Latest Posts

7fef78c47060974e0b8392e305f0daf0

GFI: Combating Spam

October 22, 2009

A series of interesting whitepapers from GFI on combating SPAM from the enterprise level. Many of these concepts have been best-practice recommendations for years, yet many email and anti-SPAM packages fail to implement them properly.

Comments  (0)


From the Web

LifeLock barred from placing fraud alerts in Experian settlement

October 22, 2009 from: Office of Inadequate Security

LifeLock Inc. and Experian Information Solutions Inc. have settled their lawsuit, and the agreement permanently blocks the original process LifeLock used to protect its clients.

Comments  (0)

Abceedf5017915685f379075f00a5ccd

Useless Account Control

October 22, 2009 Added by:Sudha Nagaraj

In these days of heightened security awareness, I would think any and every operating system should boast of a robust anti-virus software suite. The fact that Microsoft released its much-awaited and highly proclaimed Windows 7 OS today without built-in anti-virus software continues to puzzle me.

Comments  (0)

Abceedf5017915685f379075f00a5ccd

A Host of Insecurities about Security

October 21, 2009 Added by:Sudha Nagaraj

Security concerns will continue to dominate the IT sphere for a while. Governments are crying hoarse to put in preventive measures, the security industry is struggling to make up for losses suffered in a recessionary environment, enterprises are growing paranoid about the ‘insider threat’ and the small and medium enterprises are waking up to the need for security management.

Comments  (0)


From the Web

October 2009 Critical Patch Update Released

October 20, 2009 from: The Oracle Global Product Security Blog

Today's Oracle Critical Patch Update (CPU) provides 38 new security fixes across a number of product groups including: Oracle Database Server, Oracle Application Server, Oracle E-Business Suite, Oracle PeopleSoft Enterprise, Oracle JD Edwards Tools, Oracle WebLogic and Oracle JRockit (formerly from BEA), and Oracle Communications Order and Service Management. Of these 38 vulnerabilities, 19 are re...

Comments  (0)

B038fefd7a19c26505d1f0671609d8ce

Mitigating Risks by Leveraging a Core Business Process

October 20, 2009 Added by:Mike Cuppett

When it comes to audits and other compliance requirements - think Sarbanes-Oxley, PCI-DSS, internal and external audits, etc. - people tend to get a bit uptight and flustered. Fortunately, by keeping a calm head and a rational perspective, your reaction to these challenges can be cool and calm, allowing you to leverage a methodology you already know - risk mitigation.

Comments  (0)


From the Web

FTC settles latest charges against ChoicePoint

October 19, 2009 from: Office of Inadequate Security

ChoicePoint, Inc., one of the nation’s largest data brokers, has agreed to strengthened data security requirements to settle Federal Trade Commission charges that the company failed to implement a comprehensive information security program protecting consumers’ sensitive information, as required by a previous court order. This failure left the door open to a data breach in 2008 that co...

Comments  (0)


From the Web

Retail sales associates sentenced for role in credit card, bank fraud

October 16, 2009 from: Office of Inadequate Security

Four men from Atlanta Georgia were sentenced this week by United States District Judge Orinda D. Evans on charges of bank fraud, credit card fraud and aggravated identity theft.

Comments  (0)


From the Web

PayChoice Suffers Another Data Breach

October 16, 2009 from: Office of Inadequate Security

Payroll services provider PayChoice took its Web-based service offline for the second time in a month on Wednesday in response to yet another data breach caused by hackers.

Comments  (0)


From the Web

DNSSEC + Certs As a Replacement For SSL’s Transport Security

October 15, 2009 from: Rsnake's blog at ha.ckers.org

RSnake discusses the feasability of using DNSSEC to provide transport-layer security in a more reliable fashion than the current SSL Certificate Authority site authentication model.

Comments  (0)


From the Web

Lawsuit: 29,000 say Kaiser hid security breach

October 15, 2009 from: Office of Inadequate Security

Twenty-nine thousand Kaiser employees say the company did not inform them for more than a year about a security breach that left their personal information vulnerable to thieves. One employee says a woman stole her identity and used it to run up credit-card charges and “commit crimes across the country.”

Comments  (0)


From the Web

Call centre recordings could breach payment card industry security rules

October 15, 2009 from: Office of Inadequate Security

More than 95% of call centres were found to store customers’ credit card details in recordings of phone conversations in breach of industry rules, according to a survey conducted by a call recording technology company.

Comments  (0)

B32b392ce3a707f05f4838c48c67d9cf

Should SSL be enabled on every website?

October 14, 2009 Added by:Christopher Hudel

Using SSL to secure all websites may seem like an odd choice; most websites contain no "nuggets" worth taking, SSL apparently slows the page load time (especially on over provisioned hosting platforms), and it's not clear if doing so will kibosh any search engine optimizations. 

Comments  (10)


From the Web

Call for Input on Content Security Policy

October 14, 2009 from: Rsnake's blog at ha.ckers.org

For those of you who have been following the much anticipated Content Security Policy - you’ll be excited to know it’s currently available for early preview. The guys at Mozilla have a blog post explaining the details of where Content Security Policy is and asking for input. As you’d expect it’s not as full featured as it will probably end up being when it finally gets rele...

Comments  (0)


From the Web

JavaScript Protocol Comment Newline Injection

October 14, 2009 from: Rsnake's blog at ha.ckers.org

RSnake from ha.ckers.org discusses using newline injection to bypass certain filtering mechanisms and execute JavaScript.

Comments  (0)

Abceedf5017915685f379075f00a5ccd

My Mind is Wave-ering on the Utility, Security and Privacy Aspects

October 14, 2009 Added by:Sudha Nagaraj

Like many other Wave-wannabes, I am also awaiting an invite from Google to try out their all-in-one communication solution Google Wave. But I have my trepidations: over making my private work public, over opening up for comment work that is still being worked out, over messing up “my thoughts” with a thousand other theories, over starting something with the full knowledge that it could...

Comments  (0)


From the Web

Mozilla Plugin Check Now Live

October 13, 2009 from: Mozilla Security Blog

A little over a month ago, I talked about a project we had started to inform users when their plugins were out of date. This is a really important project for us, because old versions of plugins can cause crashes and other stability problems, and can also be a major security risk. In the first phase, we focused on the popular Adobe Flash Player plugin, and we were thrilled to see more than 10 mill...

Comments  (0)

C7159a557369b66632c4b54bf746b69e

The parallels between Information Security & Sun Tzu’s-The Art of War

October 13, 2009 Added by:Sean Inman

Correlations between Sun Tzu's Art of War and Information Security from Steve Pinman. "I think most organizations can demonstrate a well thought out plan(s) for dealing with “predictable” security attacks such as viruses and DDoS attacks, but how many organizations are actively engaged in planning for new threats and new attack vectors?"

Comments  (1)

Abceedf5017915685f379075f00a5ccd

Spammers Feasting on the East

October 13, 2009 Added by:Sudha Nagaraj

In India, Diwali or the ‘Festival of Lights’ is round the corner. As the D-day draws closer, Indians are flocking to malls and travel operators to shop and make reservations for the up-coming holidays. At this juncture, Symantec has released an advisory warning users against emails that offer discounts, holiday deals and other enticing subject lines which feature the word Diwali.

Comments  (0)

39b6d5c1d3c6db11155b975f1b08059f

Preventative Measures for Drive-by Malware

October 12, 2009 Added by:Ron Lepofsky

This article identifies preventative measures that both end users and web site managers can implement to protect all concerned from the dangers of drive-by malware.

Comments  (0)