Technology
Android Apps Violate Permissions - But Who Cares, Right?
December 06, 2011 Added by:Ed Moyle
These guys built a tool called "woodpecker" that snakes around inside popular Android phone platforms looking for places where the phone is configured so as to violate the Android permission enforcement model. Go read it - you'd be surprised what they've found...
Comments (0)
Getting Past Security's Fuzzy Math ROI
December 05, 2011 Added by:Rafal Los
It seems that we're using statistics, metrics, surveys and 'studies' to demonstrate what we can't otherwise adequately explain. That would be all well and good, if the math wasn't all fuzzy. Numbers can't fib, only the people that manipulate them can be accused of that trespass...
Comments (0)
HP Printer Hack Video Shows Sensitive Data Tweet Too
December 05, 2011 Added by:Dan Dieterle
The researchers showed how a maliciously formed print job could cause an HP printer’s firmware to be reprogrammed so it acts like a copy machine – sending an exact print job to any place in the world, and the attackers also get a tweet showing sensitive information parsed from the print job...
Comments (1)
Run POST Modules On All Sessions
December 05, 2011 Added by:Rob Fuller
You use the POST module, drop to IRB and run those 4 lines, and bam, you win. With resource files we can automate this a bit more and have it so that we do this effortlessly with any post module... We know we can run ruby inside of resource files with the tag...
Comments (0)
Is the Security Response System for SCADA-ICS Broken?
December 05, 2011 Added by:Headlines
"Publicly disclosing affected identity names and incident information is highly unusual and not part of ICS-CERT's normal incident reporting and triage procedures. In this particular case, because unconfirmed information had already been leaked to the public..."
Comments (0)
Gleg Releases Version 1.8 of the SCADA+ Exploit Pack
December 05, 2011 Added by:Joel Langill
In SCADA+ 1.8 there are modules for several public SCADA/ICS vulnerabilities, most of which were recently disclosed by Luigi Auriemma. Many of these exploits appear to be denial-of-service (DoS) exploits, so this really is not something that I think is worth the money at this time...
Comments (0)
Executives Lack Confidence in Infosec Strategies
December 04, 2011 Added by:Bill Gerneglia
Cyber attacks grow as corporations and governments amass information on individuals in complex networks across the Web, and cyber activists - some motivated by money, others by the desire to destabilize corporations and governments, continue to hack into organizational secrets...
Comments (0)
Controls Have to be Executed Perfectly Every Day
December 04, 2011 Added by:PCI Guru
Security is not perfect, and controls have to be executed perfectly every day, every year - else that is where things always go awry. If you execute controls consistently, your organization should be very difficult to compromise and the bad guys will find an easier target...
Comments (0)
Russian Cyber Crime - Pride or Prejudice?
December 04, 2011 Added by:Danny Lieberman
“Why does every hacking and cyberscam story – real or fictional – seem to have a Russia connection? In part, it is prejudice and laziness. The stereotype of the Russian hacker has become such a common media trope that it gets recycled again and again..."
Comments (0)
Key Sessions at the CISO Executive Summit 2011
December 03, 2011 Added by:Steven Fox, CISSP, QSA
As information assurance matures, its identity in the organizational culture is merging with the business units it supports. Practitioners are challenged to adapt their skills to the evolution of an infosec business function separate from its legacy association with the IT department...
Comments (0)
How to Recover a Hacked Facebook Account
December 02, 2011 Added by:Robert Siciliano
At least weekly some stressed out victim of a Facebook hack a.k.a “account takeover”, contacts me to help them get their account back in order. While I do have a connection or two at Facebook, the victim of the hack is in the best position to fix it themselves...
Comments (0)
Challenges for Software Security Professionals
December 02, 2011 Added by:Rafal Los
So what catches your attention? What conclusions can you draw here that may be insight into how we can improve the state of software security in the enterprise? My eye gets caught on "politics" and TOOLS in big bold letters... then UPHILL and APATHY. Dang, we're a cynical bunch aren't we...
Comments (1)
Duqu Servers Included Hacked Linux Systems
December 01, 2011 Added by:Dan Dieterle
Be it brute force password hacking or another Stuxnet 0-Day, Duqu shows that Linux is vulnerable to hackers. With a growing install base, supplanting Windows in many facilities, expect it to become even more of a target...
Comments (0)
Case Study: SOX IT Compliance
December 01, 2011 Added by:Danny Lieberman
We performed a Sarbanes-Oxley IT top down security assessment for a NASDAQ-traded advanced technology company to evaluate internal and external threats that impact the company’s information assets. Using Business Threat Modeling, a practical threat analysis model was constructed...
Comments (0)
Anonymous and AntiSec: Mixing Metaphors Can Lead to Trouble
December 01, 2011 Added by:Scot Terban
It seems that much of the recent OP’s like Robin Hood are just dysfunctional ideas. And the videos are getting closer to the jihadi videos that AQ has been putting out over the years. The same graphics, the same music, the same metaphor and rhetoric with a tinge of threat...
Comments (0)
(Almost) All Your (BASE) Are Belong to Us!
December 01, 2011
The HTML element Cross Site Scripting (XSS) I will discuss abuses the "best practice" among web developers to use relative links and the tendency of web browsers to parse incorrect HTML. HTML tags are often used in XSS attacks to an attacker inject dangerous javascript or html content...
Comments (0)
- Identity & Access Management: Give Me a REST
- Over-Sharing Riskier than Government Snooping
- 20 Critical Security Controls: Control 13 – Boundary Defense
- Redefining Social Networking
- Creating Your Own Privacy & ROI
- Security Intelligence for the Enterprise - Part 1
- Why are Cybercrimes NOT Always White-collar Crimes?
- From the SMB to Security Guru: Five Ways IT Pros Can Manage Security on a Budget
- Balancing Act Between Privacy and Security
- The NSA’s Word Games Explained: How the Government Deceived Congress in the Debate over Surveillance Powers