A collection of articles and posts pulled from some of our favorite bloggers across the Internet.

Do you have an IT/Infosec Security blog that we can display here? Suggest a Link, otherwise Contact Us about getting blogging rights here on the Island!

Latest From the Web


From the Web

Nevermind, I Was Wrong, Google Is Evil

February 15, 2010 from: Rsnake's blog at ha.ckers.org

I [,RSnake have] been waiting a while to do this post - several weeks actually since my original post. In that post, I applauded Google’s apparent interest in reigning censorship as “the first really truly non-evil thing I have seen Google do in years”. Since then, I thought it appropriate to give them some time to sift through the nuances of their blog post - you know, to give t...

Comments  (11)


From the Web

Afraid of the Cloud..? You just need to ask the right questions…

February 12, 2010 from: Greg George

I’ve been receiving more and more inquiries from my social media circles and from clients regarding various security risks associated with using Software as a Service (SaaS): the Cloud, so I thought I’d share a few thoughts on the current status of things.

Comments  (1)


From the Web

Customer Sues Bank After Phishing Attack

February 11, 2010 from: Office of Inadequate Security

A Michigan-based metal supply company is suing Comerica Bank, claiming that the bank exposed its customers to phishing attacks.

Comments  (3)


From the Web

Phishing With Google Wave

February 10, 2010 from: Rsnake's blog at ha.ckers.org

...a good article on how to phish Google Wave users using malicious gadgets. This is precisely what Tom Stracener and I were talking about in our presentation at DefCon and Blackhat a few years back - except this is for Wave instead of iGoogle. Either way the point is the same - when you let other people control content that is embedded in your site, you are at the mercy of whatever they chose to ...

Comments  (0)


From the Web

Fixing security holes without introducing new bugs

February 10, 2010 from: Mozilla Security Blog

When fixing any bug, there is a risk of introducing new bugs, which we call regressions. Regressions caused by security fixes can be especially problematic because shipping a buggy security update can erode user trust for future updates.

Comments  (0)


From the Web

China Shut Down Biggest Hacker Training Site

February 09, 2010 from: Saumil's Infosec Blog

What is believed to be the country's biggest hacker training site has been shut down by police in Central China's Hubei province. Three people were also arrested, local media reported yesterday. The three, who ran Black Hawk Safety Net, are suspected of offering others online attacking programs and software, a crime recently added to the Criminal Law. A total of 1.7 million yuan ($249,000) in asse...

Comments  (2)


From the Web

Today’s threat: computer network terrorism

February 08, 2010 from: Saumil's Infosec Blog

“Carry out all my demands or the entire country’s electricity will be cut off.” Is this another line from a suspense film, or is it a palpable threat made possible with a computer keyboard? “Today, there is a growing trend amongst hackers around the world to threaten national infrastructures for ransom,” says Dr. Yaniv Levyatan, an expert in information war at the Uni...

Comments  (1)


From the Web

Defending Against Advanced Persistent Threats

February 08, 2010 from: AEON Security Blog

Google and other major companies and the report is both interesting and questionable. I have no reservations about the levels of expertise coming out of Mandiant or their findings; I do however, have reservations about the explanations and interpretation of what was summarized in the Wired article.

Comments  (0)


From the Web

Heartland Payment Systems and Visa Inc. Announce Acceptance Rate of Over 97 Percent for Data Security Breach Settlement Agreement

February 05, 2010 from: Office of Inadequate Security

Financial institutions representing more than 97 percent of eligible Visa-branded credit and debit cards have accepted the Alternative Recovery Offers they received pursuant to the settlement entered into by Visa Inc. (NYSE:V), Heartland Payment Systems® (NYSE: HPY) and Heartland’s sponsoring acquirers last month. This level of acceptance fulfills the 80 percent opt-in condition that was...

Comments  (0)


From the Web

The Web won’t be safe, let alone secure, unless we break it

February 03, 2010 from: Jeremiah Grossman's Blog

There are several security issues affecting all major Web browsers that have remained unaddressed for years (probably because the bad guys haven’t leveraged them aggressively enough, but the potential is there). The problem is that the only known ways to fix these issues (adequately) is to “break the Web” -- i.e. negatively impact the usability of a significant and unacceptable p...

Comments  (1)


From the Web

Accuracy and Time Costs of Web Application Security Scanner Report

February 03, 2010 from: Rsnake's blog at ha.ckers.org

Larry Suto is back with another report outlining the differences between some of the top web application scanners on the market....he took a different approach this time, and instead of running the scanners against something he had devised up to be used only in his own lab, he turned all the scanners on each other’s public test sites.

Comments  (1)


From the Web

HIPAA complaints decreased significantly in 2009

February 01, 2010 from: Office of Inadequate Security

Dennis Melamed provides monthly HIPAA complaint statistics based reports by the HHS Office for Civil Rights (OCR). It seems that not only did breach reports in general decline in 2009 relative to 2008, but privacy and security complaints to HHS also declined.

Comments  (1)


From the Web

New Data Breach Report: Malicious Attacks Doubled in 2009

January 25, 2010 from: Office of Inadequate Security

The number of malicious or criminal attack-related breaches was 24 percent — double the 12 percent of the 2009 study. “They are the most costly, and the types of attacks we found included botnet attacks and data-stealing malware,” Ponemon says. “There is more to worry about because I see this as a growing category. This number of criminal attacks will continue to increase i...

Comments  (0)


From the Web

Forget Blaming Microsoft or Google – Blame Yourself

January 22, 2010 from: AEON Security Blog

People from all walks of life including influential decision makers are quickly firing off ye ole “Blame Microsoft” rants this week after another debacle involving Google and China. The debacle involved so-called State Sponsored (from China) “hacktivities” to compromise Gmail accounts. The attacks were – as we’re told – targeted towards Internet Explorer v...

Comments  (2)


From the Web

Heartland lawsuit plaintiffs go after acquiring banks’ deep pockets

January 21, 2010 from: Office of Inadequate Security

The $60 million settlement offer announced by Visa and Heartland Payment Systems seems in jeopardy of falling apart as lawyers for some of the banks file a new lawsuit against Heartland’s acquiring banks and urge rejection of the settlement offer.

Comments  (1)


From the Web

Proposed VISA/Heartland Data Breach Settlement May Pay Banks and Credit Unions Pennies on the Dollar – plaintiffs

January 20, 2010 from: Office of Inadequate Security

Banks and credit unions that issued VISA payment cards compromised by the Heartland Payment Systems data breach, the largest data breach in history, should carefully review the proposed settlement between Heartland and VISA.

Comments  (0)


« First < Previous  | 2 - 3 - 4 - 5 - 6 |   Next > Last »