Latest Posts

69dafe8b58066478aea48f3d0f384820

DEFCON Panel: Anonymous and LulzSec Are Everywhere

August 08, 2011 Added by:Headlines

“We have an opportunity to not just cause chaos, but to cause organized chaos. I’m suggesting the actions in pursuit of their own goal compromise their goal. There’s a way to render more specific what they want to accomplish," said panelist Josh Corman, research director at the 451 Group...

Comments  (0)

6d117b57d55f63febe392e40a478011f

Black Hat 2011 USA: Phillipe Courtot - CEO - Qualys

August 08, 2011

Black Hat USA Interview: Demonstrating a unique mix of technical vision, marketing and business acumen, Philippe Courtot has repeatedly built innovative companies into industry leaders. As CEO of Qualys, Philippe has worked with companies to improve their IT security and compliance postures...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Encrypting the Web with HTTPS Everywhere

August 08, 2011 Added by:Headlines

"Your online reading habits and activities are vulnerable to eavesdropping, and your accounts are vulnerable to hijacking... Electronic Frontier Foundation created HTTPS Everywhere to make it easier for people to keep their user names, passwords, and browsing histories secure and private..."

Comments  (0)

8c4834b99847b9f7c9ee94b45df086f9

Talk of Password Demise Greatly Exaggerated

August 08, 2011 Added by:Emmett Jorgensen

Overall criminals and blackhat hackers have a variety of tools at their disposal to overcome passwords and encryption. But this doesn’t mean that passwords are obsolete. On the contrary, if used properly they are still incredibly effective at protecting our data...

Comments  (1)

69dafe8b58066478aea48f3d0f384820

EastWest Institute Report on World Cybersecurity Summit

August 08, 2011 Added by:Headlines

“Cyber threats have taken on a new dimension over the last year, from Wikileaks and Stuxnet to large-scale theft of customer data... Despite new countermeasures, we are not winning the war on cyber crime. We need stronger policies to protect our digital economy..."

Comments  (0)

850c7a8a30fa40cf01a9db756b49155a

That Shady Rat Was Only a Security Peer

August 07, 2011 Added by:J. Oquendo

After reading about the APT called Shady Rat I shrugged my shoulders and said so what. Why are ten year old attacks and tools still a problem? The answer is simple: Many companies and their staff are under-qualified, incompetent, uneducated, all of the above, or just don't care about security...

Comments  (17)

7c5c876d1933023ac375eead04302e1a

Black Hat USA 2011, ISC2 and the Shady Rat

August 07, 2011 Added by:Boris Sverdlik

Information Security is a funny animal, what other industry can you mass market something that does absolutely nothing and have the product sell itself due to marketing? Why wouldn't you throw sex into the mix? All I can say is... RIGHT ON McAfee! Next year get some unicorns with boobs...

Comments  (0)

37d5f81e2277051bc17116221040d51c

Why Complex Device Identification Isn’t Enough

August 07, 2011 Added by:Robert Siciliano

“Complex device identification” is more sophisticated. This security technique relies on disposable, one-time cookies, and creates a complex digital fingerprint based on characteristics including PC configuration, Internet protocol addresses, and geolocation...

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

On SIEM Services

August 06, 2011 Added by:Anton Chuvakin

When a SIEM vendor tries to sell you services, it is NOT vendor greed – but simply common sense. And if you say “no”, it is not “saving money” – but being stupid. SIEM success out-of-the-box, while real in some cases, is a pale shadow of what a well-thought through deployment looks like...

Comments  (0)

59d9b46aa00c70238bb89056cfeb96c0

How Cyrano de Bergerac Portends the Compliance Assessment

August 06, 2011 Added by:Thomas Fox

Enhanced Compliance Obligations build upon concepts which have been articulated for some time. By utilizing the annual compliance assessment a company more nimbly move towards a best practices program by determining if it currently has these concepts incorporated into the program...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Infosec Island's Scot Terban Replaces Aaron Barr at DEFCON

August 05, 2011 Added by:Headlines

"I look forward to talking about the hubris of LulzSec, Aaron Barr, and Anonymous as well as discuss the issues surrounding them. Cyber activism (hacktivism) is in its infancy and will likely turn into the next level of terrorism," Terban told Infosec Island...

Comments  (1)

E973b16363b3de77b360563237df7e32

Information Systems Security as a Profession

August 04, 2011 Added by:Bozidar Spirovski

If you’re considering a career in IS security, you’ll find job openings in a variety of related areas. Security specialists may be found in each of the following BLS occupational groups, and often enjoy salaries in excess of $100,000 per year...

Comments  (0)

E313765e3bec84b2852c1c758f7244b6

Using Trust Maps to Manage Critical Systems

August 04, 2011 Added by:Brent Huston

The purpose of a trust map is to graphically demonstrate trust between components of your organization. It is a graphic of how authentication occurs, what systems share accounts and what systems trust other systems in an environment. Done properly, they become a powerful tool with a real payoff...

Comments  (0)

B64e021126c832bb29ec9fa988155eaf

Researchers Break Military Chip Encryption Keys

August 04, 2011 Added by:Dan Dieterle

In the attack, power use is monitored during the power up sequence of the chip. As it is powered up, the chip accesses a key used to decrypt the configuration data file and data stream. By analyzing the power used, the team was able to decrypt the key...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

PLC Controlers, Stuxnet, and Kinetic Attacks: Black Hat 2011

August 04, 2011 Added by:Infosec Island Admin

Today we have a hacker community out there able to get their hands on code easily and even perhaps the PLC systems themselves to create even more exploits. Add to this that many SCADA systems have been connected to the Internet (as they should NEVER BE) ripe for attack and we have a big problem...

Comments  (1)

6d117b57d55f63febe392e40a478011f

Black Hat's Technical Director Travis Carelock

August 03, 2011

Travis Carelock is the Technical Director for the Black Hat USA 2011 Conference, taking place this year in Las Vegas, Nevada. Travis talks about some of the technical challenges his team ran into this year, including a fire alarm during the first keynote address by Cofer Black...

Comments  (0)

B451da363bb08b9a81ceadbadb5133ef

Native Auditing In Modern Relational Database Management

August 03, 2011 Added by:Alexander Rothacker

Modern databases provide powerful built-in auditing capabilities that are often underestimated. There are downsides of native auditing like the ability for a malicious user to manipulate the audit trail. Overall, this feature allows customers to monitor database activity at a very granular level...

Comments  (3)

0a8cae998f9c51e3b3c0ccbaddf521aa

Software Security for the Cloud - Same Pig, Shiny Lipstick

August 03, 2011 Added by:Rafal Los

The bottom line here is this - migrating to a cloud architecture doesn't magically make your applications secure... although for many SMBs this is a better option than trying to tackle this problem alone. Let's talk this through...

Comments  (0)

E9e4b2893895604b1b913b7b02e6640b

Four Questions to Start the Security Discussion

August 03, 2011 Added by:Brian McGinley

Intelligent businesses walk the security journey every day. Discussion prompts action, and I’ve found over my years in corporate management and data security that these four simple questions can often get the ball rolling...

Comments  (0)

4c1c5119b03285e3f64bd83a8f9dfeec

Rolling Out the Cloud In Australasia

August 03, 2011 Added by:Ben Kepes

It’s a direct allusion to Government's and corporate’s concerns around location of data – taking advantage of a short term point of difference makes sense for a small provider like that has only a limited window of opportunity to grow before larger and better funded competitors come to market...

Comments  (0)