Network Security
Perfect Citizen, US vulnerability assessment program on critical infrastructures
January 02, 2013 Added by:Pierluigi Paganini
CNET web site has published a news on a secret National Security Agency program named Perfect Citizen that is targeting on large-scale the control systems inside utilities, including power grid and gas pipeline controllers, with the purpose to discover security vulnerabilities.
Comments (0)
Stuxnet is Back! No, new agencies have misunderstood
December 27, 2012 Added by:Pierluigi Paganini
Everytime news related to Stuxnet is spread on the Internet, immediately the worldwide security community writes on cyber war and the possible consequences of a cyber attacks, but what is really happening this time?
Comments (0)
The Obligatory 2013 Infosec Predictions Post
December 26, 2012 Added by:Simon Moffatt
Technology evolves so quickly that 12 weeks is an age when it comes to new ideas and market changes - and security is no different. However, the main areas I will personally be following with interest though, will be the BYOD/BYOA, personnel, preemptive security and social intelligence...
Comments (0)
New attacks against banking, cyber Jihad or cyber warfare acts?
December 22, 2012 Added by:Pierluigi Paganini
The banking world must be prepared, it is one of the sectors that will be subject to a major number of attacks in next year, they are considered privileged targets for hacktivists, state sponsored hackers and cyber criminals...
Comments (1)
Migrating South: The Devolution Of Security From Security
December 20, 2012 Added by:Ian Tibble
Is the typical security portfolio of system administrators wide enough to form the foundations of an effective information security program? Not really. In fact its some way short. Security Analysts need to have a grasp not only on file system permissions, they need to know how attackers actually elevate privileges...
Comments (0)
Refresher Series - Capturing and cracking SMB hashes with Cain and Half-LM rainbow tables.
December 20, 2012 Added by:f8lerror
On to the fun stuff, to capture a hash we want to use the Metasploit capture SMB auxiliary module, which is located in auxiliary/server/capture/smb. Leave the default settings with the exception of the CAINPWFILE. Set this to output the file where ever you like...
Comments (0)
Cybersecurity and 'Smart Encryption'
December 20, 2012 Added by:Larry Karisny
Paul “Prem” Sobel is a Cal Tech MS in electrical engineering and has dedicated a 40-year career to protecting mission-critical systems. He worked with IBM, NASA, Northrop and Intel before launching MerlinCryption LLC. In this edited interview, Sobel discusses security technologies and critical infrastructure vulnerabilities...
Comments (0)
The Ultra-Legacy Problem - Systems so old...
December 19, 2012 Added by:Rafal Los
Say you're a sizeable institution here and that over the last two decades you've amassed lots of platforms that run your business, in a time before the Information Security organization did much more than install anti-virus on your desktop... and now that technical debt has come back to haunt you...
Comments (3)
Israel’s Cyber Defenses Protect Government Sites from 44 Million Attacks
December 11, 2012 Added by:Dan Dieterle
Israel’s cyber defense is hard at work blocking millions of incoming cyber attacks. There have been millions of hacking attempts against government sites that have been intercepted with reportedly only one successfully taking down it’s target. And that for only a few minutes...
Comments (0)
Who Needs Words for Wars?
December 09, 2012 Added by:Jayson Wylie
This article holds little validity in my mind and I’m sure that runs up the chain of the Government to President Obama who is the only one, at this time, that seems to be able to have a majority consensus for a direction or secret directives for Cyberspace activities, rules and laws...
Comments (0)
Focus on the Host
December 06, 2012 Added by:Matthew McWhirt
The traditional concept of enterprise security monitoring typically encompasses observing and mitigating threats at the perimeter of the organization. While there is still a necessity for this model of security monitoring, the true notion of enterprise continuous monitoring practices must include a focus on the host...
Comments (0)
Port 9100/TCP Probes
December 06, 2012 Added by:Brent Huston
Now this is a little interesting. It is likely meant to be a validation probe that the printer device’s embedded web server is online and that the device is operational. BUT, the “Python-urllib/2.7″ made us suspicious. Perhaps this isn’t a usual printer request?
Comments (0)
New weapons for cyber warfare. The CHAMP project
December 05, 2012 Added by:Pierluigi Paganini
Cyber warfare scenario is rapidly changing, governments all around the world are investing to increase their cyber capabilities and designing new tools to adopt in cyberspace to face with opponents in what is considered the fifth domain of warfare...
Comments (0)
Windows 8 Forensics: USB Activity
December 03, 2012 Added by:Dan Dieterle
When I started working on Windows 8 USB drive forensics, I assumed it would be similar to Windows 7. I created a fresh Windows 8 VM and plugged a thumb drive into my local system. The VM recognized it as it should. I shut the VM down and opened it in EnCase to examine what happened...
Comments (0)
Controversial Active Cyber Defense
December 01, 2012 Added by:Jarno Limnéll
Increasingly, both the armed forces and businesses are practicing the concept of “active defense,” a military term that refers to efforts to thwart an attack by attacking the attackers. However popular it has become, active defense is an alarming trend...
Comments (0)
Two New SQL Security Books from Syngress
November 29, 2012 Added by:Ben Rothke
Since SQL is so ubiquitous on corporate networks, with sites often running hundreds of SQL servers; SQL is prone to attacks. SQL injection is a technique often used to attack databases through a website and is often done by including portions of SQL statements in a web form entry field...
Comments (0)
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)
- Complimentary IT Security Resources [May 13, 2013]
- Steps Toward Weaponizing the Android Platform
- Mobile Security Processes Could Be Applied to Medical Devices: Bluebox
- The Emperor Is Naked!
- Infographic: Keeping Web Applications Safe
- Do You Have a Vendor Security Check List? You Should!