Technology
DDoS: The Message is Often Lost in the Noise
November 22, 2011 Added by:security curmudgeon
Most in the security industry frown upon botnet-for-hire operators that sell their stolen bandwidth for illicit purposes. Personally, while I don't like or agree with it, I understand it. They are no different than any other person selling questionable or illicit services or goods in our society...
Comments (0)
Free From Defect Software License
November 22, 2011 Added by:Keith Mendoza
This is a question that I would like to pose to the open-source software community: Assuming that we can ignore the lawyers for a second, what amount of effort would you be willing to put to produce software that is free of defect from workmanship? How will you go about making sure?
Comments (2)
Does Software Security Suffer When the Customer is No Longer Master?
November 22, 2011 Added by:Josh Shaul
When you measure the impact on share price, it’s not worth it to build secure software. Buyers are gobbling up the vulnerable stuff as quickly as they can get their hands on it, and the people who pay the price are those whose data is stolen and whose lives are turned upside down in the aftermath...
Comments (2)
The Cloud of Clouds: Amazon Web Services
November 22, 2011 Added by:Robert Siciliano
Security is paramount. Amazon states: “In order to provide end-to-end security and end-to-end privacy, AWS builds services in accordance with security best practices, provides appropriate security features in those services, and documents how to use those features..."
Comments (1)
Wanted: Software Security Specialists... Are There Any?
November 22, 2011 Added by:Rafal Los
You don't just go to college, get a degree in 'software security' and walk into a job being great at it - mostly because that degree doesn't exist, but also because the days of being able to walk into a job like this are probably long behind us...
Comments (2)
Mass Disclosure of Vulnerabilities in SAP
November 22, 2011 Added by:Alexander Polyakov
This month ERPScan specialists published eight vulnerabilities of different criticality found in SAP products. The vulnerabilities represented almost all risks from the OWASP Top 10, from path traversal and XSS to authorization bypass and code injection...
Comments (0)
The Importance of Software Updating
November 21, 2011 Added by:Emmett Jorgensen
There is software that can scan your network and check for these un-patched systems. The software can report back exactly which software updates are missing, and then use another tool to actually exploit those vulnerabilities. An attacker could take complete control of your computer...
Comments (0)
ACL Complexity and Unknown Vulnerabilities
November 21, 2011 Added by:Brett Scott
If the only way to tell if the ACLs are properly configured is to use another detection mechanism that is capable of identifying improper traffic and nobody had anything like that on their networks, then how many networks are completely vulnerable and do not know it?
Comments (1)
Decrypting QSA Qualifications in a Diluted Market Place
November 21, 2011 Added by:Andrew Weidenhamer
One of the biggest challenges is how to determine which 3rd party QSA company to use. With 120+ QSA companies certified to perform On-Site Assessments in the USA, there is not an easy answer, unless of course price is the only consideration. Unfortunately, sometimes this is the case...
Comments (0)
ICS Cybersecurity: Water, Water Everywhere
November 21, 2011 Added by:Chris Blask
Monitoring of water treatment networks using common SIEM or log management tools offers the kind of capability that can address the need for visibility into control system behavior. The ICS networks found in water facilities are deterministic systems with highly predictable behavior...
Comments (4)
TakeDownCon Las Vegas: Big Discounts and Freebies
November 21, 2011 Added by:Infosec Island Admin
Seriously... Sign up for TakeDownCon trainings and enjoy a 15% discount, three complimentary TakeDownCon passes, a 'Test Pass Guarantee', a $300 discount voucher for training at any Hacker Halted, and CHOICE OF a free iPad 2, or a $500 Tiffany & Co. Gift Card, or four nights hotel accommodations...
Comments (0)
Affiliate Marketing Scam
November 21, 2011 Added by:Mark Baldwin
Just about every adult website has an affiliate program and it is not uncommon for scammers to look for ways to take advantage of these programs. I was recently informed by a large payment gateway operator of a scam that is currently in operation. Here is how it works...
Comments (1)
Getting Smacked in the Face Over TCP
November 21, 2011 Added by:Robin Jackson
Those who see concerted nation-state cyber attacks in every compromised system are like the little boy who cried "Stuxnet" whenever a control system is hacked and those who poo-poo the vulnerabilities that come to light are like the little pig who built his house of straw and said "I'm safe"...
Comments (0)
Enterprise Information Security is About Progress
November 20, 2011 Added by:Robb Reck
Enterprise security is a service function. We exist to enable the business to do their jobs without being crippled by attacks and unreliable systems or losing trade-secrets to competitors. As soon as we stop enabling the business to produce better and faster, we become a liability...
Comments (0)
Accounting for Cybersecurity
November 20, 2011 Added by:John Nicholson
Companies now face the unenviable task of deciding what aspects of cyber incidents or risks are “material” and disclosing them, with the knowledge that the sophisticated and determined nature of cyber-attackers makes predicting the nature of an attack and its consequences incredibly difficult...
Comments (0)
The Urgent Need for Mobile Device Security Policies
November 20, 2011 Added by:Kevin Johnson
When gaps are uncovered in an environment, they must be augmented with new policies, as is the case with mobile devices. The need for businesses and government to establish strong policies for mobile environments and the protection of information used with mobile devices is immediate...
Comments (0)
- Five Things Your InfoSec Team Should Do in the Next 30 Days
- The Disclosure Debate Continues….. (part 1,453, 769) to be Continued
- The Danger of Mixing Cyber Espionage with Cyber Warfare
- Improving Security by Failing Faster
- BYOD: Should It Be the Wave of the Future?
- Trend Micro Discovers "SafeNet" - a New Targeted Espionage Operation Online
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)