The Castle Has No Walls - Introducing Defensibility as an Enterprise Security Goal

March 19, 2013 Added by:Rafal Los

It's time to retire the "castle" analogy when it comes to talking about how real Information Security should behave. I still hear it used a lot, and if you walked around the show floor at RSA 2013 you noticed there is still a tremendous amount of focus and vendor push around 'keeping the bad guys out.'

Comments  (1)


New York Times Attacks Show Need For New Security Defenses

February 01, 2013 Added by:Infosec Island

The recent attacks against the New York Times allegedly carried out by the Chinese military highlight the importance of layered security to protect sensitive systems and data.

Comments  (0)


RSA: Chris Blask, VP Marketing at AlienVault

February 15, 2011

Anthony M. Freed interviews Chris Blask of AlientVault. AlienVault makes the open source SIEM (Security Information and Event Management) tool "OSSIM" and supplies commercial versions to government, enterprise, MSSP and SCADA customers worldwide. AlienVault has more production users of its products than all other SIEM vendors combined.

Comments  (2)


In Rebuke of China

February 02, 2010 Added by:Tom Schram

In the current issue of Foreign Affairs, former NATO Commander General Wesley K. Clark and current Department of Veteran Affairs CTO Peter Levin write:  “There is no form of military combat more irregular than an electronic attack: It is extremely cheap, is very fast, can be carrier out anonymously, and can disrupt or deny critical servi...

Comments  (3)

From the Web

Senate Panel Clears Data Breach Bills

November 05, 2009 from: Office of Inadequate Security

The Senate Judiciary Committee Thursday approved two companion bills that would require businesses and government agencies to notify individuals of security breaches involving sensitive personally identifiable information. Both bills go to the Senate for consideration.

Comments  (0)

From the Web

Man charged with developing and distributing cable network hacking tools

November 02, 2009 from: Office of Inadequate Security

Charges were unsealed in federal court in Massachusetts against an Oregon man and the company he founded, TCNISO, alleging that they developed and distributed products that allowed users to modify their cable modems and obtain internet access without paying for it.

Comments  (0)


Good enough security?

October 29, 2009 Added by:Christopher Hudel

We have had 802.1x -- CISCO + Active Directory Integration --  in place for over a year know and it is largely a success; windows systems automatically obtain machine certificates (machines automatically receive certificates when they join the domain), supplicants exist for our IP Phones, and those devices (i.e.: printers)  that are currently incapable of 802.1x are split off in a tightl...

Comments  (2)


IT Security - Defense in Depth Protection using a Data-centric Model

October 29, 2009 Added by:Mike Cuppett

Start aligning your security strategy to better protect your organization's most critical asset - data. While many security proponents lean toward an outside-in strategy - protect every computer in the company from the outside world first - we really need to understand that the data is the asset that must be protected first and foremost.  The outside-in strategy starts at a macro level and ov...

Comments  (5)


Where are the DBAs?

October 07, 2009 Added by:Infosec Island Admin

What I really want to know is this: Where are the Database Admins (DBAs) these days? I cant tell you how many times in the past 18 months that I’ve found real enterprises running vulnerable databases with default passwords, weak passwords and no real permissions management.

Comments  (3)

From the Web

Website exposes sensitive details on military personnel

September 08, 2009 from: Office of Inadequate Security

Programming errors on a website that helps commuters carpool to work are exposing sensitive information of workers for hundreds of employers in Southern California, including at least one military installation.

Comments  (1)

From the Web

Email Obfuscation and Spam Robots

September 08, 2009 from: Rsnake's blog at

I’ve long been interested in spam and robots that scrape for email addresses. I’ve done tons of work in the space, although I’ve never published any of it. Call it more of a side hobby than anything I really want to go public with - as it is with a lot of my research

Comments  (0)

From the Web

Digital Direct reports breach

September 05, 2009 from: Office of Inadequate Security

Chris Cooper of reports that Digital Direct, Inc., a unit of Mitsubishi Corp., had a breach of their e-commerce web site that resulted in the compromise of 52,000 customers’ credit card numbers.

Comments  (0)

From the Web

Helping users keep plugins updated

September 04, 2009 from: Mozilla Security Blog

Starting with the upcoming releases of Firefox 3.5.3 and Firefox 3.0.14, Mozilla will warn users if their version of the popular Adobe Flash Player plugin is out of date. Old versions of plugins can cause crashes and other stability problems, and can also be a significant security risk.

Comments  (0)

From the Web

Best of Application Security (Friday, Sep. 4)

September 04, 2009 from: Jeremiah Grossman's Blog

Ten of Application Security industry's coolest, most interesting, important, and entertaining links from the past week -- in no particular order. Regularly released until year end. Then the Best of Application Security 2009 will be selected!

Comments  (0)

From the Web

Announcement Regarding The October 2009 Critical Patch Update

September 03, 2009 from: The Oracle Global Product Security Blog

Because many Oracle customers with responsibility for deploying the Critical Patch Update within their respective organizations will be attending Oracle OpenWorld on October 11-15, 2009; the October 2009 Critical Patch Update originally scheduled to be published on Tuesday, October 13th 2009, will be released on October 20th 2009.

Comments  (0)

From the Web

Rival used phony emails to snoop, firm says

August 21, 2009 from: Office of Inadequate Security

Affiliated Computer Services, an information technology firm, claims a competitor set up bogus email addresses in the names of dozens of ACS employees to divert mail and accounts to its rival’s computers. It claims Duncan Solutions’ “unauthorized diversion of ACS’ email not only interferes with the operation of ACS’ computer network, but it also gives Duncan access to...

Comments  (0)

Page « < 1 - 2 > »