A collection of articles and posts pulled from some of our favorite bloggers across the Internet.

Do you have an IT/Infosec Security blog that we can display here? Suggest a Link, otherwise Contact Us about getting blogging rights here on the Island!

Latest From the Web


From the Web

Effectiveness of User Training… and Security Products in General

March 17, 2010 from: Rsnake's blog at ha.ckers.org

It’s not every day I come across real wisdom in research but I saw a link yesterday to So Long, And No Thanks for the Externalities: The Rational Rejection of Security Advice by Users which is a research paper written by one of the guys at Microsoft. There are some amazingly choice quotes in there, like

Comments  (0)


From the Web

Relationships with Foreign Business Partners

March 15, 2010 from: Greg George

As business leaders continue to reach out and embrace global opportunities, the ability to recognize and mitigate operational threats is paramount....a recent memorandum discusses 28 countries having serious deficiencies in their strategies for countering money laundering and financial terrorist activities

Comments  (0)


From the Web

Using Parameter Pollution and Clickjacking to Aid Anti-CSRF Bypass

March 11, 2010 from: Rsnake's blog at ha.ckers.org

It’s been a while since I’ve talked about Clickjacking, with only a few exceptions here and there. Mostly because I haven’t seen it much in the wild - at least not yet. But there’s still a lot of research out there to be done. I got an interesting email the other day that talked about a way to use parameter pollution (or a mix of URL parameters and POST) to create a conditi...

Comments  (0)


From the Web

Analyst Study Shows Employees Continue to Put Data at Risk

March 10, 2010 from: Office of Inadequate Security

...the results from the annual "Human Factor in Laptop Encryption" study performed by Absolute Software and the Ponemon Institute reveal some very interesting metrics about the use/adoption of encryption software and the risk posed to businesses from the loss of unencrypted media.

Comments  (1)


From the Web

Even Einstein Can’t Track Google’s “Script Kiddie” Hackers

March 09, 2010 from: AEON Security Blog

News surrounding the attacks at Google and other companies are a dime a dozen and, while we have not seen any evidence publicly disclosed, we too can speculate along with everyone else. My first thoughts surrounding the news of the attack led me to believe that the compromise may have been an inside job.

Comments  (4)


From the Web

Fiserv to Banks: Stay on Outdated Adobe Reader

March 08, 2010 from: Office of Inadequate Security

Brian Krebs reveals that Fiserv, a “Fortune 500 company that provides bank transaction processing services and software to more than 16,000 clients worldwide,” is urging customers not to use the most updated version of Adobe Reader.

Comments  (2)


From the Web

File-Sharing Software Potential Threat to Health Privacy – Study

March 03, 2010 from: Office of Inadequate Security

Cross-Posted from: http://www.databreaches.net/?p=10367A research report on file-sharing risks that compares risks for personal financial information to personal health information:

Comments  (1)


From the Web

United States Department of Defense Embraces Hacker Certification to Protect US Interests

March 01, 2010 from: Saumil's Infosec Blog

The U.S. Department of Defense (DoD) announces the official approval of the EC-Council Certified Ethical Hacker (CEH) certification program as a new baseline skills requirement for U.S.cyber defenders. Specifically, the new Certified Ethical Hacker program is required for the DoD's computer network defenders (CND's), a specialized personnel classification within the DoD's information assurance wor...

Comments  (1)


From the Web

Welcome Infosec Island Network readers

February 28, 2010 from: Office of Inadequate Security

Over the weekend, I added 19 financial, 21 business, 4 healthcare, 1 government and 1 not-for-profit breaches thanks to the Maryland Attorney General’s Office updating their web site. You may also be interested in reading how much manpower was involved in trying to identify whose data and what kinds of data were in the audio and video files on the 57 stolen BlueCross BlueShield hard drives.&...

Comments  (1)


From the Web

19 more financial sector breaches from 2009

February 27, 2010 from: Office of Inadequate Security

Maryland has updated its web site to provide breach notifications that it has received since its last update.  The newly posted notifications are for the period ending December 31, 2009, so there will likely be more to come for 2010

Comments  (0)


From the Web

21 more business sector breaches from 2009

February 27, 2010 from: Office of Inadequate Security

Maryland has updated its web site to provide breach notifications that it has received since its last update.  The newly posted notifications are for the period ending December 31, 2009, so there will likely be more to come for 2010

Comments  (0)


From the Web

A rise in cyber attacks by one third saw 100 per cent of enterprises experience cyber losses in 2009

February 25, 2010 from: Saumil's Infosec Blog

According to Symantec's 2010 State of Enterprise Security study, 75 per cent of enterprises experienced cyber attacks in the last 12 months and 36 per cent rated the attacks somewhat/highly effective. Also, there was a 29 per cent rise in reported attacks in the last 12 months.

Comments  (0)


From the Web

Banks, Businesses, Viruses and the UCC

February 24, 2010 from: Rsnake's blog at ha.ckers.org

There’s an interesting post over at Krebs On Security talking about some poor company that is going bankrupt because TD Bank allegedly will not give them their money back after it was stolen out of their account.

Comments  (1)


From the Web

Advanced Persistent Errata – Defending The Castle Part 1

February 23, 2010 from: AEON Security Blog

Cross-Posted from the AEON Security Blog: In today’s blog entry, I bring to you: “Advanced Persistent Errata – Defending The Castle;” in other words, “Blocking ANYONE you damn well choose to block.” 

Comments  (3)


From the Web

Thousands of Twitter user accounts compromised

February 23, 2010 from: Saumil's Infosec Blog

IT security firm, Sophos, has warned Twitter users on a new attack that has led to thousands of accounts being compromised by hackers using a Web 2.0 botnet. The hijacked accounts are later used to spread money-making spam campaigns.

Comments  (1)


From the Web

Cyberattack simulation highlights vulnerabilities

February 20, 2010 from: Saumil's Infosec Blog

Imagine that a widely downloaded, malicious smart phone application has triggered a national security crisis and brought the country’s telecommunications and electronic infrastructure to a standstill. This scenario was only make-believe: the East Coast still has power and Midwestern factories are functioning. But the threats from cyber exploits against the national and economic security of t...

Comments  (1)


« First < Previous  | 1 - 2 - 3 - 4 - 5 |   Next > Last »