Latest Blog Posts

A3e8b5e0becdbfb1b1c706b452b6c388

Road Map for an Application/Software Security Architect (Part 5)

December 30, 2009 Added by:Stephen Primost

Without a Digital Identity, how would you expect to do any authentication? And with an incomplete Digital Identity, how would you expect to get the authorization done correctly? Without the proper data model and the expectation that it would have the correct data (besides being in the right place at the right time), securing a system is impossible, although having the information, it is the easies...

Comments  (0)

D5e39323dd0a7b8534af8a5043a05da2

So, you wanna network online too?

December 30, 2009 Added by:Fred Williams

I previously listed ways to gain valuable information on hacking targets using little work and no dumpster diving. The previous post was geared towards attacks computer systems but not human targets.What is a little more interesting is attacking specific people. This is one of the key issues behind Facebook' recent privacy issues. Never mind a user setting a "privacy filter" ...

Comments  (2)

D5e39323dd0a7b8534af8a5043a05da2

So, you wanna post some personal data on the Internet?

December 26, 2009 Added by:Fred Williams

I've been reading the book Hacking the Next Generation by Dhanjani, Rios and Hardin and that got me to thinking.... The authors explain in the chapter "Intelligence gathering" that in order to execute a successful attack against a target, the attacker must gain as much intelligence about the target as possible.

Comments  (0)

Ba5964a1284ac16d4277991e7225699c

aweber comes clean, sort of....splatter effect continues

December 22, 2009 Added by:Jason Remillard

 While finally acknowledging their security exposure, aweber has done little to placate its user base judging by the responses and pleadings I've seen online.  Yes another example of what I'm calling the 'splatter' effect.  The damage that is borne upon others related to the security exposure, that is usually not measureable but definately has an impact.

Comments  (0)

09e5dbdf8a3bd6dccce5621459b11e26

Containment Phase - Incident Response

December 19, 2009 Added by:Mark Bennett

...the whole point of Incident Response..Having a Plan! In the containment phase of Incident Response you want to prevent the attacker from getting any further into the organization or spreading to other systems.

Comments  (0)

0f48ebb4a6ca02dbf5141affdbfa6898

It’s ‘Defense in Depth’, not ‘Dense in Depth’

December 18, 2009 Added by:Bill Wildprett, CISSP, CISA

I sit, dumbfounded with amazement after reading that insurgents in Iraq have been intercepting Predator drone video feeds and that the Pentagon has known about this for a year now.

Comments  (1)

0f48ebb4a6ca02dbf5141affdbfa6898

O Botnet, Where Art Thou?

December 17, 2009 Added by:Bill Wildprett, CISSP, CISA

Yes, like an Odyssey worthy of Homer or a George Clooney movie, the saga of the Conficker botnet continues.  The Most Excellent folks at Shadowserver have posted an update today.

Comments  (0)

634ff692af43fd4dc5dab3b8590c77d6

Virtualization : the maneuver tactic !

December 17, 2009 Added by:K S Abhiraj

The lure of virtualization is clear. From the business perspective, it means faster time-to-market for new technology enabled services and a strong foundation for new strategic initiatives, such as cloud computing. For technology organizations, virtualization promises faster server provisioning, increased hardware utilization, and lower costs for disaster recovery (DR).

Comments  (0)

Ba5964a1284ac16d4277991e7225699c

Why imperical data is important...

December 16, 2009 Added by:Jason Remillard

One big thing that is missing from this industry is empirical trend data that supports the TRUE risks and costs associated with hacking and malware infections. To date, we've written quite alot about customer-specific impacts when they are infected...  The 'results' run the gambit of 1000's of dollars of losses over time, loss of SEO rank, customer reputation, etc.  However, one part tha...

Comments  (0)

A3e8b5e0becdbfb1b1c706b452b6c388

Road Map for an Application/Software Security Architect (Part 4)

December 15, 2009 Added by:Stephen Primost

Planning your application's use of the digital identity is not an after-thought of system architecture. At the least, it might offer the occasional lack of reliable and conflicting information. At the worst, it provides little, if no protection, at all. And like the proverbial little dutch boy, you will be putting fingers in the holes of the dike, attempting to shore up an weak infrastructure with...

Comments  (0)

Ba5964a1284ac16d4277991e7225699c

Why Regular Malware Scanning is important for your customers...

December 15, 2009 Added by:Jason Remillard

The path to website security is littered with good intensions of course, however, the intensions need a revamp in order to prove good.  In this case, the good ol' days of giving your clients an ssl cert, a simple firewall on there server are NOT GOOD ENOUGH.

Comments  (6)

8d04c13e080ecc73656118e7650fbb4c

Facebook's New “Transition” Tool and Privacy

December 11, 2009 Added by:Todd Zebert

12/9/09 Facebook launched “new privacy settings and tools to give you greater control over the information you share on Facebook”. For many users this may be their first exposure to Facebook privacy settings, and while it’s better than nothing, it can be improved greatly.

Comments  (0)

F6bae6ee0c7dfe5b62860cc8ebf311fe

User Education - A Light Hearted Anicdote

December 11, 2009 Added by:John England

I had just been reading the post on Reacting to Security Vulnerabilities, and was reading the good usage guide at the bottom, and it made me think of something and chuckle. My partner has a 17 year old daugher, who is typical in running MSN/facebook, torrent clients, and generally no consideration for the type of sites she c...

Comments  (0)

0f48ebb4a6ca02dbf5141affdbfa6898

Growth as a Process

December 09, 2009 Added by:Bill Wildprett, CISSP, CISA

It’s a great time to be a security professional, always so much to keep learning and to do!  I’ve been working on personal and professional growth, looking for ways to define myself as a consultant and differentiate myself from the ‘Big Guys’.

Comments  (0)

F6bae6ee0c7dfe5b62860cc8ebf311fe

Boole server - Data centric remote access, auditing and encryption

December 09, 2009 Added by:John England

Maintaining confidentiality and protection of data from unauthorized access are basic requirements for a security system. Boole Server is able to fulfil these protection requirements to a very high standard. Ease of use and versatility in configuration enables Boole Server to be the development platform delivering all the tools necessary for the complete protection of information circu...

Comments  (0)

D5e39323dd0a7b8534af8a5043a05da2

Packet fragmentation vs the Intrusion Detection System

December 08, 2009 Added by:Fred Williams

How well does Snort IDS handle packet fragments when the fragments could contain a potentially malicious software attack? Let's read on.... I found a really great article written in 2007 on how an author setup a lab environment to test this theory.

Comments  (2)


« First < Previous | 472 - 473 - 474 - 475 - 476 | Next > Last »