The Cyber Security Casino: Betting with House Money

December 15, 2011 Added by:Kelly Colgan

Identifying threats is an offensive tactic. It’s a close monitoring of the system at hand and the cyber news media. It’s easier to be protective when you understand what kinds of hackers, criminal, or nation states are after your system’s data. Know how to handle toxic data...

Comments  (0)


Security BSides Planning Epic Phoenix Event

December 15, 2011 Added by:Security BSides

Bummed out after Snowmageddon? Want a nice hot (at least warmer) change of scenery? Arizona is hosting its first ever BSides during one of the best times of year. We aim to provide the highest quality talks, hands on training and workshops. We also have cactus...

Comments  (0)


Following the Trail of Web-Based Malware

December 15, 2011 Added by:Mark Baldwin

The main.php script contained javascript that attempted to exploit several potential vulnerabilities. I downloaded the script and analyzed it. By inserting an “alert” statement into the script prior to the actual execution of the code, we can get a good idea of what the script does...

Comments  (0)


Google Wallet and the Edge of PCI’s Regulatory Map

December 14, 2011 Added by:Ed Moyle

Folks might object to sensitive data being stored in cleartext within Google Wallet - I sure do - but the problem isn't so much Google Wallet but instead the fact that mobile devices are blurring the lines between what's a payment application and what's not...

Comments  (0)


PenTest: Get to Know Yourself Before Others Do

December 14, 2011 Added by:Malgorzata Skora

With multi-tier network architectures, web services, custom applications, and heterogeneous server platform environments, keeping data assets secure is more difficult than ever. Coupled with this complexity is the fact that criminal organizations have organized their hacking efforts...

Comments  (1)


Three Things Experts Won't Tell You About Cloud Security

December 14, 2011 Added by:Mike Meikle

Carefully crafted and monitored SLAs to keep vendors in check, mandating FIPS 140-2 certification of potential vendors and benefiting from vendor technology investments (economies of scale) can add significant weight to cloud solution providers being more secure than in-house solutions...

Comments  (1)


Windows Phone Denial of Service Attack Vulnerability

December 14, 2011 Added by:Dan Dieterle

"The attack is not device specific and appears to be an issue with the way the Windows Phone messaging hub handles messages. The bug is also triggered if a user sends a Facebook chat message or Windows Live Messenger message to a recipient..."

Comments  (0)


Cybersecurity in Waste Water and Water Control Systems

December 14, 2011

The first of a monthly webinar series on Industrial Control System (ICS) Cybersecurity is now available for review in this video. This session provides insight for those interested in ICS Cybersecurity including policy makers, asset owners, vendors, consultants and integrators....

Comments  (0)


Data Loss Prevention: Step 2 - Manage Privileges

December 13, 2011 Added by:Rafal Los

Getting back to basics is critical, and one of the most basic of basics is managing the rights to your data, your systems, and your critical operations. Let's take a critical, step-by-step look at how managing privileges can greatly decrease your likelihood of leaking data...

Comments  (0)


Don't Fall Victim to Poor Network Segmentation

December 13, 2011 Added by:f8lerror

If an attacker compromises the DMZ, it is important to stop them there. Firewalls and segmentation is the key to this. Should a user have unlimited access to the internal network from a Citrix server or VPN? Or be able to connect to file shares, internal web applications, and databases?

Comments  (0)


Case Study: A Cloud Security Assessment

December 13, 2011 Added by:Danny Lieberman

A client asked us to find a way to reduce risk exposure at the lowest cost. Using the Business Threat Modeling methodology and Practical Threat Analysis software, we were able to mitigate 80% of the total risk exposure in dollars at half the security budget proposed by the vendor....

Comments  (1)


ENISA on Cyber Security: Future Challenges and Opportunities

December 13, 2011

Our society has become irreversibly dependent on Information and Communication Technologies (ICTs). Unfortunately, the adoption of them has been accompanied by the development of a new set of cyber threats which are developing in ever more rapid, sophisticated and sinister ways...

Comments  (0)


Data Loss Prevention - Step 1: Know What's Important

December 12, 2011 Added by:Rafal Los

It's important to understand what your company does and then figure out what the critical bits are. Sometimes it's your customer lists, or a secret ultra-high efficiency engine design, or the next big thing in stealth bombers. The point is that you simply need to know your business...

Comments  (0)


PCI DSS Risk SIG Announced: Results Will Be Interesting

December 12, 2011 Added by:Andrew Weidenhamer

The one that I am most interested in seeing is the results of is the Risk Assessment SIG. Although IT Risk Assessments has been a term that has been used for decades now, they are still rarely performed and almost always poorly when they are in regard to effectively considering threats...

Comments  (0)


Merchant Beware – New Mobile Payment Solution in the Wild

December 12, 2011 Added by:PCI Guru

Even if Square’s software encrypts the data, the underlying OS will also collect the data in cleartext. Forensic examinations of these devices have shown time and again that regardless of what the software vendor did, the data still existed in memory unencrypted...

Comments  (0)


Closing the Gate Before the Horse Bolts – On Passwords for the Cloud

December 12, 2011 Added by:Ben Kepes

Passwords it seems are both the bane of our existence and, apparently, the most important thing in our lives. Unfortunately the Cloud doesn’t really change this, good password protocols are as important in the Cloud as they were in an on-premise world and potentially even more so...

Comments  (0)

Page « < 106 - 107 - 108 - 109 - 110 > »