Vertical Password Guessing Attacks Part I

January 20, 2014 Added by:Vince Kornacki

In this article we'll test our web application with vertical password guessing attacks. Whereas horizontal password guessing attacks entail trying only a few common passwords against a long list of usernames, vertical password guessing attacks entail trying a long list of passwords against a single username.

Comments  (0)


Office 365 Vulnerability Allowed Unauthorized Administrator Access

January 19, 2014 Added by:Anthony M. Freed

Security researcher Alan Byrne has disclosed a Cross Site Scripting (XSS) vulnerability in Microsoft Office 365 that would allow an attacker to obtain administrator privileges and access to the Email and SharePoint content across the network, as well as the ability to make configuration changes.

Comments  (0)


Dealing With Unrealistic Security Expectations from the Executive Office

January 18, 2014 Added by:Tripwire Inc

So, your CEO keeps hassling you about a “real” plan for securing the company’s technology. You have a plan, telling him “we have done a, b, c and we are going to do d,e,f next month – if you don’t cut our budget.” But he keeps asking for a “real” plan, otherwise he will cut the budget...

Comments  (0)


Are You Playing Security ‘Elf on the Shelf’?

December 23, 2013 Added by:Steve Lowing

While your end users may act like children from time to time, your security practices shouldn’t treat them like they are. Gain visibility and control before being placed on the naughty list.

Comments  (0)


Improving SCADA System Security (Part 1)

December 21, 2013 Added by:InfoSec Institute

Supervisory control and data acquisition (SCADA) networks are considered by cyber strategists to be the backbone of any country. Critical infrastructure, and in particular control systems, require protection from a variety of cyber threats that could compromise their ordinary operation.

Comments  (0)


What the Snowden Leaks Can Teach Us About Data Security

November 14, 2013 Added by:Cam Roberson

One of the major issues discussed in the wake of the National Security Agency leak involving Edward Snowden was how the government can prevent a similar leak from happening in the future. This article looks at several specific measures that can strengthen data security, making it more difficult for bad actors to break into the system, and tougher for them to make off with sensitive information onc...

Comments  (0)


Industrial Control Industry Slow to Adopt Security Configuration Management: Survey

November 13, 2013 Added by:InfosecIsland News

Tripwire unveiled the results of a study comparing risk-based security management in the industrial sector to that of other industries.

Comments  (0)


DNP3 Vulnerabilities Part 1 of 2: NERC’s Electronic Security Perimeter is Swiss Cheese

November 07, 2013 Added by:Eric Byres

If you have been following SCADA news in the last month, you might have noticed an avalanche of reports and blogs on new security vulnerabilities in power industry equipment. So far, vulnerability disclosures for 9 products using the DNP3 protocol have been released by the ICS-CERT, with another 21 SCADA product disclosures on their way.

Comments  (0)


Preparing for the Internet of Things: Integrating Strong Authentication in Daily Life

November 04, 2013 Added by:Jochem Binst

The online world as we know it today is not the same as the one we got to know in the beginning of the Internet era and certainly not the one that is emerging today! People worldwide are starting to realize this. All they have to do now is act on it. Strong authentication to secure the online world will be embraced since it becomes a necessity; using strong authentication is the next step.

Comments  (0)


What Is Your Browser Doing Behind Your Back?

October 09, 2013 Added by:Kyle Adams

Browsers have become extremely complex over the last few years, so does everyone fully understand everything a modern browser does? Of course everyone is familiar with the point and click, redirections, forms . . . normal Web stuff. What you might not know, is that your browser does a lot of things automatically without you asking it to.

Comments  (0)


Plugging Java’s Holes - Is There a Practical Fix?

September 18, 2013 Added by:Scott Petry

Developers love Java. But its security problems have gotten out of hand. Is there a practical fix?

Comments  (0)


Insider Steals Data of 2 Million Vodafone Germany Customers

September 12, 2013 Added by:Mike Lennon

Vodafone Germany said an attacker with insider knowledge had stolen the personal data of two million of its customers from a server located in Germany.

Comments  (0)


Enough Clucking – Start Fixing the SCADA Security Problem

September 12, 2013 Added by:Eric Byres

I am not a SCADA Apologist. If anything, I consider people like myself and Joel Langill to be SCADA Realists. Clearly Joel and I believe security is important. If we didn’t, we wouldn’t be in this business. And our clients don’t pay us to hear: “Do nothing; it’s the other guy’s fault.”

Comments  (0)


Today's Mobile Device Data Protection Must Go Beyond Encryption

August 21, 2013 Added by:Cam Roberson

Employers can be diligent in installing encryption protection software on the devices their employees use, but what happens if the password is compromised? Whenever the password is known, the laptop, smartphone or tablet is at no less security risk with encryption as it is without.

Comments  (50)


If you Knew you Were Going to be Attacked, What Would you do Differently?

August 14, 2013 Added by:Bill Wheeler

Recent reports have found that cyberattacks against U.S. corporations are on the rise, along with an increase in international threats, especially from China, and emerging threats to small businesses. Today, it’s not a matter of if an organization will be the victim of a cyberattack, but when.

Comments  (3)


The Electric Industry: Understanding Cyber Risk is Key to Resource Allocation

August 07, 2013 Added by:Lila Kee

Organizations, especially those involved in the electric industry, must view security investments as a viable risk-reduction tools that not only protect the nation’s way of life, but also investments they have made in their own businesses. To truly understand the risk that critical infrastructures face, and the level of security attention its different sectors require, you must first understand ...

Comments  (1)

Page « < 2 - 3 - 4 - 5 - 6 > »