Unfortunately for the frequent flyers among us, recent industry research from TrustWave’s Spider Labs showed that hackers went after hotel networks more than any other destination in 2009, accounting for 38% of all known security breeches, more than the financial services industry (19%) and retail industries (14.2%) combined.
Thoroughly securing a Cisco router (or any router) is a topic that can require its own book(s) (see the references at the end of this article). I will cover the basics here though. The low hanging fruit.
A breif history and evolution of the web...Way back when, the first webserver was created, serving HTML documents. HTML was designed to show documents with hypertext links, and also to allow the documents to have semantic markup that would be displayed to the reader.
Does building block lists of IP addresses that are "apparently" spammers and distributing this list without notifying the offending party vigilantism or service provision? I lean toward them being vigilantes. Perhaps if a mechanism was in place to warn the alleged spammer they are about to be blocked, the service would seem more friendly...
Your latest Vulnerability Assessment is likely a waste of your IT Budget dollars! Why? The reason is that today the most prevalent and highest risk vulnerabilities reside within desktop application vulnerabilities and in most cases they are NOT even being included in the testing process. To make matters worse, malicious individuals and members of organized crime are targeting these vulnerabilities, because they know they are the proverbial low hanging fruit.
Information Security Gurus and Marketing Professionals are often at odds with each other in the business realm. Marketing used to primarily be a print and face to face business function. Thanks to the over-haul of standard marketing strategies, marketing has grown new roots on the web and has found itself buried deep within social networking sites like LinkedIn, Facebook and Twitter. The need for businesses to have an online foot print is critical to reach the masses in today's competitive environment, but the potential loss of client data and security threats to your network are daunting...
In a recent client memorandum (pdf), Willkie, Farr and Gallagher, LLP comments on the the intergovernmental Financial Action Task Force release of a list of 28 countries having serious deficiencies in their strategies for countering money laundering and the financing of terrorist activities. The “U.S. Response” subject paragraph is of particular interest.
The Internet has made our personal and professional lives very transparent. We now live in the fishbowl. Despite what many will argue, your privacy is no longer fully in your control. What you say, do and post can live forever. You are being judged in the process. And there are repercussions for those choices you make more now than ever.
SSH is a perfect security alternative to Telnet and has been used by system administrators and IT managers to configure, implement servers and network devices. Here I wanted to list a manual on Secure Shell usage.
"There is an UNEQUAL amount of good and bad in most things, the trick is to work out the ratio and act accordingly…" The Jester
Infosec Island has once again gained exclusive access to a video demonstration of the XerXeS DoS attack recently developed by the infamous patriot-hacker known only as The Jester (th3j35t3r).
This new video shows a little more of the XerXeS dashboard, and reveals even more about the attack technique – watch the text box on the left as Jester mentions “Apache” for the first time outside of our private conversations...
...the results from the annual "Human Factor in Laptop Encryption" study performed by Absolute Software and the Ponemon Institute reveal some very interesting metrics about the use/adoption of encryption software and the risk posed to businesses from the loss of unencrypted media.
News surrounding the attacks at Google and other companies are a dime a dozen and, while we have not seen any evidence publicly disclosed, we too can speculate along with everyone else. My first thoughts surrounding the news of the attack led me to believe that the compromise may have been an inside...
Brian Krebs reveals that Fiserv, a “Fortune 500 company that provides bank transaction processing services and software to more than 16,000 clients worldwide,” is urging customers not to use the most updated version of Adobe Reader.
Microsoft published security advisory 981169 yesterday in response to the zero day vulnerability reported a few days prior. The vulnerability is in the help system and can be triggered by luring an Internet Explorer user into pressing the F1 key. Windows 2000, Windows XP SP2 & SP3, and Windows 2...
Today, many people are looking for very simple solutions to big and complex problems – and the area of logging and log management is no exception. Following that theme, we have created a "Critical Log Review Checklist for Security Incidents" which is released to the world today.
The information available on the internet can be a blessing and a curse at the same time. The multitude of information can be overwhelming for the newly annointed "Padawan" learner. One thing was clear....Forensic analysis was an art rather than a science. My hope of finding a "Cliff'...
Microsoft published security advisory 981169 yesterday in response to the zero day vulnerability reported a few days prior. The vulnerability is in the help system and can be triggered by luring an Internet Explorer user into pressing the F1 key. Windows 2000, Windows XP SP2 & SP3, and Windows 2003 SP2 with Internet Explorer 7 and Internet Explorer 8 are all affected...
The economic and business challenges of the last year have forced changes to business priorities in many areas. For IT, increased scrutiny was placed on data leakage and security. When times are good, businesses can become distracted with new products and technologies. It is not until budgets are cut that the focus moves inward.
Very interestingly enough, in the past five or six days we have been detecting ad networks including Google Adsense, Adultadwords, and Adbrite allowing malware-laden ads on their networks.
We are not the only ones who have identified this issue, check out the following links for more information about them:
The work of protecting information is becoming more difficult with time. The recently discovered attacks on Google, Adobe, Marathon Oil, ExxonMobil, and ConocoPhillips illustrate an alarming trend. The attacks even gave rise to a new attack model, the Advanced Persistent Threat (APT).