Latest Blog Posts

0f48ebb4a6ca02dbf5141affdbfa6898

The 800-lb Dragon’s APTitude

February 06, 2010 Added by:Bill Wildprett, CISSP, CISA

I’ve been following the news about the Google hacks and ‘Operation Aurora‘ as McAfee called it, for a while.  There’s a plethora of online articles about this and why China would do this, which the PRC government denies pro forma.  It’s about nationalistic young Chinese and about PRC government, economic and military strategic interests.

Comments  (1)

6d117b57d55f63febe392e40a478011f

More Talks with Anti-Jihadi Hacker The Jester

February 04, 2010 Added by:Anthony M. Freed

Anti-jihadi hactivist The Jester (th3j35t3r), the self-proclaimed Nicest Hacker in the World, has returned for part two of our conversation concerning his campaign of intermittent disruption of militant pro-jihad websites.

Comments  (1)

426c2c140d842b9f9c538b204ff83a6d

Eating your own dog food - how a Security Software company uses Security

February 04, 2010 Added by:Larry Ketchersid

Remember the gentleman in the commercial for Hair Club for men who said “I'm not only the President, but I'm a customer”? While there are days when the hair club tempts me, it is security solutions that my company, Media Sourcery, provides. And, like many of Infosec Island's members, the information, data and documents that we exchange with our customers are proprietary, confidential a...

Comments  (1)

Cc5b3987fdda8edb89d6f82eb0d64fed

Comet's Home Page

February 02, 2010 Added by:_ Comet

Some useful resources and links from one of our members

Comments  (2)

34200746591339726df9791b17bc885c

In Rebuke of China

February 02, 2010 Added by:Tom Schram

In the current issue of Foreign Affairs, former NATO Commander General Wesley K. Clark and current Department of Veteran Affairs CTO Peter Levin write:  “There is no form of military combat more irregular than an electronic attack: It is extremely cheap, is very fast, can be carrier out anonymously, and can disrupt or deny critical servi...

Comments  (3)

6d117b57d55f63febe392e40a478011f

Hacktivist Tactics Raise Ethical Questions

January 27, 2010 Added by:Anthony M. Freed

Recently we have witnessed the emergence of international hactivist and vigilante “the Jester” through his crusade against jihadi and militant Islamic networks...Jester’s activities raise an important question:  Where do cyber vigilantes fall on the infosec ethics spectrum?

Comments  (19)

1e44bd91360d3c685c3d78efcf0bea2e

Consider Outsourcing Your Network Security

January 27, 2010 Added by:Ken Leeser

As more and more critical applications and services move to the cloud, organizations are increasingly receptive to the idea of using a managed security service to protect their network and information assets.

Comments  (1)

F0a7d979c6e57d746e1164ed6e44678e

Is the Recent Chinese Google Hack the most Serious Privacy Breach of the Year?

January 21, 2010 Added by:Brent Carey

Last week Google announced that it was the victim of a hack in China. Word of the attack spread quickly and the German, French and Australian governments issued warnings about using internet Explorer. I'm amazed that this incident has not received more commentary from the privacy and security communities. Is this not   the most serious data privacy breach in a search engine’s histo...

Comments  (1)

7fef78c47060974e0b8392e305f0daf0

Infosec Island™ Acquires Information-Security-Resources.com

January 19, 2010 Added by:Infosec Island Admin

We are pleased to announce that Infosec Island™ has acquired www.information-security-resources.com, one of the leading online news portals addressing security issues. ISR's audience is predominantly CxO level decision makers from Fortune 500s, small and mid cap enterprise, aerospace, defense, government, health care, and education....

Comments  (2)

Ba5964a1284ac16d4277991e7225699c

Rockyou.com - Gets Rocked again - this time a PII Lawsuit

January 02, 2010 Added by:Jason Remillard

Well, its happened. This time, the users themselves have taken action against rockyou.com for their inadvertent disclosure of customer information. As we previously reported, Rockyou was hacked and disclosed it looks like over 32,000,000 accounts. Yes, 32 Million!

Comments  (1)

A3e8b5e0becdbfb1b1c706b452b6c388

Road Map for an Application/Software Security Architect (Part 5)

December 30, 2009 Added by:Stephen Primost

Without a Digital Identity, how would you expect to do any authentication? And with an incomplete Digital Identity, how would you expect to get the authorization done correctly? Without the proper data model and the expectation that it would have the correct data (besides being in the right place at the right time), securing a system is impossible, although having the information, it is the easies...

Comments  (0)

D5e39323dd0a7b8534af8a5043a05da2

So, you wanna network online too?

December 30, 2009 Added by:Fred Williams

I previously listed ways to gain valuable information on hacking targets using little work and no dumpster diving. The previous post was geared towards attacks computer systems but not human targets.What is a little more interesting is attacking specific people. This is one of the key issues behind Facebook' recent privacy issues. Never mind a user setting a "privacy filter" ...

Comments  (2)

D5e39323dd0a7b8534af8a5043a05da2

So, you wanna post some personal data on the Internet?

December 26, 2009 Added by:Fred Williams

I've been reading the book Hacking the Next Generation by Dhanjani, Rios and Hardin and that got me to thinking.... The authors explain in the chapter "Intelligence gathering" that in order to execute a successful attack against a target, the attacker must gain as much intelligence about the target as possible.

Comments  (0)

Ba5964a1284ac16d4277991e7225699c

aweber comes clean, sort of....splatter effect continues

December 22, 2009 Added by:Jason Remillard

 While finally acknowledging their security exposure, aweber has done little to placate its user base judging by the responses and pleadings I've seen online.  Yes another example of what I'm calling the 'splatter' effect.  The damage that is borne upon others related to the security exposure, that is usually not measureable but definately has an impact.

Comments  (0)

09e5dbdf8a3bd6dccce5621459b11e26

Containment Phase - Incident Response

December 19, 2009 Added by:Mark Bennett

...the whole point of Incident Response..Having a Plan! In the containment phase of Incident Response you want to prevent the attacker from getting any further into the organization or spreading to other systems.

Comments  (0)

0f48ebb4a6ca02dbf5141affdbfa6898

It’s ‘Defense in Depth’, not ‘Dense in Depth’

December 18, 2009 Added by:Bill Wildprett, CISSP, CISA

I sit, dumbfounded with amazement after reading that insurgents in Iraq have been intercepting Predator drone video feeds and that the Pentagon has known about this for a year now.

Comments  (1)


« First < Previous | 480 - 481 - 482 - 483 - 484 | Next > Last »