Latest Blog Posts
Why we did it, and don't want to make money from it..
March 18, 2010 Added by:Jason Remillard
A description of the automated wordpress security plugin by SSM. If you're running WP, check it out!
Comments (0)
Hackers Lurking in Hotel Networks
March 17, 2010 Added by:Mark Smail
Many frequent business travelers spend almost as many nights sleeping in hotels as they do in their own beds. The need to stay productive when you’re on the road means that travelers must rely on whatever means available to stay connected, even if it’s an unprotected hotel wireless network.
Comments (3)
HTML insecurities
March 16, 2010 Added by:_ Comet
A breif history and evolution of the web...Way back when, the first webserver was created, serving HTML documents. HTML was designed to show documents with hypertext links, and also to allow the documents to have semantic markup that would be displayed to the reader.
Comments (0)
Clash of Security and Social Network Marketing
March 16, 2010 Added by:Crystal Craven
Information Security Gurus and Marketing Professionals are often at odds with each other in the business realm. Marketing used to primarily be a print and face to face business function. Thanks to the over-haul of standard marketing strategies, marketing has grown new roots on the web and has found itself buried deep within social networking sites like LinkedIn, Facebook and Twitter.
Comments (9)
Executive Series Tech Tip - Inadequate Vulnerability Assessment
March 16, 2010 Added by:Michael Bruck
Your latest Vulnerability Assessment is likely a waste of your IT Budget dollars! Why?
Comments (5)
Vigilantes or Public Servants?
March 15, 2010 Added by:Wayde York
No one likes SPAM (the email variety.) Every responsible user of the Internet and surely every responsible information security professional would agree that anti-spam efforts are needed and likely should be expanded. What happens, however, when the Internet-based anti-spam agents become a hindrance to business?
Comments (3)
Social Media Sticky Situations
March 15, 2010 Added by:Robert Siciliano
Maybe you’re a Mom or a Dad, a Student or a Grad. No matter what you are, you have a reputation to protect. How we are viewed in society matters to most people. Being viewed as someone who is respectable, responsible, someone who has integrity and is generally a decent person is what most people strive for.
Comments (0)
Need to consolidate information security compliance efforts? Try open source.
March 12, 2010 Added by:Ted LeRoy
Many organizations have to comply with multiple regulatory requirements for their information security infrastructures. Fragmented efforts to comply Sarbanes-Oxley (sarbox or SOX), Gramm Leach Bliley Act (GLBA), Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry - Data Security Standard (PCI-DSS), and ISO 27000 series, to name a few, can result in c...
Comments (0)
Hacker Releases Second Video of Enhanced XerXeS DoS Attack on Apache Vulnerability
March 11, 2010 Added by:Anthony M. Freed
Infosec Island has once again gained exclusive access to a video demonstration of the XerXeS DoS. This new video shows a little more of the XerXeS dashboard, and reveals even more about the attack technique – watch the text box on the left as Jester mentions “Apache” for the first time outside of our private conversations.
Comments (15)
Newbie Introduction to Digital Forensics Part 2
March 08, 2010 Added by:Juan Granados
The information available on the internet can be a blessing and a curse at the same time. The multitude of information can be overwhelming for the newly annointed "Padawan" learner. One thing was clear....Forensic analysis was an art rather than a science. My hope of finding a "Cliff's Notes" version of "Digital Forensics" would prove to be impossible.
Comments (0)
Simple Log Review Checklist Released!
March 08, 2010 Added by:Anton Chuvakin
Today, many people are looking for very simple solutions to big and complex problems – and the area of logging and log management is no exception. Following that theme, we have created a "Critical Log Review Checklist for Security Incidents" which is released to the world today.
Comments (1)
Press F1 for Help, pwned.
March 08, 2010 Added by:Daniel Kennedy
Microsoft published security advisory 981169 yesterday in response to the zero day vulnerability reported a few days prior. The vulnerability is in the help system and can be triggered by luring an Internet Explorer user into pressing the F1 key. Windows 2000, Windows XP SP2 & SP3, and Windows 2003 SP2 with Internet Explorer 7 and Internet Explorer 8 are all affected.
Comments (0)
Newbie introduction to digital forensics Part 1.
March 08, 2010 Added by:Juan Granados
The economic and business challenges of the last year have forced changes to business priorities in many areas. For IT, increased scrutiny was placed on data leakage and security. When times are good, businesses can become distracted with new products and technologies. It is not until budgets are cut that the focus moves inward.
Comments (1)
Trust but verify...
March 08, 2010 Added by:Jason Remillard
Very interestingly enough, in the past five or six days we have been detecting ad networks including Google Adsense, Adultadwords, and Adbrite allowing malware-laden ads on their networks. We are not the only ones who have identified this issue, check out the following links for more information about them:
Comments (1)
Google, Adobe, and Big Oil Attack Commonalities
March 07, 2010 Added by:Ted LeRoy
The work of protecting information is becoming more difficult with time. The recently discovered attacks on Google, Adobe, Marathon Oil, ExxonMobil, and ConocoPhillips illustrate an alarming trend. The attacks even gave rise to a new attack model, the Advanced Persistent Threat (APT).
Comments (0)
How Twitter spam steals from Google, Yahoo!
March 06, 2010 Added by:Chester Wisniewski
Scammers have been devising ways to ride on someone else's coattails since the dawn of time. With every new technology they find another way to make money from nothing. Today I am going to highlight a method that involves Twitter, Yahoo!, and Google AdSense.