Security Management
Stylometric analysis to track anonymous users in the underground
January 15, 2013 Added by:Pierluigi Paganini
The researchers adopted technique for authorship attribution such the stylometric analysis also used in forensic linguistics verifying the capability of method of tracking also against automated framework like Jstylo used to protect user’s privacy and anonymity...
Comments (0)
Protection Without Detection
January 14, 2013 Added by:Simon Moffatt
Often as consultants, technologists and engineers, we sometimes fail to see things through the eyes of the normal subscriber and end user. When the majority of us buy a car we are concerned about mpg, reliability, safety and performance. We are not generally wanting to speak directly with the mechanic, designer or component builder about the injection system, the carbon mix of the break pads or ...
Comments (2)
Common Sense Cybersecurity
January 13, 2013 Added by:Larry Karisny
We start with one big problem. Internet architecture was never made for security. One of my earliest articles quoted the father of the Internet Vint Cerf by saying, "One of things incumbent on all of us is to introduce strong authentication into the fabric of the smart grid. We did not do that with the Internet."
Comments (0)
Briefly on "The Network Use of Force Continuum"
January 08, 2013 Added by:Ali-Reza Anghaie
I have long said that history and legal precedent will eventually defend "hack back" techniques for those with well established procedures and some degree of market clout (e.g. DIB, Fortune 100s). I've even said, when discussing the Patriot Hacker "The Jester", that self-defense and stand-your-ground will almost certainly come into play and be successfully used in some legal context.
Comments (0)
Turkey – Another story on use of fraudulent digital certificates
January 04, 2013 Added by:Pierluigi Paganini
It’s the news of the day, a fraudulent digital certificate that could be used for active phishing attacks against Google’s web properties. Using the certificate it is possible to spoof content in a classic phishing schema or perform a man-in-the-middle attack according Google Chrome Security Team and Microsoft experts.
Comments (0)
A New Way of Detecting Cybersecurity Attacks
January 04, 2013 Added by:Larry Karisny
Current IDS solutions have high instances of false positives and true negatives and are extremely costly to maintain. Current IDS solutions were not designed for today's hyper connected business processes with high volume of instances. Attempting to detect misuse or anomalous behaviors requires infinite numbers of rules, patterns or algorithms, which is not possible, and is therefore the cause of ...
Comments (0)
Don’t Be Caught Playing the Fool (A Lesson in Why Change Control is Important)
January 03, 2013 Added by:Gary McCully
This is a real world story around the dangers of not following proper change control processes when placing new systems in production. In this blog I will discuss how one person’s actions could have resulted in an attacker gaining complete access to the organization’s internal network. I am hoping this example will cause organizations to take their change control processes a little more seriou...
Comments (0)
What's Next For BYOD - 2013 And Beyond
December 30, 2012 Added by:Ian Tibble
The business case is inconclusive, with plenty in the "say no to BYOD" camp. The security picture is without foundation - we have a security nightmare with user devices, regardless of who owns the things...
Comments (0)
Executive Viewpoint 2013: Avecto
December 29, 2012 Added by:Paul Kenyon
With technology now available that allows even a true administrator to log in with standard user rights and do their role without ever needing a privilege account, we will start to see more and more organizations adopt a least privilege approach to computing...
Comments (1)
Security Resolutions for the New Year
December 28, 2012 Added by:Allan Pratt, MBA
As the New Year approaches, have you thought about your New Year’s resolutions? As a member of the information security industry, I would like to share five resolutions that you should definitely add to your list...
Comments (0)
2013 - Year of the D(efense)
December 26, 2012 Added by:Matthew McWhirt
Many of the security incidents encompassing 2012 could have been mitigated, and some even fully prevented, if fundamental information security best practices had been reviewed and assessed, and controls encompassing incident response phases had been fully vetted...
Comments (0)
Maintain the Combat Stance
December 26, 2012 Added by:Randall Frietzsche
When I was studying for my CISSP, I had to either learn or become reacquainted with ten domains of information security. Even though I may not use it on a daily basis, the CISSP exam would test me on my knowledge and understanding of all areas - I didn't need to be an expert but I needed to be acquainted with every art...
Comments (0)
The Obligatory 2013 Infosec Predictions Post
December 26, 2012 Added by:Simon Moffatt
Technology evolves so quickly that 12 weeks is an age when it comes to new ideas and market changes - and security is no different. However, the main areas I will personally be following with interest though, will be the BYOD/BYOA, personnel, preemptive security and social intelligence...
Comments (0)
ESB Security Spotlighted At ZeroNights 2012
December 25, 2012 Added by:Alexander Polyakov
ERP systems, which store the information about finances, employees, materials, wages, and so on, are rightfully considered to be the most critical of such systems. Unauthorized access to those systems can lead to espionage, sabotage, or fraud...
Comments (0)
Prediction: BYOD May Go Away in 2013
December 25, 2012 Added by:Paul Kenyon
Considering this speed of change, taking a moment to reflect on the security risks ahead is not only prudent, but could save your organization from being blindsided. From my view, here's what I'd recommend organizations, from SMBs to the enterprise, prepare for in 2013...
Comments (3)
Ethics of Big Data: Balancing Risk and Innovation
December 18, 2012 Added by:Ben Rothke
While few organizations have specific policies around big data, even less how though about the ways in which people in their organization use that data and the ethical issues involved. The benefits of big data analytics are significant, but the potential for abuse is also considerable...
Comments (0)
- Improving Security by Failing Faster
- BYOD: Should It Be the Wave of the Future?
- Trend Micro Discovers "SafeNet" - a New Targeted Espionage Operation Online
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)
- Complimentary IT Security Resources [May 13, 2013]
- Steps Toward Weaponizing the Android Platform
- Mobile Security Processes Could Be Applied to Medical Devices: Bluebox