Search:

Latest Blog Posts

09e5dbdf8a3bd6dccce5621459b11e26

Containment Phase - Incident Response

December 19, 2009 Added by:Mark Bennett

...the whole point of Incident Response..Having a Plan! In the containment phase of Incident Response you want to prevent the attacker from getting any further into the organization or spreading to other systems.

Comments  (0)

0f48ebb4a6ca02dbf5141affdbfa6898

It’s ‘Defense in Depth’, not ‘Dense in Depth’

December 18, 2009 Added by:Bill Wildprett, CISSP, CISA

I sit, dumbfounded with amazement after reading that insurgents in Iraq have been intercepting Predator drone video feeds and that the Pentagon has known about this for a year now.

Comments  (1)

0f48ebb4a6ca02dbf5141affdbfa6898

O Botnet, Where Art Thou?

December 17, 2009 Added by:Bill Wildprett, CISSP, CISA

Yes, like an Odyssey worthy of Homer or a George Clooney movie, the saga of the Conficker botnet continues.  The Most Excellent folks at Shadowserver have posted an update today.

Comments  (0)

634ff692af43fd4dc5dab3b8590c77d6

Virtualization : the maneuver tactic !

December 17, 2009 Added by:K S Abhiraj

The lure of virtualization is clear. From the business perspective, it means faster time-to-market for new technology enabled services and a strong foundation for new strategic initiatives, such as cloud computing. For technology organizations, virtualization promises faster server provisioning, increased hardware utilization, and lower costs for disaster recovery (DR).

Comments  (0)

Ba5964a1284ac16d4277991e7225699c

Why imperical data is important...

December 16, 2009 Added by:Jason Remillard

One big thing that is missing from this industry is empirical trend data that supports the TRUE risks and costs associated with hacking and malware infections. To date, we've written quite alot about customer-specific impacts when they are infected...  The 'results' run the gambit of 1000's of dollars of losses over time, loss of SEO rank, customer reputation, etc.  However, one part tha...

Comments  (0)

A3e8b5e0becdbfb1b1c706b452b6c388

Road Map for an Application/Software Security Architect (Part 4)

December 15, 2009 Added by:Stephen Primost

Planning your application's use of the digital identity is not an after-thought of system architecture. At the least, it might offer the occasional lack of reliable and conflicting information. At the worst, it provides little, if no protection, at all. And like the proverbial little dutch boy, you will be putting fingers in the holes of the dike, attempting to shore up an weak infrastructure with...

Comments  (0)

Ba5964a1284ac16d4277991e7225699c

Why Regular Malware Scanning is important for your customers...

December 15, 2009 Added by:Jason Remillard

The path to website security is littered with good intensions of course, however, the intensions need a revamp in order to prove good.  In this case, the good ol' days of giving your clients an ssl cert, a simple firewall on there server are NOT GOOD ENOUGH.

Comments  (6)

8d04c13e080ecc73656118e7650fbb4c

Facebook's New “Transition” Tool and Privacy

December 11, 2009 Added by:Todd Zebert

12/9/09 Facebook launched “new privacy settings and tools to give you greater control over the information you share on Facebook”. For many users this may be their first exposure to Facebook privacy settings, and while it’s better than nothing, it can be improved greatly.

Comments  (0)

F6bae6ee0c7dfe5b62860cc8ebf311fe

User Education - A Light Hearted Anicdote

December 11, 2009 Added by:John England

I had just been reading the post on Reacting to Security Vulnerabilities, and was reading the good usage guide at the bottom, and it made me think of something and chuckle. My partner has a 17 year old daugher, who is typical in running MSN/facebook, torrent clients, and generally no consideration for the type of sites she c...

Comments  (0)

0f48ebb4a6ca02dbf5141affdbfa6898

Growth as a Process

December 09, 2009 Added by:Bill Wildprett, CISSP, CISA

It’s a great time to be a security professional, always so much to keep learning and to do!  I’ve been working on personal and professional growth, looking for ways to define myself as a consultant and differentiate myself from the ‘Big Guys’.

Comments  (0)

F6bae6ee0c7dfe5b62860cc8ebf311fe

Boole server - Data centric remote access, auditing and encryption

December 09, 2009 Added by:John England

Maintaining confidentiality and protection of data from unauthorized access are basic requirements for a security system. Boole Server is able to fulfil these protection requirements to a very high standard. Ease of use and versatility in configuration enables Boole Server to be the development platform delivering all the tools necessary for the complete protection of information circu...

Comments  (0)

D5e39323dd0a7b8534af8a5043a05da2

Packet fragmentation vs the Intrusion Detection System

December 08, 2009 Added by:Fred Williams

How well does Snort IDS handle packet fragments when the fragments could contain a potentially malicious software attack? Let's read on.... I found a really great article written in 2007 on how an author setup a lab environment to test this theory.

Comments  (2)

8d04c13e080ecc73656118e7650fbb4c

Facebook Application and Content Creation Privacy

December 04, 2009 Added by:Todd Zebert

While Take Control of your Facebook Security & Privacy Settings (part 1 of this series) provided an overview of Application Privacy, this is a deeper dive and explains how Built-in Apps control some basic functions and default security of Facebook. This is the third in a series, the previous being Facebook Privacy using Friend Lists.

Comments  (1)

8d04c13e080ecc73656118e7650fbb4c

Facebook Privacy using Friend Lists

December 04, 2009 Added by:Todd Zebert

While Facebook’s Privacy settings are a powerful method of controlling who sees what kind of information about you, unless you create and maintain Friend Lists, you are effectively limited to all Friends seeing everything.

Comments  (1)

B426b30042abbc15e363cb679bbc937d

Unu Cracks a Wall Street Journal Conference Site, Not WSJ.com

December 04, 2009 Added by:Daniel Kennedy

Unu, the security researcher from Bucharest Romania known for performing unsolicited penetration tests on brand name web sites with a concentration in SQL Injection is at it again, this time with a claim that he cracked WSJ Online.

Comments  (0)

0f48ebb4a6ca02dbf5141affdbfa6898

Adding new blades to your personal Swiss Army Knife

December 04, 2009 Added by:Bill Wildprett, CISSP, CISA

Friends of mine had been recommending I learn more about IT auditing, to gain a better perspective on how controls are applied, and why.  To that end, I took a three-day Certified Information Systems Auditor (CISA) training course from CertTest in early November.

Comments  (0)


« First < Previous | 483 - 484 - 485 - 486 - 487 | Next > Last »



Popular Topics
Access Control  Anonymous  Application Security  Attacks  Authentication  China  Cloud Computing  Cloud Security  Compliance  Cyber Crime  Cyber Security  Cyber Warfare  Cyberwar  DDoS  Data Loss  Data Loss Prevention  Denial of Service  Employees  Encryption  Enterprise Security  Espionage  Exploits  FBI  Facebook  Government  Hacking  Hacktivist  Headlines  ICS  ICS-CERT  Identity Theft  Industrial Control Systems  Information Security  Information Technology  Infosec  Infrastructure  Law Enforcement  Legal  Managed Services  Management  Military  Mobile Devices  National Security  Network Security  PCI DSS  Passwords  Penetration Testing  Policies and Procedures  Policy  Privacy  Regulation  Risk Management  SCADA  Security  Security Awareness  Security Strategies  Social Engineering  Social Media  Stuxnet  Tools  Training  Vulnerabilities  breach  breaches  fraud  hackers  internet  malware  report  vendors