Latest Blog Posts
A PCI DSS Overview
April 16, 2010 Added by:Mike Meikle
As a consultant, you get to view the grim expanse of industry regulation more than most. Sarbanes-Oxley (SOX), Health Insurance Portability and Accountability Act (HIPAA), Federal Information Security Management Act (FISMA) and of course the topic of this article, Payment Card Industry Data Security Standard (PCI DSS).
Comments (0)
How to be exposed via xss - in one click - just doing your job...
April 16, 2010 Added by:Jason Remillard
As the attacks on infrastructure become more complicated, the true nature of deep penetration attacks prove food for thought for all developers and operators. Consider this case - where the apache open source infratructure itself became significantly exposed by a simple XSS attack that utilized some social engineering techniques (i.e. getting folks to click on things), to load others up with...
Comments (2)
Privacy and Cloud Computing Challenges
April 16, 2010 Added by:Rebecca Herold
The concept of “cloud computing” is not well known by most folks. Certainly not the personnel using a vast and growing number of cloud computing applications, without even know it, from business networks. If they don’t know what they are using, then how can they know the information security and privacy risks involved?
Comments (0)
Biometrics: Where do we stand?
April 16, 2010 Added by:Aaron Simmons
New Hampshire recently voted down the bill (HB 1409) and sided with the Security Industry to allow Biometrics. So now that security is becoming a priority, where does it stand in the role of Authentication Verification? There are several methods for verification, (Biometric, PIN, Token and even Telephone Call Back/SMS). Each one of these has its pro’s ...
Comments (2)
Do You Spy on Your Spouse?
April 15, 2010 Added by:Robert Siciliano
Generally in a trusting relationship spying isn’t necessary. I’m sure Sandra Bullock, Kate Gosselin or Tiger Wood’s wife didn’t think they needed to spy on their husbands, until they did. Reckless behavior like that can bring home a very itchy or very deadly disease. One that victimizes the innocent.
Comments (2)
The inevitable fate of Smartphones
April 15, 2010 Added by:Aaron Simmons
Now that Smartphones are the norm, have you ever wondered about its security? Whether you are carrying an iPhone, Android, Blackberry or one of the myriad of smartphones that are on the market today, security must be a constant thought.
Comments (0)
How to Detect a Mac Flooding Attack
April 15, 2010 Added by:Ray Tan
Ever since the beginning of the Internet, we have been facing ever increasing threats which can affect the stability and usability of your network. Nowadays, our businesses rely on their networks and the Iinternet more and more, but how can we prevent being attacked by hackers?
Comments (0)
An Interview with U.N. Cybersecurity Expert Raoul Chiesa
April 15, 2010 Added by:Anthony M. Freed
I recently had the pleasure of talking with Raoul Chiesa, OPST, OPSA, and ISECOM Trainer, about international perspectives on cybersecurity issues. Mr. Chiesa is a Senior Advisor on Strategic Alliances & Cybercrime Issues at the Global Crimes Unit for the United Nations Interregional Crime & Justice Research Institute, a Member of the Permanent Stakeholders Group at the European Network &a...
Comments (0)
FaaS: Fraud as a Service
April 14, 2010 Added by:Mike Meikle
In working with various clients on the topic of security, a common theme has emerged. Management and employees still labor under the perception that fraud is still the purview of unorganized individuals with an axe to grind against a specific company.
Comments (0)
Parents Navigating the Social Media Mess
April 14, 2010 Added by:Robert Siciliano
Children say and do things that make them vulnerable to dangers in the outside world. A parent can parent all day long and do everything possible to protect their kids from themselves, but a child’s persistence to have their way can wear a parent down. It’s a constant fight that makes a parent adopt a philosophy where they “pick their battles.”
Comments (0)
Troubleshooting networking using the OSI model
April 14, 2010 Added by:Ray Tan
When troubleshooting networking it is always sensible to approach the problem from the perspective of the OSI model. The OSI, or Open System Interconnection, model defines a networking framework for implementing protocols in seven layers. The beauty of this model is the fact that you can individually troubleshoot every layer using simple methods. I suggest working from layer 1 upwards until y...
Comments (4)
IslandPKI Engine Drives Secure Data Transfer for BlackBerry
April 13, 2010 Added by:Anthony M. Freed
Research In Motion (RIM) has announced the implementation of a secure data transfer application for its BlackBerry Smartphone using the same encryption protocol developed by Media Sourcery, which is the basis for Infosec Island's own IslandPKI service.
Comments (0)
Political Survival for Security Pros – #1
April 13, 2010 Added by:Steven Fox, CISSP, QSA
Politics? In InfoSec? A few years ago I received Marie G. McIntyre’s “Secrets to Winning at Office Politics” as a gift. At the time I was struggling to grasp the reality of business politics. As a systems engineer, I was focused on delivering quality applications to my employer. This I did, but my rise into management was frustrated by a lack of political ...
Comments (3)
Culture Eats Strategy for Lunch
April 13, 2010 Added by:Katie Weaver-Johnson
Culture is most commonly defined as the behaviors and beliefs characteristic of a group of people. So an organization’s culture of behaviors and beliefs are what shape the decisions people make and results an organization achieves.
Comments (3)
Is Social Engineering being overlooked as a modern day security threat?
April 13, 2010 Added by:Michael Bruck
Organizations are more often asking to include a social engineering evaluation, but it still surprises me just how many of them have not previously had a formal SE evaluation process in place until we do our first audit with them. I get “oh, our accounting firm calls into our user base from time to time” or “our outsourced network support vendor has tried to get confidential user...
Comments (1)
Chris Powers: HP's Worldwide Director of Enterprise Storage
April 13, 2010 Added by:Rahul Neel Mani
Chris Powers, Worldwide Director, Enterprise Storage, HP StorageWorks Division spoke to Rahul Neel Mani about HP’s latest push – ‘Storage and Server Convergence’ – as well as other technologies that will excite enterprise users in 2010-11.