Technology
Don't Miss the Security BSides Portland Event
August 31, 2011 Added by:Security BSides
The goal is to expand the spectrum of conversation beyond the traditional confines of space and time. It creates opportunities for individuals to participate in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos, and interaction from participants...
Comments (0)
Cloudpocalypse - When the Cloud Eats Your Corporate IP
August 30, 2011 Added by:Rafal Los
The Cloudpocalypse - where you've bought into a cloud service, neglected to understand what you're buying into (service level, liability, etc.) and then are left crying onto your keyboard as your cloud provider tells you, "Sorry, we've lost all your data... but you have a backup somewhere, right?"
Comments (2)
RAID and Disk Size - Search for Performance
August 30, 2011 Added by:Bozidar Spirovski
Centralizing your storage is always a very good idea - you can manage storage requirements of most servers through a central storage system, without the hassle of juggling local disks within servers. But centralizing a storage opens a whole new world of hassles...
Comments (0)
Railgun Error Checking
August 30, 2011 Added by:Rob Fuller
One important thing to note about Railgun is that you are querying the API, and just as if you were using C++, the API you are calling just might not be there on the system. So here is a quick trick to find out if a the function (API) that you are trying to call is available to you...
Comments (0)
McAfee: 65 Million Malware Samples - That’s Just the Tip
August 30, 2011 Added by:Brent Huston
I was fascinated by this article that came across my newsfeed that said McAfee hit 65 million malware samples in the 2nd quarter of 2011. It seems that the malware cat truly is out of the bag. It also seems like someone forgot to warn the crimeware world about opening Pandora’s box...
Comments (0)
Big Discounts on Infosec Training and Certifications
August 30, 2011 Added by:Infosec Island Admin
The ISLAND TRADEWINDS program is designed to offer infosec training and certification opportunities at significantly discounted rates. You can receive discounts of up to $500 or 20% on courses from Global Knowledge, Career Academy, SANS, and the Infosec Institute...
Comments (0)
Question: Why Cybercrime?
August 30, 2011 Added by:Craig S Wright
Cybercriminals are actually extremely rational. And not necessarily talking of hacktivists and others without a clear profit motive, but those with a drive to make money act extremely rationally. Consequently, there is a solution: Reduce their profit...
Comments (0)
Did China Really Expose a Cyber Attack Tool?
August 30, 2011 Added by:Joel Harding
Wow, it’s really cool that we have proof that China not only has the capabilities but has been caught red-handed attacking a website, and the target they’re attacking is located inside the US. I’m sure somebody at the new US Cyber Command jumped up and down and said, “Yes! We have proof..."
Comments (5)
Advanced Persistent Monkey See Monkey Do
August 29, 2011 Added by:J. Oquendo
Arguments surrounding APT will remain a battle of expert vs. expert - but how about we use some common sense for a moment? If YOU were an attacker, why would you bother attacking from your own fixed location? It would make more sense to attack from another country for deflection purposes...
Comments (6)
Security Awareness Education Begins with the Youth
August 29, 2011 Added by:Steven Fox, CISSP, QSA
DefCon Kids follows the trend towards developing cybersecurity skills in youth, so that these young professionals will one day be prepared to tackle the increasingly advanced cyber attacks that constantly threaten today’s enterprises...
Comments (0)
My Bid for the ISC2 Board of Directors Ballot
August 29, 2011 Added by:Wim Remes
I want to work with ISC2 leadership and membership to review the current status of the CISSP certification, how it is perceived by different audiences, and improve the exam process. With over 79,000 certification holders, it could be concluded that the certification is doing well...
Comments (4)
Red Hat 5 STIG: Kernel Modules
August 29, 2011 Added by:Jamie Adams
The new draft STIG requires entries in a configuration file to prevent the kernel from loading modules – even if the modules aren't installed on the system. Nonetheless, I have compiled a list of the required settings which must be set in your modprobe.conf configuration file...
Comments (0)
Morto Computer Worm Spreading via RDP
August 29, 2011 Added by:Headlines
"We don't see that many internet worms these days. It's mostly just bots and trojans. But we just found a new internet worm, and it's spreading in the wild... It uses a new spreading vector that we haven't seen before: RDP," said F-Secure...
Comments (0)
Mitigating the Apache Range Header DoS Vulnerability
August 28, 2011 Added by:Mark Baldwin
A new Apache DoS vulnerability was reported by security researcher Kingcope on the Seclists.org Full Disclosure mailing list that affects most default installations of Apache 1.3/2.x. Fortunately, there are some configuration settings that can be adjusted to mitigate this vulnerability...
Comments (1)
The Urban Legend of Multipass Hard Disk Overwrite
August 28, 2011 Added by:Brian Smithson
Multipass disk overwrite and the “DoD 5220-22-M standard 3-pass wipe” are, at best, urban legends. At worst, they are a waste of time. A single pass overwrite with any arbitrary value (randomly chosen or not) is sufficient to render the original HDD data effectively irretrievable...
Comments (6)
Software Security Assurance - Getting the Formula Right
August 27, 2011 Added by:Rafal Los
Security professionals need to ensure that we're doing what's right for the developers who will be building more secure software, rather than us security professionals who are adept at bolting on security bits. That's the big revelation here, but of course, only if you believe me...
Comments (0)
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)
- Complimentary IT Security Resources [May 13, 2013]
- Steps Toward Weaponizing the Android Platform
- Mobile Security Processes Could Be Applied to Medical Devices: Bluebox
- The Emperor Is Naked!
- Infographic: Keeping Web Applications Safe
- Do You Have a Vendor Security Check List? You Should!