Latest Posts


From the Web

Cloud Based Wireless Cracking Services

December 15, 2009 from: AEON Security Blog

Security researchers are leveraging cloud computing to crack WPA wireless passwords at a cost and we’re wondering what other nefarious deeds are being done via cloud computing that we’ve never heard about. To be fair about this, for starters if you take notice of PC World’s title for the article, “New Cloud-based Service Steals Wi-Fi Passwords” it’s completely w...

Comments  (0)


From the Web

P2P fraudsters snare DoD employees and FL business; two indicted

December 11, 2009 from: Office of Inadequate Security

Jeffrey Steven Girandola and Kajohn Phommavong have been charged in a previously sealed 16-count indictment with Conspiracy, Computer Fraud, Access Device Fraud and Aggravated Identity Theft. According to the indictment, which was handed up by a federal grand jury in San Diego, the defendants installed peer-to-peer file sharing software on computers under their control and searched the a...

Comments  (0)

8d04c13e080ecc73656118e7650fbb4c

Facebook's New “Transition” Tool and Privacy

December 11, 2009 Added by:Todd Zebert

12/9/09 Facebook launched “new privacy settings and tools to give you greater control over the information you share on Facebook”. For many users this may be their first exposure to Facebook privacy settings, and while it’s better than nothing, it can be improved greatly.

Comments  (0)

F6bae6ee0c7dfe5b62860cc8ebf311fe

User Education - A Light Hearted Anicdote

December 11, 2009 Added by:John England

I had just been reading the post on Reacting to Security Vulnerabilities, and was reading the good usage guide at the bottom, and it made me think of something and chuckle. My partner has a 17 year old daugher, who is typical in running MSN/facebook, torrent clients, and generally no consideration for the type of sites she c...

Comments  (0)


From the Web

Judge dismisses shareholder lawsuit against Heartland (updated)

December 09, 2009 from: Office of Inadequate Security

A U.S. District Court judge in New Jersey has tossed out a class-action lawsuit filed by shareholders against Heartland Payment Systems, the credit card processor announced Wednesday.The judge granted Heartland’s motion to dismiss the action, which was filed in the wake of Heartland’s massive breach that was reported earlier this year, according to a company statement. No reason wa...

Comments  (0)

0f48ebb4a6ca02dbf5141affdbfa6898

Growth as a Process

December 09, 2009 Added by:Bill Wildprett, CISSP, CISA

It’s a great time to be a security professional, always so much to keep learning and to do!  I’ve been working on personal and professional growth, looking for ways to define myself as a consultant and differentiate myself from the ‘Big Guys’.

Comments  (0)

F6bae6ee0c7dfe5b62860cc8ebf311fe

Boole server - Data centric remote access, auditing and encryption

December 09, 2009 Added by:John England

Maintaining confidentiality and protection of data from unauthorized access are basic requirements for a security system. Boole Server is able to fulfil these protection requirements to a very high standard. Ease of use and versatility in configuration enables Boole Server to be the development platform delivering all the tools necessary for the complete protection of information circu...

Comments  (0)


From the Web

Gonzalez to plead guilty in NJ

December 08, 2009 from: Office of Inadequate Security

An admitted computer hacker charged in the nation’s largest-ever data breach has told federal prosecutors in New Jersey that he plans to plead guilty in connection to the alleged theft of more than 130 million credit card numbers.

Comments  (0)

D5e39323dd0a7b8534af8a5043a05da2

Packet fragmentation vs the Intrusion Detection System

December 08, 2009 Added by:Fred Williams

How well does Snort IDS handle packet fragments when the fragments could contain a potentially malicious software attack? Let's read on.... I found a really great article written in 2007 on how an author setup a lab environment to test this theory.

Comments  (2)


From the Web

The Merchants Strike Back?

December 07, 2009 from: Office of Inadequate Security

With the recent news of several restaurants teaming up to sue point-of-sale system provider Radiant Systems (a copy of the complaint can be found here) for failing to comply with the PCI Standard, it appears that some merchants may be in a mood to strike back in the aftermath of a payment card security breach. This lawsuit comes in the wake of a couple lawsuits against payment card security assess...

Comments  (0)


From the Web

NC: Kids’ Social Security numbers on school postcards

December 05, 2009 from: Office of Inadequate Security

The Wake County [North Carolina] school system accidentally sent out about 5,000 postcards with students’ Social Security numbers printed on the front, a mistake that angered parents and will cost the district nearly $100,000 to remedy.

Comments  (0)

8d04c13e080ecc73656118e7650fbb4c

Facebook Application and Content Creation Privacy

December 04, 2009 Added by:Todd Zebert

While Take Control of your Facebook Security & Privacy Settings (part 1 of this series) provided an overview of Application Privacy, this is a deeper dive and explains how Built-in Apps control some basic functions and default security of Facebook. This is the third in a series, the previous being Facebook Privacy using Friend Lists.

Comments  (1)

8d04c13e080ecc73656118e7650fbb4c

Facebook Privacy using Friend Lists

December 04, 2009 Added by:Todd Zebert

While Facebook’s Privacy settings are a powerful method of controlling who sees what kind of information about you, unless you create and maintain Friend Lists, you are effectively limited to all Friends seeing everything.

Comments  (1)

B426b30042abbc15e363cb679bbc937d

Unu Cracks a Wall Street Journal Conference Site, Not WSJ.com

December 04, 2009 Added by:Daniel Kennedy

Unu, the security researcher from Bucharest Romania known for performing unsolicited penetration tests on brand name web sites with a concentration in SQL Injection is at it again, this time with a claim that he cracked WSJ Online.

Comments  (0)


From the Web

Malware rebounds as cause of data loss

December 04, 2009 from: Office of Inadequate Security

The 2009 CSI Computer Crime and Security survey identified a number of shifts in significant cybersecurity threats this year. Malware infections jumped to 64% from 50%, reversing a dip in the number of companies experiencing malware infections that started in 2005. That year, the figure was 74%.

Comments  (0)

0f48ebb4a6ca02dbf5141affdbfa6898

Adding new blades to your personal Swiss Army Knife

December 04, 2009 Added by:Bill Wildprett, CISSP, CISA

Friends of mine had been recommending I learn more about IT auditing, to gain a better perspective on how controls are applied, and why.  To that end, I took a three-day Certified Information Systems Auditor (CISA) training course from CertTest in early November.

Comments  (0)

6d117b57d55f63febe392e40a478011f

Internet Security Alliance Delivers Cyber Security Report

December 03, 2009 Added by:Anthony M. Freed

Ssustainable improvements in our collective cyber security posture will stem from a comprehensive understanding of how to effectively motivate all players across our economic landscape to actively engage in proven best-practices in both their business and individual cyber activities...

Comments  (0)


From the Web

If DOD can do this, why can’t they manage to remove SSNs?

December 03, 2009 from: Office of Inadequate Security

The Defense Department will not meet its end-of-the-year deadline for removing Social Security numbers from military ID cards as they are issued or renewed, the Pentagon has confirmed.

Comments  (0)


From the Web

Many More Government Records Compromised in 2009 than Year Ago, Report Claims

December 03, 2009 from: Office of Inadequate Security

If you’re bummed about the data in your department that just got breached, you have some cold comfort. Although the combined number of reported data breaches in the government and the military has dropped in 2009 compared to last year, many more records were compromised in those breaches, according to recent figures compiled by a California nonprofit.

Comments  (0)


From the Web

ICO publishes guide to Data Protection Act

November 30, 2009 from: Office of Inadequate Security

The Information Commissioner’s Office (ICO) has produced a new plain English Guide to Data Protection to provide businesses and organizations with practical advice about the Data Protection Act and dispel myths. The guide will help organizations safeguard personal data and comply with the law. The guide takes a straight-forward look at the principles of the Data Protection Act and uses pract...

Comments  (0)