Latest Posts
Malnets to Become Source for Majority of Attacks
February 13, 2012 Added by:Infosec Island Admin
"Malnet infrastructures enable cybercriminals to launch dynamic attacks that are often not detected by traditional anti-virus vendors for days or months. In one case in early February 2011, a malware payload changed locations more than 1,500 times in a single day..."
Comments (0)
Hacker Boasts of Intel Corporation Network Breach
February 13, 2012 Added by:Headlines
A hacker who goes by the handles "WeedGrower" and "X-pOSed" claims to have breached tech giant Intel and to have gained access to an Intel.com subscriber database that contains sensitive information including passwords, social security and credit card numbers...
Comments (0)
We Have Every Right to be Furious about ACTA
February 13, 2012 Added by:Electronic Frontier Foundation
While ACTA was only negotiated between a few countries, it has global consequences. First because it will create new rules for the Internet, and second because its standards will be applied to other countries through the U.S.’s annual Special 301 process...
Comments (0)
Commercial DDoS Tools Offer a Competitive Advantage
February 13, 2012 Added by:Headlines
With the growing availability of DDoS services being marketed directly to businesses, enterprises may increasingly find themselves under attack from competitors seeking to gain an advantage in the increasingly lucrative Internet marketplace...
Comments (0)
US Confirms Iran Did Not Hack RQ-170 Stealth Drone
February 13, 2012 Added by:Dan Dieterle
A congressional official has confirmed that Iran did not bring down the drone with it’s “cyber warfare” skills. Information from a 10 week CIA review seems to point to a malfunctioning data stream. Information from the faulty stream may have led the drone operator to land the UAV...
Comments (0)
The Obama Administration’s Cybersecurity Proposal
February 13, 2012 Added by:Headlines
The President’s proposal would establish national standards, protect federal networks, and allow DHS to provide enhanced voluntary assistance to our private sector and state, local, tribal, and territorial government partners...
Comments (0)
Smart Grid Raises the Bar for Disaster Recovery
February 13, 2012 Added by:Brent Huston
Many of the organizations we have talked to simply have not begun the process of adjusting their risk assessments, disaster plans and the like for these types of operational requirements, even as smart grid devices begin to proliferate across the US and global infrastructures...
Comments (0)
NIST Hosts Federal Infosec Educators Conference
February 13, 2012 Added by:Headlines
FISSEA is responsible for promoting cybersecurity awareness, training and education. The annual meeting is geared toward both new and seasoned security officers, IT managers, information security educators and researchers, cybersecurity trainers and teachers...
Comments (0)
Will the Real IT Security Researcher Please Stand Up?
February 13, 2012 Added by:Rafal Los
Most security researchers are comfortable with identifying flaws and racing to be the first to find zero-day vulnerabilities. Is this productive? Isn’t erring human? If that is the case, why is it surprising to find flaws in new software or applications?
Comments (1)
Encryption Key Management Primer – Requirement 3.5
February 13, 2012 Added by:PCI Guru
The problem with the manual option is that encryption keys are typically needed to boot the secure server or start an application that needs access to encrypted data. The security surrounding the keys becomes problematic as operations personnel need regular access...
Comments (0)
NIST Finalized Guidelines for Security in the Cloud
February 13, 2012 Added by:David Navetta
According to NIST, SP 800-144 is geared for those involved in cloud computing initiatives; security personnel responsible for security and privacy measures for cloud computing; system and network administrators; and users of public cloud computing services...
Comments (0)
Incident Response and Risk Management Go Hand in Hand
February 13, 2012 Added by:Neira Jones
Residual risk is inevitable, so incident response becomes a crucial part of managing it. As the risk assessment identifies the assets critical to a business - threats, vulnerabilities and controls - so should the incident response plan concentrate on critical assets...
Comments (0)
Why Data Security Regulation is Bad
February 12, 2012 Added by:Danny Lieberman
The government knee-jerk reaction in the face of a data breach is to create more compliance regulation. Security by compliance does not improve security, since attackers can reverse-engineer the minimum requirements in a standard to look for holes in a company’s defenses...
Comments (0)
Focusing on Input Validation
February 12, 2012 Added by:Brent Huston
Input validation is the single best defense against injection and XSS vulnerabilities. Done right, proper input validation techniques can make web-applications invulnerable to such attacks. Done wrongly, they are little more than a false sense of security...
Comments (0)
Brad Smith: The Power of the Ultimate Social Engineer
February 12, 2012 Added by:Krzysztof Marczyk
While we often focus on how social engineering skills can be used to break into companies or otherwise obtain information that is supposed to be protected, Brad demonstrates the positive aspects of these skills, and shows how they can be put to good use...
Comments (1)
Enterprise Security and the Battle Over Productivity
February 11, 2012 Added by:Rafal Los
The trick is, when security can't clearly and absolutely get definition on what employees should and shouldn't be allowed to do, they have to implement the law of least privilege overly aggressively and then things get slow, tedious, and everyone complains about security...
Comments (0)
Security Weekly News Roundup: Tunnel Vision
February 11, 2012 Added by:Fergal Glynn
As security professionals do we all just suffer from “security tunnel vision” or is something major shifting in our industry? Is it all just related to the significant rise in hacktivism or the 24-hour news cycle requiring that every little thing become a news story?
Comments (0)
Data at Rest: Dormant But Dangerous
February 11, 2012 Added by:Simon Heron
Data is considered to be either ‘at rest’, ‘in transit’ or ‘in use.’ When putting security measures in place, it is important to consider all three states and address risks associated with each. This article examines data at rest and proposes strategies to minimize dangers...
Comments (0)
Risk Assurance: A Blog Post to Fear
February 11, 2012 Added by:Jon Long
Fear introduce itself as "SSAE16 replaces SAS70" and told everyone it was the only replacement for SAS70, even though the AICPA made it clear that SSAE16 is not designed to provide assurance regarding security, availability, processing integrity, confidentiality, or privacy...
Comments (2)
APT: What It Is and What It’s Not
February 10, 2012 Added by:Scot Terban
They can use the most elegant of solutions and nimbly change their tactics, on the fly create/edit code to defeat the defender's tactics, and use the most simplistic of attacks in the effort to gain access KEEP it as long as possible to succeed in their own ends...
Comments (0)
Your Own Private Island
December 24, 2011Coming Soon! Build your own Island right here!
Make your home Infosec Island with your own private vanity URL, design options and private network of followers.
Infosec Island v2
December 24, 2011The latest version of Infosec Island is now available. There are more content options and more ways to connect and interact with your peers.
Thanks to everyone for a great year, and we're looking forward to an excellent 2012!