December 08, 2010 Added by:Alexander Rothacker
Clearly, there were not enough security controls in place that would have prevented the internal thief from accessing this data, and he shouldn’t have had access to this data to begin with. And if he was allowed access to it, there should have been activity monitoring in place...
December 08, 2010 Added by:PCI Guru
The last year has tried to keep QSAs in the loop by issuing a monthly Assessor Update newsletter via email. These usually are not noteworthy, but the November 2010 issue contains a number of items that need to be shared just in case you miss your edition or you are not a QSA...
December 08, 2010 Added by:Daniel Doubrovkine
The advantages of this method are clear. There aren’t any usernames or passwords exchanged and the modern versions of the security protocols are not vulnerable to brute-force or man-in-the-middle attacks. The enterprise can roll out stronger authentication without changing the applications...
December 08, 2010 Added by:Robert Siciliano
Networks of bots, otherwise known as drones or zombies, are often used to commit cybercrime. This can include “stealing trade secrets, inserting malware into source code files, disrupting access or service, compromising data integrity, and stealing employee identity information...
December 08, 2010 Added by:Brent Huston
If your network has even a dozen servers and is complex at all, monitoring can become a daunting task. There are tools and techniques available to help in this task, though. There are log aggregators and parsers, for example...
December 07, 2010 Added by:Jamie Adams
Some sysadmins who write scripts might store sensitive data in temporary files, don't restrict access to temporary files, and might forget to remove them from the system when they are no longer needed. In many cases, they use them when it isn't even necessary...
December 07, 2010 Added by:Simon Heron
VOIP has tremendous benefits for business users – which include cost savings and greater productivity – but like anything else it comes with associated security risks for the corporate network, and these risks must be identified prior to VOIP being rolled out...
December 07, 2010 Added by:Javvad Malik
Sarbanes Oxley, an almost bottomless pit of money poured into achieving compliance. And then we wonder why people view security in a negative light. It’s because all they ever hear is do this or you’ll get fined, do that or you’ll be sent to jail, threats threats threats. It’s all about negative threats...
December 07, 2010 Added by:Bozidar Spirovski
Identifying that you are attacking a virtual machine can happen in two phases. Before you penetrate the target - identification of a VM can happen if the attacker is on the same LAN, and can therefore investigate the characteristics of the target...
December 06, 2010 Added by:Global Knowledge
This built on the Remote Authentication Dial-In User Service (RADIUS) and Remote Access Policies which have been built in to Windows since Windows 2000 Server. Use of 802.1x in wired (e.g. Ethernet) and wireless (e.g. 802.11 WiFi) networks requires some prerequisites in your network infrastructure...
December 06, 2010 Added by:Danny Lieberman
While compliance drives companies into taking action, do compliance activities actually result in implementing and sustaining strong data security management and technology countermeasures? We will see that the answer is generally no...
December 06, 2010 Added by:David Navetta
The FTC alleged that the company engaged in a deceptive act or practice in violation of Section 5 of the FTC Act by failing to inform parents that the information the software collected about their children would be disclosed to third parties for marketing purposes...
December 06, 2010 Added by:Anton Chuvakin
This is a complete and self-contained guidance document that can be provided to people NOT yet skilled in the sublime art of logging and log analysis, in order to enable them to do the job and then grow their skills. This is the first post in the long, long series..
December 05, 2010 Added by:Theresa Payton
Consumers are becoming more aware of cookies and internet mailing lists and have been taking steps to protect themselves from being profiled by advertisers. A way around user controls is to use a technology known as device fingerprinting...
December 05, 2010 Added by:Alexander Rothacker
Most corporations do not have strong security cultures. Who with a budget is going to understand the anatomy of a database attack? Security advancements at many corporations are uphill battles that are largely enabled by compliance projects. Remember, the gold is in the database...
December 05, 2010 Added by:Robert Siciliano
At present, the IRS, along with many other government agencies and corporations, relies on Social Security numbers and will do so for years to come. This continued reliance will inevitably result in additional data breaches and therefore, more stolen identities...
December 04, 2010 Added by:Rahul Neel Mani
Michael Sentonas is Vice President and CTO Asia Pacific at McAfee Inc. In an interaction with R Giridhar at the recent McAfee Focus 10 event, discusses the evolving security landscape and the new approaches to security...
December 03, 2010 Added by:Rafal Los
Although I keep saying that things are most secure when they're simple the new specification is orders of magnitude more complex - more documentation, moving parts, bits - than the Web SQL Database which had security as a principle. What could possibly go wrong, right?
December 03, 2010 Added by:Thomas Fox
A successful investigation interview isn’t just a question and answer period. Asking good questions is just a small piece of a very big puzzle. To get the most out of your fraud investigation interviews, remember these 5 important steps...