Latest Blog Posts
Simple Log Review Checklist Released!
March 08, 2010 Added by:Anton Chuvakin
Today, many people are looking for very simple solutions to big and complex problems – and the area of logging and log management is no exception. Following that theme, we have created a "Critical Log Review Checklist for Security Incidents" which is released to the world today.
Comments (1)
Press F1 for Help, pwned.
March 08, 2010 Added by:Daniel Kennedy
Microsoft published security advisory 981169 yesterday in response to the zero day vulnerability reported a few days prior. The vulnerability is in the help system and can be triggered by luring an Internet Explorer user into pressing the F1 key. Windows 2000, Windows XP SP2 & SP3, and Windows 2003 SP2 with Internet Explorer 7 and Internet Explorer 8 are all affected.
Comments (0)
Newbie introduction to digital forensics Part 1.
March 08, 2010 Added by:Juan Granados
The economic and business challenges of the last year have forced changes to business priorities in many areas. For IT, increased scrutiny was placed on data leakage and security. When times are good, businesses can become distracted with new products and technologies. It is not until budgets are cut that the focus moves inward.
Comments (1)
Trust but verify...
March 08, 2010 Added by:Jason Remillard
Very interestingly enough, in the past five or six days we have been detecting ad networks including Google Adsense, Adultadwords, and Adbrite allowing malware-laden ads on their networks. We are not the only ones who have identified this issue, check out the following links for more information about them:
Comments (1)
Google, Adobe, and Big Oil Attack Commonalities
March 07, 2010 Added by:Ted LeRoy
The work of protecting information is becoming more difficult with time. The recently discovered attacks on Google, Adobe, Marathon Oil, ExxonMobil, and ConocoPhillips illustrate an alarming trend. The attacks even gave rise to a new attack model, the Advanced Persistent Threat (APT).
Comments (0)
How Twitter spam steals from Google, Yahoo!
March 06, 2010 Added by:Chester Wisniewski
Scammers have been devising ways to ride on someone else's coattails since the dawn of time. With every new technology they find another way to make money from nothing. Today I am going to highlight a method that involves Twitter, Yahoo!, and Google AdSense.
Comments (0)
Security Bloggers Wanted - Get Noticed - Get Hired in 2010!
March 05, 2010 Added by:Infosec Island Admin
The publishers of Infosec Island are now enrolling experienced network security professionals to become Island Bloggers and Forum Moderators. Register and complete your profile, and you will be elligible to win one of over $10,000 in products and services.
Comments (11)
Social Engineering at the White House and Your Enterprise
February 28, 2010 Added by:Wayde York
What does our enterprise information have in common with President Obama and Vice President Biden? The need for constant protection. Your enterprise data needs protection from the host of technical and human threats that seem to evolve daily. The President and Vice President require the same protection, albeit amplified due to their position in the world power scheme.
Comments (0)
Road Map for an Application/Software Security Architect (Part 6)
February 26, 2010 Added by:Stephen Primost
So, the application designer has disclosed that the solution for the web services being designed will involve the (1) need to authenticate; (2) need to determine levels of authorization; and (3) [by the way] need to have some personalized data be carried forward to the application. If you, as a the security architect involved in the security assessment process, are smart, you would have a security...
Comments (0)
The first thing about security
February 23, 2010 Added by:_ Comet
My first blog post, Comet's Home Page, is a document that contains settings and freeware that I typically install on my own Windows machines. The purpose of that page is to serve as a reference, because there are many things that only need to be done once on a new machine, such as installing software or tweaking internet connection limi...
Comments (2)
Exclusive Video of XerXeS DoS Attack
February 22, 2010 Added by:Anthony M. Freed
Infosec Island has gained exclusive access to a video demonstration of the XerXeS DoS attack as it is unleashed on the Taliban website www.alemarah.info, and carried out by infamous patriot hacker The Jester (th3j35t3r).
Comments (10)
Thanks for InfoSecIsland.com for an exciting training class.
February 22, 2010 Added by:Fred Williams
I thought I would post a quick blog on my training class information that I won through InfoSecIsland.com. This proves that real people win contests on this great site. If you ever get the opportunity to sign up for a contest here, you should do it.
Comments (3)
The Dragon’s Lair?
February 21, 2010 Added by:Bill Wildprett, CISSP, CISA
An excellent article in the N.Y. Times on February 18th stated that two Chinese schools, the Shanghai Jiaotong University and the Lanxiang Vocational School were involved in the recent online attacks against Google and dozens of other U.S. corporations. These conclusions come...
Comments (1)
Flattery is in the Eye of the Beholder
February 19, 2010 Added by:Bill Wildprett, CISSP, CISA
Some very interesting research came to my attention the other day, courtesy of the ISC2.org CISSPforum on Yahoo Groups, pointing to an article in Scientific American that discussed why flattery is effective.
Comments (0)
Enhanced Authentication Now Available on Infosec Island
February 17, 2010 Added by:Infosec Island Admin
Infosec Island™, the new community for IT and information security professionals, today announced that its new enhanced authentication service based on the SyferLock™ GridGuard™ solution, is now live.
Comments (5)
Complete Your Infosec Island Profile - Qualify to Win Over $10k in Services!
February 15, 2010 Added by:Infosec Island Admin
Don't miss out on your opportunity to win one of over $10k in service prizes in the Infosec Island Q1 Membership Drive!