tagged w/ Internet Security
-
Anyone in the security field will tell you that information security is affected and addressed at multiple layers within a solution. As part of the evaluation process for an enterprise business solution, particularly one that enables the transport of potentially sensitive data outside the corporate network, a risk analysis should be conducted.Anyone in the security field will tell you that information security is affected and... more
-
-
During phase two of the lifecycle process, between July 1 and November 1, 2009, merchants, processors, financial institutions and other key stakeholders have the opportunity to provide detailed and actionable feedback in an effort to revise future editions of the Council’s standards to improve payment data security.During phase two of the lifecycle process, between July 1 and November 1, 2009,... more
-
-
Rather than struggle with existing processes and culture, security professionals must strive to design solutions that leverage these elements… If information security professionals discuss security within this framework, they can communicate the business value of a given set of solutions. By speaking the language of business they can get the attention of those in control of the budget.Rather than struggle with existing processes and culture, security professionals must... more
-
-
“Nine-Ball” mass injection attack compromised 40,000 sites; Apple accepts Mac’s vulnerability to malware; Google’s online security helps fight malware; Microsoft’s free antimalware beta on the way; Introducing the ISAlliance Information Security Resources News Feed.“Nine-Ball” mass injection attack compromised 40,000 sites; Apple accepts... more
-
-
...And then the code is then deployed into production, which then fails spectacularly. Now the problem isn’t that the QA schedule is slipping. Now the problem is that a potentially mission-critical service is down, and we have a potential Sev 1 outage, requiring the best Ops, QA and Development people to figure out how to restore service.......And then the code is then deployed into production, which then fails spectacularly.... more
-
-
Unlike Russia, who to this day has successfully denied participation in cyber attacks on Estonia, Lithuanian, and Georgia; or China who vehemently denies their massive cyber espionage activities, the US has pretty much lent its support to a communication vehicle that is writing a new chapter in the history of cyber warfare...Unlike Russia, who to this day has successfully denied participation in cyber attacks... more
-
-
Banking, Telecommunications, Power and Energy - anyone and everyone is under internal audit and regulator scrutiny to implement a Security Information Event Management system. But most Security Information Event Management implementations are rushed and placed only to shut up the auditors and to go on as usual. Since it’s a compliance requirement, the Security Information Event Management salespeople very rarely address whether the customer makes proper use of the solution, and whether this solution brings benefits to the company.Banking, Telecommunications, Power and Energy - anyone and everyone is under internal... more
-
-
There is a compelling lesson in this fact. A decade ago, such stories rarely made it onto the news wire or into the courts. Today, they are commonplace. Unfortunately, the awareness and defenses required to thwart such damaging activities, although economical and effective, are far from commonplace. Our hope is to change that.There is a compelling lesson in this fact. A decade ago, such stories rarely made it... more
-
-
Introducing the ISAlliance Information Security Resources News Feed: In our continued effort to provide membership with access to the latest developments and relevant issues being addressed by compliance, IT and security professionals today, the ISAlliance would like to introduce the addition of the Information Security Resources News Feed to our website selections; BKIS – Deep Freeze application fails to detect new Chinese worm; Hackers to release Apple iPhone OS 3.0 software jailbreak; ‘Golden Cash’ botnet-leasing network uncovered.Introducing the ISAlliance Information Security Resources News Feed: In our continued... more
-
-
From a legal standpoint, cloud computing appears to raise a host of essentially contractual issues to be addressed by the parties’ contract or licensing arrangements. There are also potential regulatory issues (ranging from privacy to export control issues), potential e-discovery issues, and certainly other issues that have not yet crossed my mind.From a legal standpoint, cloud computing appears to raise a host of essentially... more
-
-
From The Internet Security Alliance: Busted: international telephone hacking conspiracy. Apple patches Java flaws, at last. Locating VoIP callers in emergencies. ISAlliance/NIST/DHS VOIP SECURITY PROGRAM - CALL TO PARTICIPATE...From The Internet Security Alliance: Busted: international telephone hacking... more
-
-
By Dwayne Melancon, Tripwire’s VP of Corporate and Business Development: To net it out, there is a lot going on – some converging, some diverging. Choosing from different solutions to the same problems is what our jobs as business and IT practitioners are about. That’s why we get paid the industry-adjusted, median bucks.By Dwayne Melancon, Tripwire’s VP of Corporate and Business Development: To net... more
-
-
“Invincibility is in oneself, vulnerability is in the opponent” - Sun Tzu. Dictionary.com defines invincibility as being “incapable of being conquered, defeated, or subdued.” In the context of The Art of War, this is accomplished through self-defense. Individual self-defense requires awareness of one’s tactical and strategic strengths and vulnerabilities. Once this awareness is developed, one projects the image that reduces the risks created by potential opponents. While different in scope, this model is applicable to a corporation.“Invincibility is in oneself, vulnerability is in the opponent” - Sun Tzu.... more
-
-
From The Internet Security Alliance: More scamming and spamming on Twitter. Symantec warns of wireless keyboard security threat. Chrome update completes busy browser patch week. Microsoft to launch Morro antivirus ‘soon.’ The Department of Homeland Security (DHS) Office of Cybersecurity and Communications (CS&C) National Cyber Security Division (NCSD), the Department of Defense (DoD) and National Institute for Standards and Technology (NIST) Information Technology Laboratory will host the Software Assurance Forum and Working Group Sessions…From The Internet Security Alliance: More scamming and spamming on Twitter. Symantec... more
-
-
According to research firm, Gartner, banks, online payment organizations and other financial institutions are bearing most of the financial cost of phishing attacks. (A survey of nearly 4,000 US consumers revealed a 40% increase in the number of phishing victims in 2008 over the year before to five million.) “The findings underline the fact that the war against phishing is far from over,” said Avivah Litan, analyst at Gartner. Yes, the very same Avivah Litan who says “never” enter your PIN on the Internet unless it’s hardware based.According to research firm, Gartner, banks, online payment organizations and other... more
-
-
Radware has been raising some eyebrows lately, and although they have a global presence they have not established a huge footprint in North America. But when they hired away one of Fortinet’s top SE’s in Canada I started to get the idea that they were ready to come back.Radware has been raising some eyebrows lately, and although they have a global... more
-
-
The Department of Homeland Security (DHS) Office of Cybersecurity and Communications (CS&C) National Cyber Security Division (NCSD), the Department of Defense (DoD) and National Institute for Standards and Technology (NIST) Information Technology Laboratory will host the Software Assurance Forum and Working Group Sessions.The Department of Homeland Security (DHS) Office of Cybersecurity and Communications... more
-
-
Wikipedia Scanner -- the brainchild of Cal Tech computation and neural-systems graduate student Virgil Griffith -- offers users a searchable database that ties millions of anonymous Wikipedia edits to organizations where those edits apparently originated, by cross-referencing the edits with data on who owns the associated block of internet IP addresses.
Inspired by news last year that Congress members' offices had been editing their own entries, Griffith says he got curious, and wanted to know whether big companies and other organizations were doing things in a similarly self-interested vein.
"Everything's better if you do it on a huge scale, and automate it," he says with a grin.Wikipedia Scanner -- the brainchild of Cal Tech computation and neural-systems... more
-
-
Open ID is now being used by Facebook, Yahoo, Flickr, Paypal, Google, Microsoft, AOL, MySpace, IBM, LiveJournal and VeriSign, among many others.
OpenID is a distributed single sign on solution that allows people to sign into different services with the same login credentials.
Simply put, one cracked OpenID site (by hackers, the government, parents, etc) could result in total profile information access and/or one's identity being abused over several other OpenID sites.
The creator of OpenID currently works at Google.
See: http://en.wikipedia.org/wiki/OpenID#Security_and_phishingOpen ID is now being used by Facebook, Yahoo, Flickr, Paypal, Google, Microsoft, AOL,... more
-
