Network->General
Senators Introduce Cyber Security Public Awareness Act
April 18, 2011 Added by:Headlines
“The government keeps the damage we are sustaining from cyber attacks secret because it is classified. The private sector keeps the damage they are sustaining from cyber attacks secret so as not to look bad... The net result of that is that the American public gets left in the dark..."
Comments (0)
Introduction to Security Troubleshooting
April 15, 2011 Added by:Global Knowledge
In diagnosing connection and VPN problems, too often SSL or IPSec VPN client logs don’t provide enough information on why connections fail. Consequently, the receiver frequently provides the detail needed through selective debugging and logging...
Comments (0)
Data Loss Prevention: Less Flip this Week
April 14, 2011 Added by:Ron Lepofsky
Data leakage prevention technology tackles both data at rest residing within a network and specifically on disk storage and of course when data is in motion. Vendors of these technologies vary in what elements of the problem they wish to tackle. Some try to solve all possible problems...
Comments (0)
China Holds the Advantage in Cyber Espionage Game
April 14, 2011 Added by:Headlines
According to Brenner, thousands of U.S. companies were targeted in the Aurora attacks, a great deal more than the 34 companies publicly identified. Brenner says the scale of the operation demonstrates China's "heavy-handed use of state espionage against economic targets..."
Comments (0)
US Department of Justice and FBI Foil Botnet Operation
April 14, 2011 Added by:Jared Carstensen
The so called "massive fraud scheme" utilized software called Coreflood - which collected and stored system and application passwords, along with other financial information. The use of Coreflood was enabled by a Windows OS vulnerability which then allowed the botnet to spread rapidly...
Comments (3)
A Better Defense in Depth Implementation
April 13, 2011 Added by:Robb Reck
As malicious actors have proven time and time again, our current security programs are insufficient to provide adequate protection. Defense in depth has come under fire as a result. But it’s not the DiD model that has failed us, it’s our own incomplete implementations...
Comments (3)
The Cone of Destruction
April 12, 2011 Added by:Carter Schoenberg
Americans maintain a culture of “get it done in two weeks or it has no value”. Odd that its not training, not more ammunition (antivirus), not better firearms (IDS/IPS), but a change in our culture regarding security and technology that will save us from our own cone of destruction...
Comments (0)
IETF Provides Guidance on IPv6 End-Site Addressing
April 11, 2011 Added by:Stefan Fouant
Practical conservation may never be needed given the trillions of addresses available in IPv6, but maybe in the very distant future it could very well be due to some of these recommendations being put in place today. After all, 640K did turn out to be a rather small number didn't it?
Comments (0)
Advanced Persistent Threats - Blame It On REO
April 10, 2011 Added by:J. Oquendo
We can never stop an attacker from trying to compromise us, it is out of our control. This does not mean that we cannot stop connections from leaving that machine. After all, controlling what leaves a machine will always be more important than what is coming INTO a machine...
Comments (0)
Has The Sun Set On LizaMoon?
April 08, 2011 Added by:Alexander Rothacker
If an organization didn’t catch the attack and the hackers covered their tracks, they might not know of the breach. What if the attackers set up backdoors to come back another time? Now they know exactly where to look for the organization’s critical data – who is to say they won’t be back?
Comments (1)
Detecting Vulnerable Software Using SCAP/OVAL
April 07, 2011 Added by:Jamie Adams
In a few of my previous posts, I discussed misleading results some scanners might produce with regard to the versions of software present on your system. In this post, I will demonstrate how to use an SCAP capable scanner using vendor-maintained OVAL patch definitions. ..
Comments (0)
Report Shows Energy Infrastructure Susceptible to Attack
April 07, 2011 Added by:Anthony M. Freed
In the case of defending critical infrastructure, translating security concerns for the CxO level needs to go beyond merely conveying network defense efforts in terms of mitigating enterprise risk, the conversation needs to touch on the issue of strengthening our national security...
Comments (1)
Inside The LOIC: Anonymous Is Still Using It?
April 07, 2011 Added by:Scot Terban
A source has sent in some information on the DoS attacks ongoing at Sony, and I have to say I was surprised that the Anon’s are still using the LOIC. There is some interesting information in the data sent, Such as a server called: "staff.anonops.ru vlad.anonops.ru". Really? Staff???
Comments (2)
Government Shutdown Could Impact Cyber Security
April 07, 2011 Added by:Headlines
"When we put ourselves in state of chaos like this, and this is what it will be, think of the opportunities for striking through the APTs (advanced persistent threats), they can pick and choose the targets with much less security behind them..."
Comments (0)
How to Make Federal Data Security Effective
April 06, 2011 Added by:Danny Lieberman
In order to improve IT security countermeasure effectiveness in the Federal Government, the OMB should reduce base payments to contractors who provide IT security services and link their compensation to a reduction in the damage caused to government data and network assets...
Comments (0)
WikiLeaks Source Manning Used Data-Mining Software
April 05, 2011 Added by:Headlines
The U.S. Army has confirmed that accused WikiLeaks source Bradley Manning had installed data-mining software on his SIPRnet-linked computer during the same period he is suspected of harvesting hundreds-of-thousands of classified government documents...
Comments (0)
- Five Things Your InfoSec Team Should Do in the Next 30 Days
- The Disclosure Debate Continues….. (part 1,453, 769) to be Continued
- The Danger of Mixing Cyber Espionage with Cyber Warfare
- Improving Security by Failing Faster
- BYOD: Should It Be the Wave of the Future?
- Trend Micro Discovers "SafeNet" - a New Targeted Espionage Operation Online
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)