ICS-CERT: WellinTech’s Kingview SCADA Vulnerability

December 22, 2011 Added by:Headlines

"An attacker can exploit this vulnerability by sending a specially crafted packet to Port 777/TCP that exceeds a specified length and contains executable code... Successful exploitation of the heap overflow vulnerability could allow a remote attacker to cause the service to crash..."

Comments  (0)


The State of Solid State

December 21, 2011 Added by:Emmett Jorgensen

Solid state disks are more reliable because SSDs do not contain any moving parts. There are no read heads, actuator arms or spinning platters that can break down in an SSD. SSDs can be moved around freely while in use and have a higher tolerance against shock and vibration than HDDs...

Comments  (1)


Why I Oppose the Twelve Chinese Hacker Groups Claim

December 21, 2011 Added by:Jeffrey Carr

Senators and Congressmen don't have enough knowledge about cybersecurity to discern truth from fiction, so what starts off as questionable analysis soon becomes terrible government policies, especially when it is advocating for civilian companies to counterattack a nation's network...

Comments  (0)


ICS-CERT: 7-Technologies IGSS Data Server Vulnerability

December 21, 2011 Added by:Headlines

"This vulnerability can be exploited by sending a specially crafted packet to Port 12401/TCP. A successful exploit will cause a buffer overflow that can result in a remote DoS against the 7T Data Server application on the targeted host..."

Comments  (0)


How Not to Recruit Spies Online and Off

December 21, 2011 Added by:Infosec Island Admin

One must look at the range and breadth of companies and entities being broken in to by the likes of China to see that no one is exempt. Know the ins and outs of the technology as well as the spook landscape, especially if you work in infosec today, lest you become the next target...

Comments  (2)


The MPLS Privacy Debate Continues

December 21, 2011 Added by:PCI Guru

Given that at some point MPLS traffic has to technically co-mingle with other customers’ network traffic, how can the PCI SSC claim that MPLS is private? The answer is a bit disconcerting to some, but for those of us with an understanding of the engineering issues, it was expected...

Comments  (1)


Analyzing Passwords for Patterns and Complexity

December 20, 2011 Added by:Dan Dieterle

This is a great tool to see patterns in password security. After years of users being warned about password security, it is disheartening to see the majority of users are still using simple passwords. More alarming is the number of password dumps available from compromised websites...

Comments  (0)


Fed CIO: Minimum Security Standards Set for Cloud Providers

December 20, 2011 Added by:Bill Gerneglia

The FedRAMP was established to provide a standard approach to Assessing and Authorizing cloud computing services. FedRAMP allows joint authorizations and continuous security monitoring services for Government and Commercial cloud computing systems intended for multi-agency use...

Comments  (0)


Data Loss Prevention - Step 3: Engage Physical Security

December 20, 2011 Added by:Rafal Los

While often missed, this component of security is one of the most critical when it comes to understanding, and fighting the loss of data in your organization in a very real, tangible way. There are three types of threats you want to be aware of from the physical perspective...

Comments  (0)


ICS-CERT: Invensys Wonderware InBatch ActiveX Vulnerability

December 20, 2011 Added by:Headlines

"Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code or cause a denial of service (DoS) on systems with affected versions of Wonderware InBatch Runtime Client components," the ICS-CERT advisory warns...

Comments  (0)


Modern Encryption – So Easy a Caveman Could Do It

December 19, 2011 Added by:Kanguru Solutions

Adding encryption is a relatively easy and cost effective way to secure your organizations data without adding significant cost or complexity. For organizations dealing with confidential information (healthcare, banking, government) it should be mandatory...

Comments  (0)


Digital Content Distribution Vulnerabilities

December 19, 2011 Added by:Danny Lieberman

An attack could be mounted on the STB/NPVR network to steal master keys and decrypt encrypted content. The cost of mounting the attack is far greater than the alternative of buying HD DVD media on the open market and producing pirated copies or ripping and putting it on a Torrent...

Comments  (0)


Some Facts About Carrier IQ

December 19, 2011 Added by:Electronic Frontier Foundation

There is an additional configuration file (called a "Profile") that determines what information is sent from the phone to a carrier. Profiles are programs in a domain-specific filtering language - they are normally written by Carrier IQ to the specifications of a telco or other client...

Comments  (0)


ENISA Releases Industrial Control Systems Security Report

December 19, 2011

"These systems have faced a notable number of incidents. These include the Stuxnet attack, believed to have used bespoke malware to target nuclear control systems in Iran, and the recent DuQu -‘upgraded variant’ of this malware. These incidents caused great security concerns among ICS users..."

Comments  (0)


Change Management and Process Improvement

December 19, 2011 Added by:Rafal Los

I don't know of a bigger detractor to security than a broken enterprise change management process... whether you work for a million node global corporation, or a company with 100 laptops and an outsourced IT - poor change management will be the death of your security posture, period...

Comments  (0)


Gamers: Hackers Latest Hot Target

December 18, 2011 Added by:Josh Shaul

If you are a gamer and you use any online gaming network or service, please be vigilant and cautious. Don't click on any offer that comes in via email, and don't signing up for anything gaming related unless you are doing so direct from the software manufacturer or gaming network...

Comments  (0)

Page « < 106 - 107 - 108 - 109 - 110 > »