Latest Posts
MongoDB Remote Command Execution Vulnerability: Nightmare or Eye-Opener?
April 03, 2013 Added by:Rohit Sethi
The March 24th public disclosure of a MongoDB zero-day vulnerability (CVE-2013-1892) has been raising eyebrows and initiating discussion among IT security and developers alike. Here’s why we think it stands out...
Comments (0)
Deconstructing Defensible - Defensible is not the Same as Secure
April 02, 2013 Added by:Rafal Los
This post and the few that follow will go through the five basic ideas behind defensibility and why defensible is a state we should be striving for as enterprise security professionals.
Comments (0)
The Driving Forces in Cyberspace are Changing the Reality of Security
April 02, 2013 Added by:Jarno Limnéll
Every second the cyber domain expands and becomes more complex. This means that there is an incredible scope of possibilities and the means develop new things. The integration of the online world with the physical world brings a new dimension to human life. It is vital to understand that cyberspace should not be treated as a separate domain but as one that is entwined with the physical space.
Comments (0)
The Threat to Industrial Control Systems from Physical Persistent Design Features (PPDF)
April 01, 2013 Added by:Joe Weiss
Industrial control systems (ICSs) were designed for reliability and safety and to enable system operability and functionality. Many ICSs were originally designed before networking was commonplace. Consequently, cyber security was not a design consideration.
Comments (0)
Managing Risk and Information Security: Protect to Enable
April 01, 2013 Added by:Ben Rothke
In Managing Risk and Information Security: Protect to Enable, author Malcolm Harkins deals with the inherent tension of information security – that between limitations and enablement.
Comments (0)
China Women Dating
March 30, 2013 Added by:Joel Harding
Then, two weeks ago, an unusual event happened. First, since I have a Mac running some unusual browsers, I seldom get a pop-up screen. But one popped up. Imagine my surprise when the popup window was an ad for Chinese dating site called ChineseWomenDating.com
Comments (9)
Bit9 Releases 2013 Server Security Survey Report
March 30, 2013 Added by:Mike Lennon
Security vendor Bit9, best known for its application whitelisting solutions, recently released its second annual server security survey of nearly 1,000 IT and security professionals worldwide.
Comments (0)
Digital Natives, Digital Immigrants, Exo-Nationals and The Digital Lord of The Flies
March 29, 2013 Added by:Krypt3ia
There seems to be a disconnect within the psyche for kids where their actions are just not real because it happens online. Some of these kids that I tracked online due to recent events with the attacks on Brian Krebs that leads me to believe some of them may in fact be on the road to sociopathy.
Comments (1)
Brian Honan on Hacking Senior Management
March 28, 2013 Added by:Tripwire Inc
What are security professionals doing wrong that they can’t connect and communicate with their businesses’ senior management, asked Brian Honan, Principal of BH Consulting in our conversation at the 2013 RSA Conference in San Francisco.
Comments (4)
SSL Wars – Little New Hope
March 28, 2013 Added by:Gary McCully
I thought it was time to write an update regarding the current state of websites that are using SSL/TLS to protect their web applications. Sadly, the current state of SSL/TLS is pretty pathetic. As of March 19, 2013 the SSL Pulse Project reported that many of the most popular sites on the Internet are still struggling with correctly implementing SSL!
Comments (0)
Defending the Corporate Domain: Strategy and Tactics
March 27, 2013 Added by:Rafal Los
Strategy without accompanying tactics is a lost cause. Tactics without a solid footing in strategy is an expensive lost cause. The maturity of an organization's security team is directly proportional to their ability to have a foundational strategy and be able to implement tactical measures and feedback to adjust to changing conditions in order to defend adequately.
Comments (0)
New Malware Targets POS Systems and ATMs, Hits Major US Banks
March 27, 2013 Added by:Infosec Island
A new malware targeting point-of-sale (POS) systems and ATMs has stolen payment card information from several US banks, researchers say. The author behind the malware appears to have links to a Russian cyber-crime gang.
Comments (0)
The Five-Step Privilege Management Checklist for Financial Organizations
March 27, 2013 Added by:Paul Kenyon
Financial institutions sit at the top end of the scale for security and reputational risk, with their databases of customer information making them especially vulnerable to criminal interception and subject to regulatory obligations.
Comments (0)
SCADA and ICS Security Patching: The Good, the Bad and the Ugly
March 26, 2013 Added by:Eric Byres
Let's examine the good, the bad and the ugly details of patching as a means to secure SCADA and ICS systems. And to begin, let’s suppose patches could be installed without shutting down the process...
Comments (1)
On Iran and Pre-Emptive Cyber Attacks
March 26, 2013 Added by:Don Eijndhoven
Some say that the 'right to strike pre-emptively' is a warning shot across the bow of China, but it cannot be said that it is a timely revelation in any respect. After all, not having formally asserted this right to strike pre-emptively did not deter the cyber attack against Iran's nuclear enrichment facilities in Natanz
Comments (0)
Silky Paws Need Claws – The Problems of Defensive Cyberstrategies
March 25, 2013 Added by:Jarno Limnéll
For societies and armed forces there is today no credible defense without cyber capabilities. The cyber arms race has started, and its speed is accelerating. Nations and other entities are using online weapons, because they are thousands of times cheaper than conventional armaments.
Comments (1)
South Korean Attack & Malware Analysis
March 25, 2013 Added by:Tripwire Inc
From several samples of the malware and logs it has been found that the malware was designed to corrupt the Master Boot Record (MBR) as well as the Volume Boot Record (VMR). Once the corruption has taken place the system reboots leaving the system unusable as the MBR is missing .
Comments (0)
Chinese Whispers, Chinese Lies: Analyzing Mandiant's APT1 Report
March 25, 2013 Added by:Oliver Rochford
The foremost problem with the Mandiant report is that it relies on a view of China and the Chinese Cyber-Operations that has very little to do with situational conditions on the ground.
Comments (0)
Apple Makes Two Factor Authentication Available for Apple IDs
March 22, 2013 Added by:Mike Lennon
In an effort to increase security for user accounts, Apple on Thursday introduced a two-step verification option for Apple IDs.
Comments (0)
Email Security: It's Every Employee's Business
March 22, 2013 Added by:Allan Pratt, MBA
Email security has become part of the job description for every employee. All it takes is one employee to cause a breach that opens up the entire company.