January 15, 2013 Added by:Pierluigi Paganini
The researchers adopted technique for authorship attribution such the stylometric analysis also used in forensic linguistics verifying the capability of method of tracking also against automated framework like Jstylo used to protect user’s privacy and anonymity...
January 14, 2013 Added by:Simon Moffatt
Often as consultants, technologists and engineers, we sometimes fail to see things through the eyes of the normal subscriber and end user. When the majority of us buy a car we are concerned about mpg, reliability, safety and performance. We are not generally wanting to speak directly with the mechanic, designer or component builder about the injection system, the carbon mix of the break pads or ...
January 13, 2013 Added by:Larry Karisny
We start with one big problem. Internet architecture was never made for security. One of my earliest articles quoted the father of the Internet Vint Cerf by saying, "One of things incumbent on all of us is to introduce strong authentication into the fabric of the smart grid. We did not do that with the Internet."
January 08, 2013 Added by:Ali-Reza Anghaie
I have long said that history and legal precedent will eventually defend "hack back" techniques for those with well established procedures and some degree of market clout (e.g. DIB, Fortune 100s). I've even said, when discussing the Patriot Hacker "The Jester", that self-defense and stand-your-ground will almost certainly come into play and be successfully used in some legal context.
January 04, 2013 Added by:Pierluigi Paganini
It’s the news of the day, a fraudulent digital certificate that could be used for active phishing attacks against Google’s web properties. Using the certificate it is possible to spoof content in a classic phishing schema or perform a man-in-the-middle attack according Google Chrome Security Team and Microsoft experts.
January 04, 2013 Added by:Larry Karisny
Current IDS solutions have high instances of false positives and true negatives and are extremely costly to maintain. Current IDS solutions were not designed for today's hyper connected business processes with high volume of instances. Attempting to detect misuse or anomalous behaviors requires infinite numbers of rules, patterns or algorithms, which is not possible, and is therefore the cause of ...
January 03, 2013 Added by:Gary McCully
This is a real world story around the dangers of not following proper change control processes when placing new systems in production. In this blog I will discuss how one person’s actions could have resulted in an attacker gaining complete access to the organization’s internal network. I am hoping this example will cause organizations to take their change control processes a little more seriou...
December 29, 2012 Added by:Paul Kenyon
With technology now available that allows even a true administrator to log in with standard user rights and do their role without ever needing a privilege account, we will start to see more and more organizations adopt a least privilege approach to computing...
December 28, 2012 Added by:Allan Pratt, MBA
As the New Year approaches, have you thought about your New Year’s resolutions? As a member of the information security industry, I would like to share five resolutions that you should definitely add to your list...
December 26, 2012 Added by:Matthew McWhirt
Many of the security incidents encompassing 2012 could have been mitigated, and some even fully prevented, if fundamental information security best practices had been reviewed and assessed, and controls encompassing incident response phases had been fully vetted...
December 26, 2012 Added by:Randall Frietzsche
When I was studying for my CISSP, I had to either learn or become reacquainted with ten domains of information security. Even though I may not use it on a daily basis, the CISSP exam would test me on my knowledge and understanding of all areas - I didn't need to be an expert but I needed to be acquainted with every art...
December 26, 2012 Added by:Simon Moffatt
Technology evolves so quickly that 12 weeks is an age when it comes to new ideas and market changes - and security is no different. However, the main areas I will personally be following with interest though, will be the BYOD/BYOA, personnel, preemptive security and social intelligence...
December 25, 2012 Added by:Alexander Polyakov
ERP systems, which store the information about finances, employees, materials, wages, and so on, are rightfully considered to be the most critical of such systems. Unauthorized access to those systems can lead to espionage, sabotage, or fraud...
December 25, 2012 Added by:Paul Kenyon
Considering this speed of change, taking a moment to reflect on the security risks ahead is not only prudent, but could save your organization from being blindsided. From my view, here's what I'd recommend organizations, from SMBs to the enterprise, prepare for in 2013...
December 18, 2012 Added by:Ben Rothke
While few organizations have specific policies around big data, even less how though about the ways in which people in their organization use that data and the ethical issues involved. The benefits of big data analytics are significant, but the potential for abuse is also considerable...
Mobile Security Processes Could Be Applied t... Johnnie Nix on 05-21-2013
ATM Security (And Really Learning from the P... Johnnie Nix on 05-21-2013
New Study Published on Mobile Malware... Caitlin Rachel on 05-21-2013