So, if you have an RSS reader or aggregator tracking hacking/security related topics, you may have caught the release information about our free wordpress security plugin, WP-Secure by SSM. We found that the majority of our clients (wordpress-related) didn't do even the basics of system lockdown...
Infosec Island is committed to serving the risk mitigation needs of SMBs and mid-market enterprises across numerous industries, government agencies, legal, financial, healthcare, educational, nonprofit organizations, and the information security community at large.This weekend, BusinessWeek.com will feature our own Anthony M. Freed, Editor and... more
News surrounding the attacks at Google and other companies are a dime a dozen and, while we have not seen any evidence publicly disclosed, we too can speculate along with everyone else. My first thoughts surrounding the news of the attack led me to believe that the compromise may have been an inside...
Cisco’s existing product lines offer a number of different appliance options which allow companies the ability to block the various web based threats in existence. The problem that this type of solution has is that it does require constant tweaking of the filtering and analysis settings as well as someone to constantly keep an eye on current events as zero-day attacks become more prominent.
According to Consumer Reports’ 2009 State of the Net Survey, cybercriminals have bilked $8 billion from consumers in the past two years, and McAfee warns consumers not to fall victim to the twelve most dangerous online scams that computer users face this holiday season.
Advancements in technology over the past decade have created a tremendous amount of opportunity for the savvy businessperson. Whether it’s mobility, streamlined processes, marketing, or the ability to sell to a global market, there’s never been a better time to be in business. Like anything good, there is always a negative…
The publishers of Infosec Island are now enrolling experienced network security professionals to become Island Bloggers and Forum Moderators. Register and complete your profile, and you will be eligible to win one of over $10,000 in products and services.
Actively blogging for a quality outfit like Infosec Island has benefits for professional who want to bring attention to their expertise and the solutions they bring to market to mitigate threats, and can bring much needed business in this rough economy.
Simply register, complete the short profile and upload your picture or avatar, then apply for blogging privileges.
Be sure to complete your profile so you are eligible to win one of over $10k in prizes in our Q1 membership drive, and feel free to contact me through the Island in-mail, or directly at AFreed@WireHeadSecurity.com for more details.
* Grand Prize - a FREE core server license, including maintenance, of the Grid Data Security's Enhanced Authentication Solution from SyferLock™. This prize has a value of up to $10,000.
* Second Prize - The member winning second prize will receive two myKryptofon security software products from I.D. Rank Security.
* Third Prize - Two third prize winners will receive an EncryptStick™ software application download from Onix International Inc.
Write on!The publishers of Infosec Island are now enrolling experienced network security... more
"There is an UNEQUAL amount of good and bad in most things, the trick is to work out the ratio and act accordingly…" The Jester
Infosec Island has once again gained exclusive access to a video demonstration of the XerXeS DoS attack recently developed by the infamous patriot-hacker known only as The Jester (th3j35t3r).
This new video shows a little more of the XerXeS dashboard, and reveals even more about the attack technique – watch the text box on the left as Jester mentions “Apache” for the first time outside of our private conversations...
How will we ever get a leg up on hackers who are infecting computers worldwide? Microsoft's security chief laid out several suggestions Tuesday, including a possible Internet usage tax to pay for the inspection and quarantine of machines.
Today most hacked PCs run Microsoft's Windows operating system, and the company has invested millions in trying to fight the problem.
Microsoft recently used the U.S. court system to shut down the Waledac botnet, introducing a new tactic in the battle against hackers. Speaking at the RSA security conference in San Francisco, Microsoft Corporate Vice President for Trustworthy Computing Scott Charney said that the technology industry needs to think about more "social solutions."
The flaw lies in the management memory level (Virtual Machine Monitor). By leveraging this vulnerability it is possible to bypass security mechanisms of the operating system such as Data Execution Prevention (DEP), Safe Structured Error Handling (SafeSEH) and Address Space Layout Randomization (ASLR) designed to prevent exploitation of security bugs in applications running on Windows operation systems...
The U.S. Department of Defense (DoD) announces the official approval of the EC-Council Certified Ethical Hacker (CEH) certification program as a new baseline skills requirement for U.S.cyber defenders. Specifically, the new Certified Ethical Hacker program is required for the DoD's computer network ...
Analyzing an incident when the manufacturer claims that it’s an operator error and the operator claims that it is an application error is one of the most daunting tasks of a security officer. And this is a type of incident that the security officer will be called upon to investigate simply because the management needs an independent observer and has doubts both in the operator as well as the manufacturer. Here is what to do when thrown into the fire…Analyzing an incident when the manufacturer claims that it’s an operator error... more
Companies buy these so called certified products thinking they have the magic bullet to solve their ITIL project, and they’ll skip the hard part, which is designing the processes for their organization.
So instead of a magic bullet they’ll just shoot themselves in the foot with a real bullet.
ITIL isn’t about specific products but instead about putting in processes that bring efficiency to the organization.Companies buy these so called certified products thinking they have the magic bullet... more
Despite the fact that CDI has inherent weaknesses, as do all of the prior fraud prevention technologies, it is providing tremendous benefit to many companies, ranging from credit and loan issuers to social networking sites to online retailers. This is especially true when layering it with other effective technologies.
Large enterprises rely on software products. And as everything else in large enterprises, the software products are large, complex, cumbersome and nearly unchangeable. This last attribute is better known as vendor lock-in. Software vendors love vendor lock-in.
SQL injections have evolved in their purpose and sophistication. Originally meant as a tool to attack a merchant’s database and steal data. The attack was reconfigured last summer to install viruses on users’ computers that contain a remote control component. The bad guys are going after high-profile, high-volume websites, instead of going after the smaller websites, which are easier to inject code into…
The number and types of external threats to a network are growing exponentially, and unless a company has a dedicated and highly specialized team devoted to network security, it’s hard to keep up with the rapidly changing threat landscape. After all, the threats of the Internet are the same for every company regardless of its size.
Open source intelligence (OSINT) is a form of intelligence collection management that involves finding, selecting, and acquiring information from publicly available sources and analyzing it to produce actionable intelligence…
Reading through a Windows security log or any other log can be very difficult and time consuming, so a lot of companies have created their own tools to analyze windows event logs. But before you start going commercial, there is a tool that will get you going without any cost. Against all odds, it’s a tool made by Microsoft!
Ever forge your husband’s signature? Wife’s? Parent’s? Client’s? Do you think the clerk behind the counter at Walmart is skilled in handwriting analysis? The fact is, a handwritten signature provides zero proactive security. If someone signs your name to a check, and you call the bank and say it wasn’t you, they look at the signature and determine whether it’s yours or not. From there they assign liability. That’s dumb.
