The flaw lies in the management memory level (Virtual Machine Monitor). By leveraging this vulnerability it is possible to bypass security mechanisms of the operating system such as Data Execution Prevention (DEP), Safe Structured Error Handling (SafeSEH) and Address Space Layout Randomization (ASLR) designed to prevent exploitation of security bugs in applications running on Windows operation systems...
News surrounding the attacks at Google and other companies are a dime a dozen and, while we have not seen any evidence publicly disclosed, we too can speculate along with everyone else. My first thoughts surrounding the news of the attack led me to believe that the compromise may have been an inside...
Advancements in technology over the past decade have created a tremendous amount of opportunity for the savvy businessperson. Whether it’s mobility, streamlined processes, marketing, or the ability to sell to a global market, there’s never been a better time to be in business. Like anything good, there is always a negative…
The publishers of Infosec Island are now enrolling experienced network security professionals to become Island Bloggers and Forum Moderators. Register and complete your profile, and you will be eligible to win one of over $10,000 in products and services.
Actively blogging for a quality outfit like Infosec Island has benefits for professional who want to bring attention to their expertise and the solutions they bring to market to mitigate threats, and can bring much needed business in this rough economy.
Simply register, complete the short profile and upload your picture or avatar, then apply for blogging privileges.
Be sure to complete your profile so you are eligible to win one of over $10k in prizes in our Q1 membership drive, and feel free to contact me through the Island in-mail, or directly at AFreed@WireHeadSecurity.com for more details.
* Grand Prize - a FREE core server license, including maintenance, of the Grid Data Security's Enhanced Authentication Solution from SyferLock™. This prize has a value of up to $10,000.
* Second Prize - The member winning second prize will receive two myKryptofon security software products from I.D. Rank Security.
* Third Prize - Two third prize winners will receive an EncryptStick™ software application download from Onix International Inc.
Write on!The publishers of Infosec Island are now enrolling experienced network security... more
The U.S. Department of Defense (DoD) announces the official approval of the EC-Council Certified Ethical Hacker (CEH) certification program as a new baseline skills requirement for U.S.cyber defenders. Specifically, the new Certified Ethical Hacker program is required for the DoD's computer network ...
Companies buy these so called certified products thinking they have the magic bullet to solve their ITIL project, and they’ll skip the hard part, which is designing the processes for their organization.
So instead of a magic bullet they’ll just shoot themselves in the foot with a real bullet.
ITIL isn’t about specific products but instead about putting in processes that bring efficiency to the organization.Companies buy these so called certified products thinking they have the magic bullet... more
SQL injections have evolved in their purpose and sophistication. Originally meant as a tool to attack a merchant’s database and steal data. The attack was reconfigured last summer to install viruses on users’ computers that contain a remote control component. The bad guys are going after high-profile, high-volume websites, instead of going after the smaller websites, which are easier to inject code into…
Ever forge your husband’s signature? Wife’s? Parent’s? Client’s? Do you think the clerk behind the counter at Walmart is skilled in handwriting analysis? The fact is, a handwritten signature provides zero proactive security. If someone signs your name to a check, and you call the bank and say it wasn’t you, they look at the signature and determine whether it’s yours or not. From there they assign liability. That’s dumb.
The EPA seems to be under attack from all angles when it comes to greenhouse gas regulations — House members seeking to overturn its authority to regulate greenhouse gases, senators calling for delays on regulation, states and industry groups attempting to sue.
These maneuvers are drawing national attention and dividing Democrats in Congress. However, their chances of actual success appear slim. ...
Radisson Hotels & Resorts has posted an open letter to its guests, informing them of a recent data breach but offering little additional information. The data that was accessed includes guests’ names and their credit card or debit card number and expiration date.Radisson Hotels & Resorts has posted an open letter to its guests, informing them... more
Many companies across industries are still working on getting beyond the usage costs for cloud computing to understand the complete costs of migrating, implementing, integrating, training, and redesigning the surrounding and supporting people, processes, and architecture. In fact, three examples from companies that we are working with demonstrate how different details can lead to the same conclusion: uncertainty about the hidden costs of cloud computing…
This week in San Diego, CA the US Navy held the initial planning conference for Trident Warrior ‘10. The Trident Warrior series is the premier annual FORCEnet Sea Trial Event sponsored by Naval Network Warfare Command (NETWARCOM). FORCEnet’s experimental results are incorporated into a definitive technical report used to develop Military Utility Assessment (MUA) recommendations.This week in San Diego, CA the US Navy held the initial planning conference for... more
As sites like Facebook, LinkedIn and Twitter have grown more popular, they have become a hot target for hackers. According to Kaspersky Lab, malicious code distributed via social networking sites is ten times more effective than malware spread via e-mail. Here are the Top 8:As sites like Facebook, LinkedIn and Twitter have grown more popular, they have become... more
In an exclusive conversation with Gyana Ranjan Swain, Salesforce.com’s APAC Regional Marketing VP (APJ) Jeremy Cooper talks about the potential for and the technological advancements in Cloud Computing…
As we all approach the inevitable chaos of the holidays with shopping, company parties, and client gift lists - all on top of Q4 and 2009 reports and wrap ups - please take care care to protect yourself and your family from possible tragedy due to simple oversight...
Microsoft published security advisory 981169 yesterday in response to the zero day vulnerability reported a few days prior. The vulnerability is in the help system and can be triggered by luring an Internet Explorer user into pressing the F1 key. Windows 2000, Windows XP SP2 & SP3, and Windows 2...
So, if my PC is compromised because I don’t have adequate security and $800,000 goes missing from my account, whose fault is it? At first glance some may say the victims, others may say the banks. The fact that there are so many ways passwords can be compromised and accounts can be taken over, and banks know this, it should motivate banks to have redundant security in place. Hacks like this undermine people’s confidence in the system.
“We see many signs that criminals are mimicking the practices embraced by successful, legitimate businesses to reap revenue and grow their enterprises” -Tom Gillis, VP and general manager of Cisco.
According to Cisco Systems’ Midyear Security Report, issued July 14, online criminals are exploiting traditional business strategies as they continue to flourish amid a shaky global economy.“We see many signs that criminals are mimicking the practices embraced by... more
Twitter used to manage botnet; Nasty malware attack targets web developers; Obama site only offers malware; Exploding iPhone/iPods; Old-school virus threatens Delphi files; Attacks may come from inside computers; Study warns of cyberwarfare during military conflicts; Russian hackers stole US IDs for Georgian attacks…Twitter used to manage botnet; Nasty malware attack targets web developers; Obama site... more
Scammers have been devising ways to ride on someone else's coattails since the dawn of time. With every new technology they find another way to make money from nothing. Today I am going to highlight a method that involves Twitter, Yahoo!, and Google AdSense.
I was innocently monitoring my Twitter feed last night when I saw someone tweet "Sophos acquires anti-spam specialist ActiveState.: An article from: Software Industry Report hxxp://censored". Interesting... I used to work at ActiveState and know we were acquired in 2003. Something was fishy...
