Technology
Social Media During a Crisis
August 26, 2011 Added by:Joel Harding
Without electricity most of us are going to be hosed, we won't have access to social media to communicate with family and friends. We won't be able to check the latest news and information from the government from websites and once everybody has moved to the cell phone networks, they'll crash...
Comments (1)
Tips to Beat Back-to-School Identity Theft
August 26, 2011 Added by:Kelly Colgan
September—that whirlwind season of back-to-school registration, dorm move-ins, and sports sign-ups—ushers in a sleigh-full of identity theft opportunities. It’s not just invincible college freshmen who are at risk. Parents can expose kids to fraud without realizing it...
Comments (2)
Insider Identity Theft is Still a Problem
August 26, 2011 Added by:Robert Siciliano
Even today, the HRdirector may have a new boyfriend who happens to have a drug problem, and who needs her to steal your identity so that he can get a fix. The fundamental issue of identity theft hasn’t changed, and the people doing it are the same. Frequently, they are those on the inside...
Comments (0)
From China with Love: The Chairman Meow Collection
August 26, 2011 Added by:Scot Terban
China has been working us over for a long time, and with each day’s passing we have been steadily more compromised by the 7th directorate and their proxy hacking groups. This is not to say that others aren’t doing the same thing as well, China just happens to be the more active...
Comments (1)
Four Cloud Trends on the CIOs Radar
August 26, 2011 Added by:Bill Gerneglia
Data Center Transformation: CIOs are feeling the stress of virtualization. The goal is to have more than 100 VMs on each server by 2012. That’s putting stress on the netwok and storage infrastructures which look outdated. The CIO needs to consider the impact of this stress...
Comments (0)
High Fashion, Low Security - Part Duex
August 25, 2011 Added by:David Martinez
I spy serious SQL issues… I had the hashes for the admins table, info from the customers table, as well as the full output of the transactions and users tables, which included MD5 hashes of CC numbers. The hashes were all 64-bits from a MySQL db, which means they were probably SHA256...
Comments (0)
Reducing Your Digital Footprint
August 25, 2011 Added by:Jim Palazzolo
As individual's use certain resources such as cell phones or GPS devices, they leave behind information which is considered to be a part of their digital footprint. In this essay the writer conveys countermeasures that can be used to evade or reduce an individual's digital footprint...
Comments (0)
A Carrot for Chip and PIN
August 25, 2011 Added by:PCI Guru
EMV and contactless technologies do not entirely solve the fraud problem. While they minimize fraud in the case of card present transactions, they do not even address fraud in card not present transactions. And it is in card not present transactions where fraud is most prevalent...
Comments (0)
Black Hat USA 2011: Will Bechtel - Product Manager - Qualys
August 24, 2011
The demands on companies and government to protect networks from exploits that threaten the security of proprietary information have skyrocketed. The dependence on IT systems increased for nearly every business, and so have the financial motivations of criminals...
Comments (0)
Why Data Centers Don't Need SSAE 16
August 24, 2011 Added by:david barton
I agree that DCs provide certain fundamental general controls that may impact the systems that are maintained there. But even those general controls do not constitute Internal Controls over Financial Reporting (ICFR) which is clearly a requirement for performing a SOC 1 (SSAE 16) review...
Comments (9)
The Dangers of Second Hand Hard Drives
August 24, 2011 Added by:Emmett Jorgensen
Whether you are planning on selling, recycling or throwing away your old hard drives, you should always consider using one of these solutions: destruction, degaussing, or secure data erasure. Otherwise, there's no telling whose hands you data may end up in...
Comments (2)
Yale Gets Google Dorked
August 24, 2011 Added by:Kelly Colgan
Knowing where your data is located, what are the access control mechanisms, and having an audit process to verify that resources are properly used, is generally part of every cyber risk program. When one of them fails, a data breach is inevitable...
Comments (0)
EC-Council Certified Ethical Hacker v7 Discounts
August 24, 2011 Added by:Infosec Island Admin
Receive up to a 20% discount on the EC-Council Certified Ethical Hacker v7 course. Students will learn how intruders escalate privileges, what steps can be taken to secure a system, Intrusion Detection, Policy Creation, Social Engineering, DDoS Attacks, Buffer Overflows and Virus Creation...
Comments (0)
Caveman to Spaceman - Evolutionary Stages of Infosec
August 24, 2011 Added by:Rafal Los
We've given up on the notion of securing things and are starting to focus on the idea that security is a journey, and while we're keeping things safe to a pre-defined level of risk tolerance, we need to minimize the damage when the bad people find their ways in and start to kick down doors...
Comments (2)
Message Queuing Insecurity
August 24, 2011 Added by:Danny Lieberman
Well placed attacks on message queues in an intermediary player, for example a payment clearing house, could result in the inability of the processor to clear transactions but also serve as an entry point into upstream and downstream systems. These attacks can and do cascade...
Comments (0)
Black Hat USA 2011: Rainer Enders - CTO - NCP Engineering
August 23, 2011
Rainer Enders is the CTO at NCP Engineering, and is interested in solving security related issues on all levels of data transfer and communication. NCP engineering delivers software that allows enterprises to rethink their secure remote access and overcome the network complexities...
Comments (0)
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)
- Complimentary IT Security Resources [May 13, 2013]
- Steps Toward Weaponizing the Android Platform
- Mobile Security Processes Could Be Applied to Medical Devices: Bluebox
- The Emperor Is Naked!
- Infographic: Keeping Web Applications Safe
- Do You Have a Vendor Security Check List? You Should!