Technology
Network Security in the Age of Social Media
December 08, 2011 Added by:Ben Rothke
Social media is now mainstream in corporate America, and the security and privacy issues around it are hot. In the past, many firms simply said no to social media at the corporate level. But that will no longer work, as social media isn’t a choice anymore, it’s a business transformation tool...
Comments (0)
Fraudsters Defeat Poor Risk Management - Not Two-Factor Authentication
December 08, 2011 Added by:Nick Owen
Carriers are not incentivized to secure their users accounts. SMS is really just an email sent to a phone over a provider that barely cares about security. 99% of SMS messages don't require security so don't expect the carriers to add any soon...
Comments (0)
PCI Compliance: On Redirects and Reposts
December 08, 2011 Added by:PCI Guru
A number of clients recently prompted me on my take regarding Redirects and Reposts as they attempt to shrink their PCI compliance footprint as small as possible. A lot of them like the idea of the repost because it requires only a simple change to their existing e-Commerce sites...
Comments (0)
The Detection in Depth Focus Model
December 08, 2011 Added by:Brent Huston
As explained in the maturity model post before, the closer the detection control is to the asset, the higher the signal to noise ratio it should be and the higher the relevance o the data should be to the asset being protected (Huston’s Postulate)...
Comments (0)
Data Loss Prevention - Without the New Blinky Boxes
December 08, 2011 Added by:Rafal Los
The glut of blinking lights and devices that require time and effort to manage has gotten out of control... or so I'm being told. I've not manged a security team in 4 years now, but even back then the glut of boxes, products and solutions was becoming too much to bear. I can only imagine it now...
Comments (1)
The Nature of Infosec: A Zero Sum Game
December 08, 2011 Added by:Scot Terban
Security is a “Zero Sum Game” - no matter what you do, no matter how many policies you have or blinking lights on an appliance that is alleged to keep out APT, in the end you really have not won the day. In fact, if you have not been hacked or abused that day, it was really just a fluke...
Comments (2)
Importance of a Secure Supply Chain in Selecting IT Vendors
December 07, 2011 Added by:Emmett Jorgensen
There have been numerous reports of rootkits and trojans that have been installed on component level chips designed to infiltrate networks from the inside. Government agencies have stepped up their diligence regarding what products are allowed to protect infrastructure at high security levels...
Comments (0)
Printer Hack: Researchers Can Set Media’s Pants on Fire
December 07, 2011 Added by:Brian Smithson
What was most irresponsible in this case was that the researchers took their exploit of one model of printer from one manufacturer and without even a cursory investigation extrapolated the threat to “hundreds of millions” of printers and fed it to a media hungry for sensational headlines...
Comments (0)
Malware Infection Rates – Who Has the Most Viruses?
December 07, 2011 Added by:Dan Dieterle
A look at the top viruses for each country shows a lot of cookie based viruses. Which may or may not be real viruses, but the rates are high none the less. But how does this compare to what other vendors are finding?
Comments (0)
ENISA Smartphone Secure Development Guidelines
December 07, 2011
This document was produced jointly with the OWASP mobile security project. It is also published as an ENISA deliverable in accordance with our work programme 2011. It is written for developers of smartphone apps as a guide to developing secure applications...
Comments (0)
Common Errors in Firewall Configurations
December 06, 2011 Added by:Christopher Rodgers
With the "ANY" port accessible vulnerability, clear text protocols could be used when both a secure and less secure clear text service are running on the same system, and vulnerabilities found for specific services such as SMB could be launched against vulnerable machines...
Comments (0)
A Checklist for Customer Cloud Security
December 06, 2011 Added by:Ben Kepes
In our cloud security whitepaper we spent time talking about why Cloud Computing is potentially more secure than traditional models of IT delivery while at the same time pointing out the fact that there’s still security issues that organizations need to think about when using Cloud...
Comments (0)
Android Apps Violate Permissions - But Who Cares, Right?
December 06, 2011 Added by:Ed Moyle
These guys built a tool called "woodpecker" that snakes around inside popular Android phone platforms looking for places where the phone is configured so as to violate the Android permission enforcement model. Go read it - you'd be surprised what they've found...
Comments (0)
Getting Past Security's Fuzzy Math ROI
December 05, 2011 Added by:Rafal Los
It seems that we're using statistics, metrics, surveys and 'studies' to demonstrate what we can't otherwise adequately explain. That would be all well and good, if the math wasn't all fuzzy. Numbers can't fib, only the people that manipulate them can be accused of that trespass...
Comments (0)
HP Printer Hack Video Shows Sensitive Data Tweet Too
December 05, 2011 Added by:Dan Dieterle
The researchers showed how a maliciously formed print job could cause an HP printer’s firmware to be reprogrammed so it acts like a copy machine – sending an exact print job to any place in the world, and the attackers also get a tweet showing sensitive information parsed from the print job...
Comments (1)
Run POST Modules On All Sessions
December 05, 2011 Added by:Rob Fuller
You use the POST module, drop to IRB and run those 4 lines, and bam, you win. With resource files we can automate this a bit more and have it so that we do this effortlessly with any post module... We know we can run ruby inside of resource files with the tag...
Comments (0)
- Five Things Your InfoSec Team Should Do in the Next 30 Days
- The Disclosure Debate Continues….. (part 1,453, 769) to be Continued
- The Danger of Mixing Cyber Espionage with Cyber Warfare
- Improving Security by Failing Faster
- BYOD: Should It Be the Wave of the Future?
- Trend Micro Discovers "SafeNet" - a New Targeted Espionage Operation Online
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)