Latest Posts

B426b30042abbc15e363cb679bbc937d

Unu Cracks a Wall Street Journal Conference Site, Not WSJ.com

December 04, 2009 Added by:Daniel Kennedy

Unu, the security researcher from Bucharest Romania known for performing unsolicited penetration tests on brand name web sites with a concentration in SQL Injection is at it again, this time with a claim that he cracked WSJ Online.

Comments  (0)


From the Web

Malware rebounds as cause of data loss

December 04, 2009 from: Office of Inadequate Security

The 2009 CSI Computer Crime and Security survey identified a number of shifts in significant cybersecurity threats this year. Malware infections jumped to 64% from 50%, reversing a dip in the number of companies experiencing malware infections that started in 2005. That year, the figure was 74%.

Comments  (0)

0f48ebb4a6ca02dbf5141affdbfa6898

Adding new blades to your personal Swiss Army Knife

December 04, 2009 Added by:Bill Wildprett, CISSP, CISA

Friends of mine had been recommending I learn more about IT auditing, to gain a better perspective on how controls are applied, and why.  To that end, I took a three-day Certified Information Systems Auditor (CISA) training course from CertTest in early November.

Comments  (0)

6d117b57d55f63febe392e40a478011f

Internet Security Alliance Delivers Cyber Security Report

December 03, 2009 Added by:Anthony M. Freed

Ssustainable improvements in our collective cyber security posture will stem from a comprehensive understanding of how to effectively motivate all players across our economic landscape to actively engage in proven best-practices in both their business and individual cyber activities...

Comments  (0)


From the Web

If DOD can do this, why can’t they manage to remove SSNs?

December 03, 2009 from: Office of Inadequate Security

The Defense Department will not meet its end-of-the-year deadline for removing Social Security numbers from military ID cards as they are issued or renewed, the Pentagon has confirmed.

Comments  (0)


From the Web

Many More Government Records Compromised in 2009 than Year Ago, Report Claims

December 03, 2009 from: Office of Inadequate Security

If you’re bummed about the data in your department that just got breached, you have some cold comfort. Although the combined number of reported data breaches in the government and the military has dropped in 2009 compared to last year, many more records were compromised in those breaches, according to recent figures compiled by a California nonprofit.

Comments  (0)


From the Web

ICO publishes guide to Data Protection Act

November 30, 2009 from: Office of Inadequate Security

The Information Commissioner’s Office (ICO) has produced a new plain English Guide to Data Protection to provide businesses and organizations with practical advice about the Data Protection Act and dispel myths. The guide will help organizations safeguard personal data and comply with the law. The guide takes a straight-forward look at the principles of the Data Protection Act and uses pract...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

'Mafia Wars' CEO Brags About Scamming Users from Day One

November 29, 2009 Added by:Infosec Island Admin

I've never played Mafia Wars myself, but it's a very popular Facebook game that many of my friends play and annoy me with the constant broadcast news feed messages. It's one of the more popular Facebook applications and -like most of them- pose a real risk to the players and players friends within the Facebook community.

Comments  (3)


From the Web

Risky business: Remote Desktop opened the door for Aloha hackers

November 25, 2009 from: Office of Inadequate Security

When nine restaurants in Louisiana and Mississippi filed lawsuits against Radiant Systems and its Louisiana distributor, they may have represented only the tip of a substantial iceberg of hacks affecting restaurants that used Radiant Systems’ Aloha POS system.  It seems that the scope of the problem is first coming to the public’s attention approximately one and a half years after...

Comments  (0)


From the Web

The Year Of The Mega Data Breach

November 24, 2009 from: Office of Inadequate Security

According to the Identity Theft Resource Center, government agencies and businesses reported 435 breaches as of Nov. 17, on track to show a 50% drop from the number of breaches reported in 2008. That would make 2009 the first year that the number of reported data breaches has dropped since 2005, when the ITRC started counting.

Comments  (2)


From the Web

Forty-one percent of workers have stolen corporate data – survey

November 23, 2009 from: Office of Inadequate Security

Stealing employer data has become endemic in our culture. According to a survey conducted with 300 office workers in New York City examining the impact of the recession on ethics and security, 85 percent of the respondents admitted to knowing that downloading corporate information from their employer was illegal, yet a quarter of those surveyed would take the data regardless of the penalties.

Comments  (0)


From the Web

Com.Com is Up For Sale

November 20, 2009 from: Rsnake's blog at ha.ckers.org

Com.com is for sale. So what, right? Yet another domain that needs a home. But com.com is incredibly important for security. In fact, one of C|NET’s (the company that currently runs com.com) network admins was listed as the 10th most dangerous and least likely person on the Internet during my presentation at OWASP

Comments  (0)


From the Web

TX: Former VP of First Service CU convicted for bank fraud, ID theft

November 20, 2009 from: Office of Inadequate Security

A former Senior Vice President of Area Operations for First Service Credit Union in Houston has pleaded guilty to embezzling more than $30,000 from his former employer, United States Attorney Tim Johnson announced today.

Comments  (0)

6d117b57d55f63febe392e40a478011f

Internet Security Alliance: Cyber Security is Economic Issue

November 18, 2009 Added by:Anthony M. Freed

"The President is correct in his appreciation of the need to view cyber security as... an economic one as well. In the 21st century - the digital century - economics and security are opposite sides of the same coin. You cannot affect one without impacting the other..."

Comments  (0)


From the Web

Massive card processor breach in Spain affecting Europeans

November 18, 2009 from: Office of Inadequate Security

Back in October, this site reported that “tens of thousands” of Swedish banking customers and “tens of thousands” of Finnish banking customers had been affected by a breach in Spain that might involve a card payment processor.

Comments  (0)

C7159a557369b66632c4b54bf746b69e

Emerging Technologies that can Reduce PCI Scope

November 17, 2009 Added by:Sean Inman

In recent months, the PCI Security Standards Council has continued to weigh the merits of what they have deemed as “emerging technologies”. The first is end to end encryption and the other is tokenization. These two solutions have quickly become the favorites among all other emerging technologies.

Comments  (0)


From the Web

NC loan processor sentenced for ID theft

November 17, 2009 from: Office of Inadequate Security

A former loan processor was sentenced Friday to to one year and one day imprisonment for wire fraud and aggravated identity theft charges. Senior United States District Judge James C. Fox also ordered Maria Lorena Croll, 24, of Raleigh, North Carolina, to pay restitution of $2,138.52.

Comments  (0)


From the Web

Update: Stolen BCBS hard drives had data on 2 million insured

November 16, 2009 from: Office of Inadequate Security

One of Tennessee’s largest holders of personal information confirms that an October theft from a Chattanooga office affects about 2 million of its clients. Blue Cross Blue Shield said 68 computer hard drives that contained Social Security numbers and other sensitive information were taken from the office.

Comments  (0)


From the Web

Component Directory Lockdown – New in Firefox 3.6

November 16, 2009 from: Mozilla Security Blog

When Firefox crashes, we try to get you back on your feet as quickly as possible, but we’d much rather you not crash in the first place. In Firefox 3.6, we are changing the way that some third party software hooks into Firefox which should eliminate a good chunk of those crashes without sacrificing our extensibility in any way. In the process, we’ll also be giving you greater control o...

Comments  (0)


From the Web

OWASP Top 10 (2010 release candidate 1)

November 13, 2009 from: Jeremiah Grossman's Blog

The newest version of the OWASP Top 10, the Top 10 Most Critical Web Application Security Risks, has been made available as a release candidate! This project is extraordinarily meaningful to the application security industry as it exercises influence over PCI-DSS, global policy, developer awareness, and product direction. ...

Comments  (0)