Latest Posts
Should SSL be enabled on every website?
October 14, 2009 Added by:Christopher Hudel
Using SSL to secure all websites may seem like an odd choice; most websites contain no "nuggets" worth taking, SSL apparently slows the page load time (especially on over provisioned hosting platforms), and it's not clear if doing so will kibosh any search engine optimizations.
Comments (10)

From the Web
Call for Input on Content Security Policy
October 14, 2009 from: Rsnake's blog at ha.ckers.org
For those of you who have been following the much anticipated Content Security Policy - you’ll be excited to know it’s currently available for early preview. The guys at Mozilla have a blog post explaining the details of where Content Security Policy is and asking for input. As you’d expect it’s not as full featured as it will probably end up being when it finally gets rele...
Comments (0)

From the Web
JavaScript Protocol Comment Newline Injection
October 14, 2009 from: Rsnake's blog at ha.ckers.org
RSnake from ha.ckers.org discusses using newline injection to bypass certain filtering mechanisms and execute JavaScript.
Comments (0)
My Mind is Wave-ering on the Utility, Security and Privacy Aspects
October 14, 2009 Added by:Sudha Nagaraj
Like many other Wave-wannabes, I am also awaiting an invite from Google to try out their all-in-one communication solution Google Wave. But I have my trepidations: over making my private work public, over opening up for comment work that is still being worked out, over messing up “my thoughts” with a thousand other theories, over starting something with the full knowledge that it could...
Comments (0)

From the Web
Mozilla Plugin Check Now Live
October 13, 2009 from: Mozilla Security Blog
A little over a month ago, I talked about a project we had started to inform users when their plugins were out of date. This is a really important project for us, because old versions of plugins can cause crashes and other stability problems, and can also be a major security risk. In the first phase, we focused on the popular Adobe Flash Player plugin, and we were thrilled to see more than 10 mill...
Comments (0)
The parallels between Information Security & Sun Tzu’s-The Art of War
October 13, 2009 Added by:Sean Inman
Correlations between Sun Tzu's Art of War and Information Security from Steve Pinman. "I think most organizations can demonstrate a well thought out plan(s) for dealing with “predictable” security attacks such as viruses and DDoS attacks, but how many organizations are actively engaged in planning for new threats and new attack vectors?"
Comments (1)
Spammers Feasting on the East
October 13, 2009 Added by:Sudha Nagaraj
In India, Diwali or the ‘Festival of Lights’ is round the corner. As the D-day draws closer, Indians are flocking to malls and travel operators to shop and make reservations for the up-coming holidays. At this juncture, Symantec has released an advisory warning users against emails that offer discounts, holiday deals and other enticing subject lines which feature the word Diwali.
Comments (0)
Preventative Measures for Drive-by Malware
October 12, 2009 Added by:Ron Lepofsky
This article identifies preventative measures that both end users and web site managers can implement to protect all concerned from the dangers of drive-by malware.
Comments (0)
Squinting at Cloud Formations
October 12, 2009 Added by:Sudha Nagaraj
The problem with the cloud is that it can evaporate leaving no trace behind! The weekend thunderbolt that hit over a million subscribers of T-Mobile Sidekick, operated by the Microsoft subsidiary, Danger Inc in the US, is standing testimony to the whimsical nature of cloud computing.
Comments (0)
The Fully Auditable Cloud - Fact or Fiction
October 12, 2009 Added by:Bob Broda
Cloud computing is a rapidly growing phenomena that is being evaluated by companies of all sizes. Though it has many positives, much of corporate America is not yet ready to accept migrating major applications to the cloud until concerns about security, privacy, and reliability are addressed.
Comments (0)
Vishing scams are making a return
October 11, 2009 Added by:Sean Inman
On Friday 10/09/2009 it was reported in a ISC Diary update a new Vishing scheme is making its way across AT&T, Sprint and T-Mobiles networks. Vishing is the cousin of Phishing, but this latest attempt indicates that its still a practical method of attack. The recent attack starts with a text message that reports a problem with the victims account. They’re instructed to dial a...
Comments (0)
Does your Security Program align with the organizations goals?
October 11, 2009 Added by:Sean Inman
Do you know the GOALs of your organization? Why does the organization exist? What’s theorganization’s purpose? Even if you work for a “security company,” the organization’s main goal is not going to be security (or at least it shouldn’t be).
Comments (1)
Anti-Social Networking Sites: Part 2
October 09, 2009 Added by:Ron Lepofsky
Since the last blog there has been a steady stream of news about more security threats originating at web sites, particularly from social networking sites. Profit motive appears to be the primary intent of the threats. The methodology is committing identity theft for profit. Below are a sample of four web based news articles to which I refer:
Comments (0)
Anti-Social Networking Sites
October 09, 2009 Added by:Ron Lepofsky
Over the last two weeks security news reports identify social networking sites as distribution points for malware of all sorts and flavours and as botnets for distributing more of the same. In addition, site users seem enthusiastic to reveal personal information to those who would gladly accept the information for purposes of identity theft
Comments (1)
Good Job!
October 09, 2009 Added by:Sandra Avery
CNN Money.com released its pick for the 50 best jobs in America. IT won 3 of the 10 spots, with Computer/Network Security Consultant coming in at number 8. They describe the job as “protecting computer systems and networks against hackers, spyware, and viruses” and list pre-requisites for the job as “major geekdom”.
Comments (0)
Are the days numbered for Chinese handsets in India?
October 09, 2009 Added by:Sudha Nagaraj
In a country with over 400 million mobile phones in use where ten million new phones are being sold every month, a security scare over cheap and illegal handsets imported from China, threatens to silence over 25 million handsets by end November.
Comments (0)

From the Web
Security Defect Testing
October 08, 2009 from: The Oracle Global Product Security Blog
Software vendors aim to release defect-free products. Earlier posts have discussed Oracle Software Security Assurance (OSSA) program and its processes that aim to get us as close to this goal as possible. Automated testing is an important part of OSSA as it helps catch problems missed in earlier stages of the development...
Comments (0)
The Devil in the Downloads
October 08, 2009 Added by:Sudha Nagaraj
Just when the Blackberry has moved over to the consumer segment from the business user segment, a host of security issues plague smartphones. With competition gearing up among smartphone makers, the stress is on innovative applications to drive sales.
Comments (0)
Where are the DBAs?
October 07, 2009 Added by:Infosec Island Admin
What I really want to know is this: Where are the Database Admins (DBAs) these days? I cant tell you how many times in the past 18 months that I’ve found real enterprises running vulnerable databases with default passwords, weak passwords and no real permissions management.
Comments (3)
Painless offsite online backups using 3X Backup
October 07, 2009 Added by:David Strom
David Strom's video review of 3X Systems painless backup system. The 3X Systems Backup appliance is a great way to automatically backup a collection of PCs and servers across the Internet at reasonable cost.