Latest Blog Posts
The Fully Auditable Cloud - Fact or Fiction
October 12, 2009 Added by:Bob Broda
Cloud computing is a rapidly growing phenomena that is being evaluated by companies of all sizes. Though it has many positives, much of corporate America is not yet ready to accept migrating major applications to the cloud until concerns about security, privacy, and reliability are addressed.
Comments (0)
Vishing scams are making a return
October 11, 2009 Added by:Sean Inman
On Friday 10/09/2009 it was reported in a ISC Diary update a new Vishing scheme is making its way across AT&T, Sprint and T-Mobiles networks. Vishing is the cousin of Phishing, but this latest attempt indicates that its still a practical method of attack. The recent attack starts with a text message that reports a problem with the victims account. They’re instructed to dial a...
Comments (0)
Does your Security Program align with the organizations goals?
October 11, 2009 Added by:Sean Inman
Do you know the GOALs of your organization? Why does the organization exist? What’s theorganization’s purpose? Even if you work for a “security company,” the organization’s main goal is not going to be security (or at least it shouldn’t be).
Comments (1)
Anti-Social Networking Sites: Part 2
October 09, 2009 Added by:Ron Lepofsky
Since the last blog there has been a steady stream of news about more security threats originating at web sites, particularly from social networking sites. Profit motive appears to be the primary intent of the threats. The methodology is committing identity theft for profit. Below are a sample of four web based news articles to which I refer:
Comments (0)
Anti-Social Networking Sites
October 09, 2009 Added by:Ron Lepofsky
Over the last two weeks security news reports identify social networking sites as distribution points for malware of all sorts and flavours and as botnets for distributing more of the same. In addition, site users seem enthusiastic to reveal personal information to those who would gladly accept the information for purposes of identity theft
Comments (1)
Good Job!
October 09, 2009 Added by:Sandra Avery
CNN Money.com released its pick for the 50 best jobs in America. IT won 3 of the 10 spots, with Computer/Network Security Consultant coming in at number 8. They describe the job as “protecting computer systems and networks against hackers, spyware, and viruses” and list pre-requisites for the job as “major geekdom”.
Comments (0)
Are the days numbered for Chinese handsets in India?
October 09, 2009 Added by:Sudha Nagaraj
In a country with over 400 million mobile phones in use where ten million new phones are being sold every month, a security scare over cheap and illegal handsets imported from China, threatens to silence over 25 million handsets by end November.
Comments (0)
The Devil in the Downloads
October 08, 2009 Added by:Sudha Nagaraj
Just when the Blackberry has moved over to the consumer segment from the business user segment, a host of security issues plague smartphones. With competition gearing up among smartphone makers, the stress is on innovative applications to drive sales.
Comments (0)
Where are the DBAs?
October 07, 2009 Added by:Infosec Island Admin
What I really want to know is this: Where are the Database Admins (DBAs) these days? I cant tell you how many times in the past 18 months that I’ve found real enterprises running vulnerable databases with default passwords, weak passwords and no real permissions management.
Comments (3)
Painless offsite online backups using 3X Backup
October 07, 2009 Added by:David Strom
David Strom's video review of 3X Systems painless backup system. The 3X Systems Backup appliance is a great way to automatically backup a collection of PCs and servers across the Internet at reasonable cost.
Comments (0)
The Business of Blogging
October 07, 2009 Added by:Sudha Nagaraj
Bloggers beware! You can no longer go berserk promoting this gizmo over that, vouching for X software over Y or push traffic on to a website through social marketing tools like tweets and Facebook posts.
Comments (0)
The Threat from Within
October 06, 2009 Added by:Sandra Avery
Times are tough. Now, more than ever, organizations need to be extra vigilant about protecting the data on their networks. With identity theft at an all time high, and data breaches disclosed almost daily, the stakes are incredibly high.
Comments (0)
Why Infosec Languishes, Part 1
October 05, 2009 Added by:Jim Anderson
This subject has been simmering for a long time but the events of the unfolding economic crisis and so many colleagues and acquaintances in the industry who have suffered substantially in their efforts to advance information security within their organizations have prompted me to organize my thoughts in this area.
Comments (1)
Top PCI DSS Compliance and Security Marketing Annoyances
October 02, 2009 Added by:Anton Chuvakin
Anton Chuvakin discusses PCI DSS. "Don’t misspell PCI DSS. It is not “PCI DDS”, and even not “PCIDSS.” BTW, if you want to impress PCI literati, make sure that “PCI DSS” has a space, while “PA-DSS” has a dash.Most definitely, do not pretend that you address ALL PCI DSS requirements for the only reason of wanting to look good."
Comments (0)
Facebookâs Faith: A New Scareware Attack
October 01, 2009 Added by:Daniel Kennedy
On Thursday morning, AVG researcher Roger Thompson, after sourcing some spyware attacks to a series of Facebook profiles, noted that these few hundred profiles were showing up with the same profile image but different profile information. The home video link on these profiles, belonging to Faith / Emily / whoever, points to the a web site that displays scareware dialogs: netmedtest.com/index.php?a...
Comments (1)
Compliance as a Service
October 01, 2009 Added by:Bob Broda
CaaS would be a value added service that would attract plenty of customers. But how real is the likelihood of this service being offered? There are a number of issues associated the CaaS concept: