November 22, 2011 Added by:security curmudgeon
Most in the security industry frown upon botnet-for-hire operators that sell their stolen bandwidth for illicit purposes. Personally, while I don't like or agree with it, I understand it. They are no different than any other person selling questionable or illicit services or goods in our society...
November 22, 2011 Added by:Keith Mendoza
This is a question that I would like to pose to the open-source software community: Assuming that we can ignore the lawyers for a second, what amount of effort would you be willing to put to produce software that is free of defect from workmanship? How will you go about making sure?
November 22, 2011 Added by:Josh Shaul
When you measure the impact on share price, it’s not worth it to build secure software. Buyers are gobbling up the vulnerable stuff as quickly as they can get their hands on it, and the people who pay the price are those whose data is stolen and whose lives are turned upside down in the aftermath...
November 22, 2011 Added by:Robert Siciliano
Security is paramount. Amazon states: “In order to provide end-to-end security and end-to-end privacy, AWS builds services in accordance with security best practices, provides appropriate security features in those services, and documents how to use those features..."
November 22, 2011 Added by:Rafal Los
You don't just go to college, get a degree in 'software security' and walk into a job being great at it - mostly because that degree doesn't exist, but also because the days of being able to walk into a job like this are probably long behind us...
November 22, 2011 Added by:Alexander Polyakov
This month ERPScan specialists published eight vulnerabilities of different criticality found in SAP products. The vulnerabilities represented almost all risks from the OWASP Top 10, from path traversal and XSS to authorization bypass and code injection...
November 21, 2011 Added by:Emmett Jorgensen
There is software that can scan your network and check for these un-patched systems. The software can report back exactly which software updates are missing, and then use another tool to actually exploit those vulnerabilities. An attacker could take complete control of your computer...
November 21, 2011 Added by:Brett Scott
If the only way to tell if the ACLs are properly configured is to use another detection mechanism that is capable of identifying improper traffic and nobody had anything like that on their networks, then how many networks are completely vulnerable and do not know it?
November 21, 2011 Added by:Andrew Weidenhamer
One of the biggest challenges is how to determine which 3rd party QSA company to use. With 120+ QSA companies certified to perform On-Site Assessments in the USA, there is not an easy answer, unless of course price is the only consideration. Unfortunately, sometimes this is the case...
November 21, 2011 Added by:Chris Blask
Monitoring of water treatment networks using common SIEM or log management tools offers the kind of capability that can address the need for visibility into control system behavior. The ICS networks found in water facilities are deterministic systems with highly predictable behavior...
November 21, 2011 Added by:Infosec Island Admin
Seriously... Sign up for TakeDownCon trainings and enjoy a 15% discount, three complimentary TakeDownCon passes, a 'Test Pass Guarantee', a $300 discount voucher for training at any Hacker Halted, and CHOICE OF a free iPad 2, or a $500 Tiffany & Co. Gift Card, or four nights hotel accommodations...
November 21, 2011 Added by:Mark Baldwin
Just about every adult website has an affiliate program and it is not uncommon for scammers to look for ways to take advantage of these programs. I was recently informed by a large payment gateway operator of a scam that is currently in operation. Here is how it works...
November 21, 2011 Added by:Robin Jackson
Those who see concerted nation-state cyber attacks in every compromised system are like the little boy who cried "Stuxnet" whenever a control system is hacked and those who poo-poo the vulnerabilities that come to light are like the little pig who built his house of straw and said "I'm safe"...
November 20, 2011 Added by:Robb Reck
Enterprise security is a service function. We exist to enable the business to do their jobs without being crippled by attacks and unreliable systems or losing trade-secrets to competitors. As soon as we stop enabling the business to produce better and faster, we become a liability...
November 20, 2011 Added by:John Nicholson
Companies now face the unenviable task of deciding what aspects of cyber incidents or risks are “material” and disclosing them, with the knowledge that the sophisticated and determined nature of cyber-attackers makes predicting the nature of an attack and its consequences incredibly difficult...
November 20, 2011 Added by:Kevin Johnson
When gaps are uncovered in an environment, they must be augmented with new policies, as is the case with mobile devices. The need for businesses and government to establish strong policies for mobile environments and the protection of information used with mobile devices is immediate...
Mobile Security Processes Could Be Applied t... Johnnie Nix on 05-21-2013
ATM Security (And Really Learning from the P... Johnnie Nix on 05-21-2013
New Study Published on Mobile Malware... Caitlin Rachel on 05-21-2013