Latest Posts

C7159a557369b66632c4b54bf746b69e

Does your Security Program align with the organizations goals?

October 11, 2009 Added by:Sean Inman

Do you know the GOALs of your organization?  Why does the organization exist?  What’s theorganization’s purpose?  Even if you work for a “security company,” the organization’s main goal is not going to be security (or at least it shouldn’t be).

Comments  (1)

39b6d5c1d3c6db11155b975f1b08059f

Anti-Social Networking Sites: Part 2

October 09, 2009 Added by:Ron Lepofsky

Since the last blog there has been a steady stream of news about more security threats originating at web sites, particularly from social networking sites.  Profit motive appears to be the primary intent of the threats.  The methodology is committing identity theft for profit.   Below are a sample of four  web based news articles to which I refer:

Comments  (0)

39b6d5c1d3c6db11155b975f1b08059f

Anti-Social Networking Sites

October 09, 2009 Added by:Ron Lepofsky

Over the last two weeks security news reports identify social networking sites as distribution points for malware of all sorts and flavours and as botnets for distributing more of the same.  In addition, site users seem enthusiastic to reveal personal information to those who would gladly accept the information for purposes of identity theft

Comments  (1)

6f611188ad4a81ffc2edab83b0705d76

Good Job!

October 09, 2009 Added by:Sandra Avery

CNN Money.com released its pick for the 50 best jobs in America.   IT won 3 of the 10 spots, with  Computer/Network Security Consultant coming in at number 8.  They describe the job as “protecting computer systems and networks against hackers, spyware, and viruses” and list pre-requisites for the job as “major geekdom”.

Comments  (0)

Abceedf5017915685f379075f00a5ccd

Are the days numbered for Chinese handsets in India?

October 09, 2009 Added by:Sudha Nagaraj

In a country with over 400 million mobile phones in use where ten million new phones are being sold every month, a security scare over cheap and illegal handsets imported from China, threatens to silence over 25 million handsets by end November.

Comments  (0)


From the Web

Security Defect Testing

October 08, 2009 from: The Oracle Global Product Security Blog

Software vendors aim to release defect-free products. Earlier posts have discussed Oracle Software Security Assurance (OSSA) program and its processes that aim to get us as close to this goal as possible. Automated testing is an important part of OSSA as it helps catch problems missed in earlier stages of the development...

Comments  (0)

Abceedf5017915685f379075f00a5ccd

The Devil in the Downloads

October 08, 2009 Added by:Sudha Nagaraj

Just when the Blackberry has moved over to the consumer segment from the business user segment, a host of security issues plague smartphones. With competition gearing up among smartphone makers, the stress is on innovative applications to drive sales.

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

Where are the DBAs?

October 07, 2009 Added by:Infosec Island Admin

What I really want to know is this: Where are the Database Admins (DBAs) these days? I cant tell you how many times in the past 18 months that I’ve found real enterprises running vulnerable databases with default passwords, weak passwords and no real permissions management.

Comments  (3)

2b736f73615495dbfc8c911ef6378747

Painless offsite online backups using 3X Backup

October 07, 2009 Added by:David Strom

David Strom's video review of 3X Systems painless backup system. The 3X Systems Backup appliance is a great way to automatically backup a collection of PCs and servers across the Internet at reasonable cost.

Comments  (0)


From the Web

Operation Phish Phry reels in 100 in U.S. and Egypt

October 07, 2009 from: Office of Inadequate Security

The largest number of defendants ever charged in a cyber crime case have been indicted in a multinational investigation conducted in the United States and Egypt that uncovered a sophisticated “phishing” operation that fraudulently collected personal information from thousands of victims that was used to defraud American banks.

Comments  (0)


From the Web

Researcher refutes phishing account of hijacked Hotmail passwords

October 07, 2009 from: Office of Inadequate Security

One researcher isn’t buying Microsoft’s and Google’s explanation that hijacked Hotmail and Gmail passwords were obtained in a massive phishing attack.

Comments  (0)


From the Web

All about Website Password Policies

October 07, 2009 from: Jeremiah Grossman's Blog

Passwords are the most common way for people to prove to a website that they are who they say they are, as they should be the only ones who know what it is. That is of course unless they share it with someone else, somebody steals it, or even possibly guesses it. This identity verification process is more commonly know as “authentication.”

Comments  (0)


From the Web

City admits lapse in data release

October 07, 2009 from: Office of Inadequate Security

On Tuesday, New York City rolled out the next phase of its NYC BigApps competition, an initiative that will supply local programmers and developers with a stockpile of raw municipal data sets to build applications for the Web and mobile phones.

Comments  (0)

Abceedf5017915685f379075f00a5ccd

The Business of Blogging

October 07, 2009 Added by:Sudha Nagaraj

Bloggers beware! You can no longer go berserk promoting this gizmo over that, vouching for X software over Y or push traffic on to a website through social marketing tools like tweets and Facebook posts.

Comments  (0)


From the Web

Highmark changes it procedures in wake of BCBS breach

October 07, 2009 from: Office of Inadequate Security

that their Social Security numbers or tax ID numbers were on the stolen laptop containing their unencrypted data. A BCBS employee had reportedly breached policy by downloading the unencrypted database to a personal computer that was later stolen from the employee’s vehicle.

Comments  (0)


From the Web

Gmail, AOL and Yahoo logins posted online; weak passwords

October 07, 2009 from: Office of Inadequate Security

More than a quarter of a million email accounts on the biggest webmail services are believed to be at risk from online criminals after thousands of passwords belonging to users of the Yahoo, AOL and Gmail services were posted online.

Comments  (0)

6f611188ad4a81ffc2edab83b0705d76

The Threat from Within

October 06, 2009 Added by:Sandra Avery

Times are tough.  Now, more than ever, organizations need to be extra vigilant about protecting the data on their networks.  With identity theft  at an all time high, and data breaches disclosed almost daily, the stakes are incredibly high.  

Comments  (0)


From the Web

850,000 doctors could be hit by potential data breach

October 06, 2009 from: Office of Inadequate Security

A file containing identifying information for every physician in the country contracted with a Blues-affiliated insurance plan was on a laptop computer stolen from a BlueCross BlueShield Assn. employee. It is not yet known whether any identity theft has resulted from the data breach.

Comments  (0)


From the Web

Scam hits more e-mail accounts, MS blocks accounts

October 06, 2009 from: Office of Inadequate Security

The scale of a phishing attack originally thought to be directed at Hotmail may be larger than previously thought. BBC News has seen a list of more than 20,000 more names and passwords that have been posted online.

Comments  (0)

14a516a8718c6b0a09598ac4f2777124

Why Infosec Languishes, Part 1

October 05, 2009 Added by:Jim Anderson

This subject has been simmering for a long time but the events of the unfolding economic crisis and so many colleagues and acquaintances in the industry who have suffered substantially in their efforts to advance information security within their organizations have prompted me to organize my thoughts in this area.

Comments  (1)