Latest Blog Posts


Consider Outsourcing Your Network Security

January 27, 2010 Added by:Ken Leeser

As more and more critical applications and services move to the cloud, organizations are increasingly receptive to the idea of using a managed security service to protect their network and information assets.

Comments  (1)


Is the Recent Chinese Google Hack the most Serious Privacy Breach of the Year?

January 21, 2010 Added by:Brent Carey

Last week Google announced that it was the victim of a hack in China. Word of the attack spread quickly and the German, French and Australian governments issued warnings about using internet Explorer. I'm amazed that this incident has not received more commentary from the privacy and security communities. Is this not   the most serious data privacy breach in a search engine’s histo...

Comments  (1)


Infosec Island™ Acquires

January 19, 2010 Added by:Infosec Island Admin

We are pleased to announce that Infosec Island™ has acquired, one of the leading online news portals addressing security issues. ISR's audience is predominantly CxO level decision makers from Fortune 500s, small and mid cap enterprise, aerospace, defense, government, health care, and education....

Comments  (2)

Ba5964a1284ac16d4277991e7225699c - Gets Rocked again - this time a PII Lawsuit

January 02, 2010 Added by:Jason Remillard

Well, its happened. This time, the users themselves have taken action against for their inadvertent disclosure of customer information. As we previously reported, Rockyou was hacked and disclosed it looks like over 32,000,000 accounts. Yes, 32 Million!

Comments  (1)


Road Map for an Application/Software Security Architect (Part 5)

December 30, 2009 Added by:Stephen Primost

Without a Digital Identity, how would you expect to do any authentication? And with an incomplete Digital Identity, how would you expect to get the authorization done correctly? Without the proper data model and the expectation that it would have the correct data (besides being in the right place at the right time), securing a system is impossible, although having the information, it is the easies...

Comments  (0)


So, you wanna network online too?

December 30, 2009 Added by:Fred Williams

I previously listed ways to gain valuable information on hacking targets using little work and no dumpster diving. The previous post was geared towards attacks computer systems but not human targets.What is a little more interesting is attacking specific people. This is one of the key issues behind Facebook' recent privacy issues. Never mind a user setting a "privacy filter" ...

Comments  (2)


So, you wanna post some personal data on the Internet?

December 26, 2009 Added by:Fred Williams

I've been reading the book Hacking the Next Generation by Dhanjani, Rios and Hardin and that got me to thinking.... The authors explain in the chapter "Intelligence gathering" that in order to execute a successful attack against a target, the attacker must gain as much intelligence about the target as possible.

Comments  (0)


aweber comes clean, sort of....splatter effect continues

December 22, 2009 Added by:Jason Remillard

 While finally acknowledging their security exposure, aweber has done little to placate its user base judging by the responses and pleadings I've seen online.  Yes another example of what I'm calling the 'splatter' effect.  The damage that is borne upon others related to the security exposure, that is usually not measureable but definately has an impact.

Comments  (0)


Containment Phase - Incident Response

December 19, 2009 Added by:Mark Bennett

...the whole point of Incident Response..Having a Plan! In the containment phase of Incident Response you want to prevent the attacker from getting any further into the organization or spreading to other systems.

Comments  (0)


It’s ‘Defense in Depth’, not ‘Dense in Depth’

December 18, 2009 Added by:Bill Wildprett, CISSP, CISA

I sit, dumbfounded with amazement after reading that insurgents in Iraq have been intercepting Predator drone video feeds and that the Pentagon has known about this for a year now.

Comments  (1)


O Botnet, Where Art Thou?

December 17, 2009 Added by:Bill Wildprett, CISSP, CISA

Yes, like an Odyssey worthy of Homer or a George Clooney movie, the saga of the Conficker botnet continues.  The Most Excellent folks at Shadowserver have posted an update today.

Comments  (0)


Virtualization : the maneuver tactic !

December 17, 2009 Added by:K S Abhiraj

The lure of virtualization is clear. From the business perspective, it means faster time-to-market for new technology enabled services and a strong foundation for new strategic initiatives, such as cloud computing. For technology organizations, virtualization promises faster server provisioning, increased hardware utilization, and lower costs for disaster recovery (DR).

Comments  (0)


Why imperical data is important...

December 16, 2009 Added by:Jason Remillard

One big thing that is missing from this industry is empirical trend data that supports the TRUE risks and costs associated with hacking and malware infections. To date, we've written quite alot about customer-specific impacts when they are infected...  The 'results' run the gambit of 1000's of dollars of losses over time, loss of SEO rank, customer reputation, etc.  However, one part tha...

Comments  (0)


Road Map for an Application/Software Security Architect (Part 4)

December 15, 2009 Added by:Stephen Primost

Planning your application's use of the digital identity is not an after-thought of system architecture. At the least, it might offer the occasional lack of reliable and conflicting information. At the worst, it provides little, if no protection, at all. And like the proverbial little dutch boy, you will be putting fingers in the holes of the dike, attempting to shore up an weak infrastructure with...

Comments  (0)


Why Regular Malware Scanning is important for your customers...

December 15, 2009 Added by:Jason Remillard

The path to website security is littered with good intensions of course, however, the intensions need a revamp in order to prove good.  In this case, the good ol' days of giving your clients an ssl cert, a simple firewall on there server are NOT GOOD ENOUGH.

Comments  (6)


Facebook's New “Transition” Tool and Privacy

December 11, 2009 Added by:Todd Zebert

12/9/09 Facebook launched “new privacy settings and tools to give you greater control over the information you share on Facebook”. For many users this may be their first exposure to Facebook privacy settings, and while it’s better than nothing, it can be improved greatly.

Comments  (0)

« First < Previous | 482 - 483 - 484 - 485 - 486 | Next > Last »