Latest Posts
Researchers Discover Widespread Cryptographic Vulnerabilities
February 15, 2012 Added by:Electronic Frontier Foundation
The consequences of these vulnerabilities are extremely serious. In all cases, a weak key would allow an eavesdropper on the network to learn confidential information, such as passwords or the content of messages, exchanged with a vulnerable server...
Comments (0)
Iran Successfully Eradicates Stuxnet Virus Infestation
February 15, 2012 Added by:Headlines
"I would assume that once Iran learned of Stuxnet, then intelligence agencies looked at this method of cyber attack as compromised regardless of how long it has taken Iran to neutralize it. It is a cat and mouse game..."
Comments (0)
In Cyber - Losers Ignore, Survivors React, Winners Predict
February 15, 2012 Added by:Richard Stiennon
Every organization has a choice: become a victim of cyber attack and pay the cost of recovery then rely on quick reactions to changes in the threat space to survive the next attack, or predict the escalation in attacks and invest early in the defenses required...
Comments (0)
ICS-CERT: Koyo Ecom100 Brute Force Cracking Tool
February 15, 2012 Added by:Headlines
A brute force password cracking tool has been released that targets the weak authentication vulnerability in the Koyo ECOM100 Ethernet Module. This tool may greatly reduce the time and skill level required to attack a vulnerable system...
Comments (0)
The Fundamentals of Infosec in Theory and Practice
February 15, 2012 Added by:Ben Rothke
Information security is an overwhelming body of knowledge, and for many it can indeed be a far too tremendous body of text to attempt to cover. To that effort this book is an invaluable resource as it covers the key areas without getting bogged down in the minutia...
Comments (0)
Build Your Security Portfolio Around Attack Scenarios
February 15, 2012 Added by:Danny Lieberman
In the current environment of rapidly evolving types of attacks - hacktivisim, nation-state attacks, credit card attacks mounted by organized crime, script kiddies, competitors and malicious insiders and more - it is essential that IT and security communicate effectively...
Comments (1)
Your Name and SSN - All a Thief Needs for Tax Fraud
February 15, 2012 Added by:Kelly Colgan
The IRS has seen a significant increase in the number of fraud cases involving identity theft, according to Steven Miller, IRS deputy commissioner for services and enforcement. Addresses don’t mean anything. All a thief needs is your name and Social Security number...
Comments (0)
What Actually Changed in Google’s Privacy Policy
February 15, 2012 Added by:Electronic Frontier Foundation
Google did a great job of informing users that the privacy policy had been changed through emails and notifications. Unfortunately, while the policy might be easier to understand, Google did a less impressive job of publicly explaining what in the policy had actually been changed...
Comments (0)
Subordinate Digital Certificates Pits Trustwave vs Mozilla
February 14, 2012 Added by:Pierluigi Paganini
Trustwave declared that the issuing of subordinate root certificates to private companies was done to allow inspection of the SSL encrypted traffic that passes through their networks. Trustwave decided to stop issuing these in the future, and revoked the existing ones...
Comments (0)
Comprehensive Cyber Security Act of 2012 Introduced
February 14, 2012
The act was designed to provide the government with a clear structure for securing its own networks and those that run critical infrastructure - energy and water delivery systems, financial systems, nuclear and chemical, plants, and transportation networks...
Comments (0)
Security Flaw in eBanking Affects Over 100 Million Users
February 14, 2012 Added by:Alan Woodward
CAPTCHAs. You've all had to use them at some point - those funny, distorted versions of a piece of text that only a human can decipher. I was shocked to learn that CAPTCHAs were being used in eBanking and could successfully be attacked nearly 100% of the time....
Comments (1)
Iran Remains Defiant in Confronting Cyber Attacks
February 14, 2012 Added by:Headlines
"Iranian experts possess adequate knowledge to confront cyber threats. All nuclear facilities in the country are immune from cyber attacks... Many viruses are produced in the world every day... there has been no destructive impact inside the country," said Gholam-Reza Jalali...
Comments (1)
Jihadi Information Warfare: The Next Wave
February 14, 2012 Added by:Scot Terban
There have been tutorials on SQLi and Metasploit online for a long time, but only recently have we seen them translated into Arabic and placed on the technical forums. This means that even the low end of the technically capable Jihadist's can now boot up these tools hack a site…
Comments (0)
Twitter Finally Enables HTTPS as a Default Setting
February 14, 2012 Added by:Headlines
Among other security benefits, the HTTPS feature will prevent users from having their login credentials stolen by attackers who may attempt to harvest passwords when users access their accounts over unencrypted Wi-Fi networks...
Comments (0)
Difference Between Spreading Information and Enabling Crime
February 14, 2012 Added by:Rafal Los
Most people don't get prosecuted or charged for distributing or re-tweeting a link to an Anonymous pastebin dump. Where is the line drawn then, and why are some incidents bigger than others? The question ultimately goes to the contents of the cache of information...
Comments (2)
NIST Cybersecurity for Cyber-Physical Systems Workshop
February 14, 2012 Added by:Infosec Island Admin
The NIST ITL Computer Security Division will host a two-day workshop about the cyber security needed for cyber-physical systems (CPSs), with a focus on results of research and real-world deployment experiences...
Comments (0)
What's More Important - Vulnerabilities or Actual Incidents?
February 14, 2012 Added by:Joe Weiss
To at least some of us in the control systems community these vulnerabilities are not unexpected. The fact that many of these systems are also connected to the Internet as Eireann Leverett demonstrated is also not new, even though the numbers of control system connected to the Internet are striking.
Comments (0)
Why Data Leaks
February 14, 2012 Added by:Danny Lieberman
The main reason is people. People handle electronic data and make mistakes or do not follow policies. People are increasing conscious that information has value – all information has some value to someone and that someone may be willing to pay...
Comments (0)
FBI Bitten by Operational Security
February 14, 2012 Added by:Fergal Glynn
Employees forward confidential calendar events and messages to personal calendars and personal email accounts. This may make their jobs easier but it can put their companies at risk. A recent security incident involving the FBI can teach us something about corporate security...
Comments (0)
Security BSides San Francisco: Presentation Schedule
February 14, 2012 Added by:Security BSides
Each BSides is a community-driven framework for building events for and by information security community members. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening. You don’t want to miss it...
Comments (0)
Your Own Private Island
December 24, 2011Coming Soon! Build your own Island right here!
Make your home Infosec Island with your own private vanity URL, design options and private network of followers.
Infosec Island v2
December 24, 2011The latest version of Infosec Island is now available. There are more content options and more ways to connect and interact with your peers.
Thanks to everyone for a great year, and we're looking forward to an excellent 2012!