escalate Cyber Warfare Rhetoric

June 01, 2011 Added by:Headlines

“We must plan, train, exercise and operate in a way which integrates our activities in both cyber and physical space. We will grow a cadre of dedicated cyber experts to support our own and allied cyber operations and secure our vital networks...”

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

The Most Important Security Question Ever Asked

June 01, 2011 Added by:Rafal Los

I've been learning a lot lately from one of my senior colleagues who's been doing this software security assurance thing much longer than I have, and the more time I spend with him the more I understand that it all comes down to one very simple question: Why?

Comments  (5)

65be44ae7088566069cc3bef454174a7

HHS: HIPAA Privacy Rule Accounting of Disclosures

June 01, 2011 Added by:Rebecca Herold

Covered entities and business associates would need to account for disclosures of PHI in electronic health records that are part of a designated record set for treatment, payment and health care operations in addition to the existing requirements for accounting for access to PHI...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Lockheed Systems on Lock Down After Cyber Attack

June 01, 2011 Added by:Headlines

“As a result of the swift and deliberate actions taken to protect the network and increase IT security, our systems remain secure. No customer, program or employee personal data has been compromised...”

Comments  (0)

850c7a8a30fa40cf01a9db756b49155a

Improvised Cyber Exploitation Devices

May 31, 2011 Added by:J. Oquendo

It should come as no surprise that ModSecurity is not an offensive tool. Far from it however, I am going to use it as a method to redirect my targets over to my Metasploit machine. My goal is to explain the use a of defensive tool for offensive purposes...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

Enemy of the State

May 31, 2011 Added by:Infosec Island Admin

You have the right to privacy in your papers and your domicile, but does this actually apply to digital papers, computers, hard drives, and anything you pass over telco lines to the cloud? Or is it considered public domain like your trash being placed at the end of your driveway?

Comments  (0)

F29746c6cb299c1755e4087e6126a816

Five Issues With Obama’s Breach Notification Policy

May 31, 2011 Added by:Kelly Colgan

The proposed bill is nothing more than an outdated, bandwagon approach that creates more red tape for businesses, weakens state law, and overprotects small- to medium-sized companies that suffer data breaches. Bottom line: It offers little, meaningful help to the consumer...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

AlienVault Releases SCADA SIEM for Critical Infrastructure

May 31, 2011 Added by:Headlines

"We have a solution that can address the security and compliance needs of customers in process control industries including electric power utilities, public works and oil & gas. You just cannot get that level of capability, reliability and integration with legacy IT or ICS solutions..."

Comments  (0)

0dc5fdbc98f80f9aaf2b43b8bc795ea8

Ten Steps To A More Secure Password

May 31, 2011 Added by:Global Knowledge

I make a point to preach password security to most co-workers I supported – especially those who dealt with personnel records, credit card info, and other potentially sensitive documents. Below are some tips that will make your passwords a hundred times harder to hack...

Comments  (2)

69dafe8b58066478aea48f3d0f384820

Pentagon: Cyber Attacks Considered Act of War

May 31, 2011 Added by:Headlines

The report concludes that the Laws of Armed Conflict should also extend to the cyberspace field of operations. "If you shut down our power grid, maybe we will put a missile down one of your smokestacks," said an unidentified military official...

Comments  (0)

69fd9498e442aafd4eb04dfdfdf245c6

Freedom versus Security

May 31, 2011 Added by:Luis Corrons

In a few years’ time, besides protecting ourselves against cyber-attacks we will also have to look for mechanisms that guarantee our rights against government abuse of power. Some people are talking about the introduction of “Internet passports” to identify Internet users...

Comments  (6)

4ed54e31491e9fa2405e4714670ae31f

Weaponizing the Nokia N900 Part 3.8: Backtrack 5

May 31, 2011 Added by:Kyle Young

You could setup your N900 on a victim network and have ssh listing on your public IPv6 address and then log in to your N900 from an outside network over IPv6. You wouldn’t even have to do any port forwarding on the victim’s firewall/gateway/router...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Hackers Deface PBS Site in WikiLeaks Protest

May 31, 2011 Added by:Headlines

"Last night there was an intrusion to PBS' servers. The erroneous information on the PBS NewsHour site has been corrected. We're notifying stations and affected parties to advise them of the situation..."

Comments  (0)

43559f6a0465c923b496a260211995c0

SecurID: No Need for the Seed!

May 30, 2011 Added by:Pascal Longpre

An attacker who has installed the target's VPN client and configuration patiently waits for the user to authenticate. When the user begins to enter its 6 digit SecurID password, the Trojan captures the characters entered and immediately sends them through SSL to the attacker's machine...

Comments  (1)