December 06, 2011 Added by:Ed Moyle
These guys built a tool called "woodpecker" that snakes around inside popular Android phone platforms looking for places where the phone is configured so as to violate the Android permission enforcement model. Go read it - you'd be surprised what they've found...
December 05, 2011 Added by:Rafal Los
It seems that we're using statistics, metrics, surveys and 'studies' to demonstrate what we can't otherwise adequately explain. That would be all well and good, if the math wasn't all fuzzy. Numbers can't fib, only the people that manipulate them can be accused of that trespass...
December 05, 2011 Added by:Dan Dieterle
The researchers showed how a maliciously formed print job could cause an HP printer’s firmware to be reprogrammed so it acts like a copy machine – sending an exact print job to any place in the world, and the attackers also get a tweet showing sensitive information parsed from the print job...
December 05, 2011 Added by:Rob Fuller
You use the POST module, drop to IRB and run those 4 lines, and bam, you win. With resource files we can automate this a bit more and have it so that we do this effortlessly with any post module... We know we can run ruby inside of resource files with the tag...
December 05, 2011 Added by:Headlines
"Publicly disclosing affected identity names and incident information is highly unusual and not part of ICS-CERT's normal incident reporting and triage procedures. In this particular case, because unconfirmed information had already been leaked to the public..."
December 05, 2011 Added by:Joel Langill
In SCADA+ 1.8 there are modules for several public SCADA/ICS vulnerabilities, most of which were recently disclosed by Luigi Auriemma. Many of these exploits appear to be denial-of-service (DoS) exploits, so this really is not something that I think is worth the money at this time...
December 04, 2011 Added by:Bill Gerneglia
Cyber attacks grow as corporations and governments amass information on individuals in complex networks across the Web, and cyber activists - some motivated by money, others by the desire to destabilize corporations and governments, continue to hack into organizational secrets...
December 04, 2011 Added by:PCI Guru
Security is not perfect, and controls have to be executed perfectly every day, every year - else that is where things always go awry. If you execute controls consistently, your organization should be very difficult to compromise and the bad guys will find an easier target...
December 04, 2011 Added by:Danny Lieberman
“Why does every hacking and cyberscam story – real or fictional – seem to have a Russia connection? In part, it is prejudice and laziness. The stereotype of the Russian hacker has become such a common media trope that it gets recycled again and again..."
December 03, 2011 Added by:Steven Fox, CISSP, QSA
As information assurance matures, its identity in the organizational culture is merging with the business units it supports. Practitioners are challenged to adapt their skills to the evolution of an infosec business function separate from its legacy association with the IT department...
December 02, 2011 Added by:Robert Siciliano
At least weekly some stressed out victim of a Facebook hack a.k.a “account takeover”, contacts me to help them get their account back in order. While I do have a connection or two at Facebook, the victim of the hack is in the best position to fix it themselves...
December 02, 2011 Added by:Rafal Los
So what catches your attention? What conclusions can you draw here that may be insight into how we can improve the state of software security in the enterprise? My eye gets caught on "politics" and TOOLS in big bold letters... then UPHILL and APATHY. Dang, we're a cynical bunch aren't we...
December 01, 2011 Added by:Dan Dieterle
Be it brute force password hacking or another Stuxnet 0-Day, Duqu shows that Linux is vulnerable to hackers. With a growing install base, supplanting Windows in many facilities, expect it to become even more of a target...
December 01, 2011 Added by:Danny Lieberman
We performed a Sarbanes-Oxley IT top down security assessment for a NASDAQ-traded advanced technology company to evaluate internal and external threats that impact the company’s information assets. Using Business Threat Modeling, a practical threat analysis model was constructed...
December 01, 2011 Added by:Scot Terban
It seems that much of the recent OP’s like Robin Hood are just dysfunctional ideas. And the videos are getting closer to the jihadi videos that AQ has been putting out over the years. The same graphics, the same music, the same metaphor and rhetoric with a tinge of threat...
December 01, 2011
Wanna Buy Some Dumps?... Biniohs Chekcer on 06-19-2013
Student Pleads Guilty to Counterfeiting Coup... on 06-18-2013