Latest Blog Posts
Growth as a Process
December 09, 2009 Added by:Bill Wildprett, CISSP, CISA
It’s a great time to be a security professional, always so much to keep learning and to do! I’ve been working on personal and professional growth, looking for ways to define myself as a consultant and differentiate myself from the ‘Big Guys’.
Comments (0)
Boole server - Data centric remote access, auditing and encryption
December 09, 2009 Added by:John England
Maintaining confidentiality and protection of data from unauthorized access are basic requirements for a security system. Boole Server is able to fulfil these protection requirements to a very high standard. Ease of use and versatility in configuration enables Boole Server to be the development platform delivering all the tools necessary for the complete protection of information circu...
Comments (0)
Packet fragmentation vs the Intrusion Detection System
December 08, 2009 Added by:Fred Williams
How well does Snort IDS handle packet fragments when the fragments could contain a potentially malicious software attack? Let's read on.... I found a really great article written in 2007 on how an author setup a lab environment to test this theory.
Comments (2)
Facebook Application and Content Creation Privacy
December 04, 2009 Added by:Todd Zebert
While Take Control of your Facebook Security & Privacy Settings (part 1 of this series) provided an overview of Application Privacy, this is a deeper dive and explains how Built-in Apps control some basic functions and default security of Facebook. This is the third in a series, the previous being Facebook Privacy using Friend Lists.
Comments (1)
Facebook Privacy using Friend Lists
December 04, 2009 Added by:Todd Zebert
While Facebook’s Privacy settings are a powerful method of controlling who sees what kind of information about you, unless you create and maintain Friend Lists, you are effectively limited to all Friends seeing everything.
Comments (1)
Unu Cracks a Wall Street Journal Conference Site, Not WSJ.com
December 04, 2009 Added by:Daniel Kennedy
Unu, the security researcher from Bucharest Romania known for performing unsolicited penetration tests on brand name web sites with a concentration in SQL Injection is at it again, this time with a claim that he cracked WSJ Online.
Comments (0)
Adding new blades to your personal Swiss Army Knife
December 04, 2009 Added by:Bill Wildprett, CISSP, CISA
Friends of mine had been recommending I learn more about IT auditing, to gain a better perspective on how controls are applied, and why. To that end, I took a three-day Certified Information Systems Auditor (CISA) training course from CertTest in early November.
Comments (0)
Internet Security Alliance Delivers Cyber Security Report
December 03, 2009 Added by:Anthony M. Freed
Ssustainable improvements in our collective cyber security posture will stem from a comprehensive understanding of how to effectively motivate all players across our economic landscape to actively engage in proven best-practices in both their business and individual cyber activities...
Comments (0)
'Mafia Wars' CEO Brags About Scamming Users from Day One
November 29, 2009 Added by:Infosec Island Admin
I've never played Mafia Wars myself, but it's a very popular Facebook game that many of my friends play and annoy me with the constant broadcast news feed messages. It's one of the more popular Facebook applications and -like most of them- pose a real risk to the players and players friends within the Facebook community.
Comments (3)
Internet Security Alliance: Cyber Security is Economic Issue
November 18, 2009 Added by:Anthony M. Freed
"The President is correct in his appreciation of the need to view cyber security as... an economic one as well. In the 21st century - the digital century - economics and security are opposite sides of the same coin. You cannot affect one without impacting the other..."
Comments (0)
Emerging Technologies that can Reduce PCI Scope
November 17, 2009 Added by:Sean Inman
In recent months, the PCI Security Standards Council has continued to weigh the merits of what they have deemed as “emerging technologies”. The first is end to end encryption and the other is tokenization. These two solutions have quickly become the favorites among all other emerging technologies.
Comments (0)
Road Map for an Application/Software Security Architect (Part 3)
November 11, 2009 Added by:Stephen Primost
Risk assessments for application software is not a matter of a quick penetration test nor a matter of code reviews at a single point in time. It is a process of moving through the application/solution's Software Development Life Cycle (SDLC) and evaluating the results of the controls that are put in place at each phase. Whether it is waterfall, or agile method, waiting for the end of the final del...
Comments (0)
More COFEE Please, on Second Thought…
November 09, 2009 Added by:Daniel Kennedy
The forensics tool provided to law enforcement officials created by Microsoft called COFEE (Computer Online Forensic Evidence Extractor) has been leaked on torrents last week, and this has caused quite a bit of excitement. Let’s see if the big deal is warranted.
Comments (0)
Road Map for an Application/Software Security Architect (Part 2)
November 02, 2009 Added by:Stephen Primost
Vulnerability testing at the acceptance stage of an application's Software Development Life Cycle (SDLC) will not compensate for the lack of an understanding of what is being done during the software development even though you may not have control over the development efforts. You need a plan that puts those controls in place and allows that governance. Ignoring vulnerabilities will not prevent b...
Comments (0)
Searching for Return on Security Investments
November 02, 2009 Added by:Andrew Baker
There are several major challenges to the successful implementation of good information security in many organizations today. It is not because business owners do not think that security is important. No, the issues exist because they do not grasp the complexities that embody the Information Security profession, and thus make decisions that fail to account for the many nuances of a pro...
Comments (5)
A Loss of One of Our Own
October 29, 2009 Added by:Sandra Avery
I am still shocked and saddened by the very sudden loss of David Taylor, founder of PCI knowledgebase. David passed away on Tuesday after suffering a sudden heart attack. Those of us who have anything to do with PCI compliance either know or know of David Taylor.