Latest Posts


From the Web

Gonzalez to plead guilty in NJ

December 08, 2009 from: Office of Inadequate Security

An admitted computer hacker charged in the nation’s largest-ever data breach has told federal prosecutors in New Jersey that he plans to plead guilty in connection to the alleged theft of more than 130 million credit card numbers.

Comments  (0)

D5e39323dd0a7b8534af8a5043a05da2

Packet fragmentation vs the Intrusion Detection System

December 08, 2009 Added by:Fred Williams

How well does Snort IDS handle packet fragments when the fragments could contain a potentially malicious software attack? Let's read on.... I found a really great article written in 2007 on how an author setup a lab environment to test this theory.

Comments  (2)


From the Web

The Merchants Strike Back?

December 07, 2009 from: Office of Inadequate Security

With the recent news of several restaurants teaming up to sue point-of-sale system provider Radiant Systems (a copy of the complaint can be found here) for failing to comply with the PCI Standard, it appears that some merchants may be in a mood to strike back in the aftermath of a payment card security breach. This lawsuit comes in the wake of a couple lawsuits against payment card security assess...

Comments  (0)


From the Web

NC: Kids’ Social Security numbers on school postcards

December 05, 2009 from: Office of Inadequate Security

The Wake County [North Carolina] school system accidentally sent out about 5,000 postcards with students’ Social Security numbers printed on the front, a mistake that angered parents and will cost the district nearly $100,000 to remedy.

Comments  (0)

8d04c13e080ecc73656118e7650fbb4c

Facebook Application and Content Creation Privacy

December 04, 2009 Added by:Todd Zebert

While Take Control of your Facebook Security & Privacy Settings (part 1 of this series) provided an overview of Application Privacy, this is a deeper dive and explains how Built-in Apps control some basic functions and default security of Facebook. This is the third in a series, the previous being Facebook Privacy using Friend Lists.

Comments  (1)

8d04c13e080ecc73656118e7650fbb4c

Facebook Privacy using Friend Lists

December 04, 2009 Added by:Todd Zebert

While Facebook’s Privacy settings are a powerful method of controlling who sees what kind of information about you, unless you create and maintain Friend Lists, you are effectively limited to all Friends seeing everything.

Comments  (1)

B426b30042abbc15e363cb679bbc937d

Unu Cracks a Wall Street Journal Conference Site, Not WSJ.com

December 04, 2009 Added by:Daniel Kennedy

Unu, the security researcher from Bucharest Romania known for performing unsolicited penetration tests on brand name web sites with a concentration in SQL Injection is at it again, this time with a claim that he cracked WSJ Online.

Comments  (0)


From the Web

Malware rebounds as cause of data loss

December 04, 2009 from: Office of Inadequate Security

The 2009 CSI Computer Crime and Security survey identified a number of shifts in significant cybersecurity threats this year. Malware infections jumped to 64% from 50%, reversing a dip in the number of companies experiencing malware infections that started in 2005. That year, the figure was 74%.

Comments  (0)

0f48ebb4a6ca02dbf5141affdbfa6898

Adding new blades to your personal Swiss Army Knife

December 04, 2009 Added by:Bill Wildprett, CISSP, CISA

Friends of mine had been recommending I learn more about IT auditing, to gain a better perspective on how controls are applied, and why.  To that end, I took a three-day Certified Information Systems Auditor (CISA) training course from CertTest in early November.

Comments  (0)

6d117b57d55f63febe392e40a478011f

Internet Security Alliance Delivers Cyber Security Report

December 03, 2009 Added by:Anthony M. Freed

Ssustainable improvements in our collective cyber security posture will stem from a comprehensive understanding of how to effectively motivate all players across our economic landscape to actively engage in proven best-practices in both their business and individual cyber activities...

Comments  (0)


From the Web

If DOD can do this, why can’t they manage to remove SSNs?

December 03, 2009 from: Office of Inadequate Security

The Defense Department will not meet its end-of-the-year deadline for removing Social Security numbers from military ID cards as they are issued or renewed, the Pentagon has confirmed.

Comments  (0)


From the Web

Many More Government Records Compromised in 2009 than Year Ago, Report Claims

December 03, 2009 from: Office of Inadequate Security

If you’re bummed about the data in your department that just got breached, you have some cold comfort. Although the combined number of reported data breaches in the government and the military has dropped in 2009 compared to last year, many more records were compromised in those breaches, according to recent figures compiled by a California nonprofit.

Comments  (0)


From the Web

ICO publishes guide to Data Protection Act

November 30, 2009 from: Office of Inadequate Security

The Information Commissioner’s Office (ICO) has produced a new plain English Guide to Data Protection to provide businesses and organizations with practical advice about the Data Protection Act and dispel myths. The guide will help organizations safeguard personal data and comply with the law. The guide takes a straight-forward look at the principles of the Data Protection Act and uses pract...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

'Mafia Wars' CEO Brags About Scamming Users from Day One

November 29, 2009 Added by:Infosec Island Admin

I've never played Mafia Wars myself, but it's a very popular Facebook game that many of my friends play and annoy me with the constant broadcast news feed messages. It's one of the more popular Facebook applications and -like most of them- pose a real risk to the players and players friends within the Facebook community.

Comments  (3)


From the Web

Risky business: Remote Desktop opened the door for Aloha hackers

November 25, 2009 from: Office of Inadequate Security

When nine restaurants in Louisiana and Mississippi filed lawsuits against Radiant Systems and its Louisiana distributor, they may have represented only the tip of a substantial iceberg of hacks affecting restaurants that used Radiant Systems’ Aloha POS system.  It seems that the scope of the problem is first coming to the public’s attention approximately one and a half years after...

Comments  (0)


From the Web

The Year Of The Mega Data Breach

November 24, 2009 from: Office of Inadequate Security

According to the Identity Theft Resource Center, government agencies and businesses reported 435 breaches as of Nov. 17, on track to show a 50% drop from the number of breaches reported in 2008. That would make 2009 the first year that the number of reported data breaches has dropped since 2005, when the ITRC started counting.

Comments  (2)


From the Web

Forty-one percent of workers have stolen corporate data – survey

November 23, 2009 from: Office of Inadequate Security

Stealing employer data has become endemic in our culture. According to a survey conducted with 300 office workers in New York City examining the impact of the recession on ethics and security, 85 percent of the respondents admitted to knowing that downloading corporate information from their employer was illegal, yet a quarter of those surveyed would take the data regardless of the penalties.

Comments  (0)


From the Web

Com.Com is Up For Sale

November 20, 2009 from: Rsnake's blog at ha.ckers.org

Com.com is for sale. So what, right? Yet another domain that needs a home. But com.com is incredibly important for security. In fact, one of C|NET’s (the company that currently runs com.com) network admins was listed as the 10th most dangerous and least likely person on the Internet during my presentation at OWASP

Comments  (0)


From the Web

TX: Former VP of First Service CU convicted for bank fraud, ID theft

November 20, 2009 from: Office of Inadequate Security

A former Senior Vice President of Area Operations for First Service Credit Union in Houston has pleaded guilty to embezzling more than $30,000 from his former employer, United States Attorney Tim Johnson announced today.

Comments  (0)

6d117b57d55f63febe392e40a478011f

Internet Security Alliance: Cyber Security is Economic Issue

November 18, 2009 Added by:Anthony M. Freed

"The President is correct in his appreciation of the need to view cyber security as... an economic one as well. In the 21st century - the digital century - economics and security are opposite sides of the same coin. You cannot affect one without impacting the other..."

Comments  (0)