tagged w/ identity-theft
-
-
For the average information technology professional, the concept of marketing & selling is an alien skill set; like under-water bagpipe playing. In the eye of the IT pro, this skill is composed mostly of excessive hair-gel, pointless presentations and flim-flam.
However, several new research studies have identified a sea change, once again, heading for information technology professionals. Recently, eWeek released an article that gave a broad outline of a much more in-depth study by the Corporate Executive Board...
https://www.infosecisland.com/blogview/4347-IT-Marketing-There-is-No-App-for-That.htmlFor the average information technology professional, the concept of marketing &... more
-
-
Last month the German government decided that it needed to take a closer look into Google's data collection methods. Google's Street View cars are equipped with wireless antenna's and pick up any available wireless signal along the way. It was originally thought that the Street view cars were just c...
https://www.infosecisland.com/blogview/4057-Google-was-capturing-your-wireless-packets.htmlLast month the German government decided that it needed to take a closer look into... more
-
-
It’s been a while since I’ve talked about Clickjacking, with only a few exceptions here and there. Mostly because I haven’t seen it much in the wild - at least not yet. But there’s still a lot of research out there to be done. I got an interesting email the other day that talked about a way to use parameter pollution (or a mix of URL parameters and POST) to create a condition where you can defeat CSRF tokens...
https://www.infosecisland.com/articleview/3256-Using-Parameter-Pollution-and-Clickjacking-to-Aid-Anti-CSRF-Bypass.htmlIt’s been a while since I’ve talked about Clickjacking, with only a few... more
-
-
The Internet Security Alliance presented Melissa Hathaway with its annual award for vision in cyber security Tuesday during an event at the National Press Club. Hathaway, the Obama Administration’s former acting cyber security chief, received the McCurdy Award on the one-year anniversary of when she began her 60-day review of the government’s cyber security program. ISA believes that Hathaway’s work, if implemented, would result in the establishment of a modern partnership between the public and private sectors, which is necessary for an effective and sustainable system of cyber security.
http://information-security-resources.com/2010/02/09/isa-presents-melissa-hathaway-with-award/The Internet Security Alliance presented Melissa Hathaway with its annual award for... more
-
-
Infosec Island, the new online community designed especially for IT and network professionals who manage information security, risk and compliance issues, today announced its new Q1 membership drive promotion. From now until March 31st, anyone who signs up for a free Infosec Island membership will be automatically entered in the Q1 Infosec Port of Call Drawing to win one of three great prizes.
There are lots of good infosec sources out there, but no other community offers infosec pros the unique combination that Infosec Island does:
• Managed services security platform,
• Premium security services,
• Free security tools,
• Direct communication with peers,
• Secure infosec portal, and
• Built-in social network.
Join today - It's Free!
https://www.infosecisland.com/register.html
http://information-security-resources.com/island-membership-drive-over-10k-in-prizes/Infosec Island, the new online community designed especially for IT and network... more
-
-
Cisco’s existing product lines offer a number of different appliance options which allow companies the ability to block the various web based threats in existence. The problem that this type of solution has is that it does require constant tweaking of the filtering and analysis settings as well as someone to constantly keep an eye on current events as zero-day attacks become more prominent.
http://information-security-resources.com/2010/01/31/web-security-from-a-new-perspective/Cisco’s existing product lines offer a number of different appliance options... more
-
-
Recently we have witnessed the emergence of international hactivist and vigilante “The Jester” through his crusade against jihadi and militant Islamic networks, and some third party networks that contain evidence of having been infiltrated by rogue elements. Jester’s activities raise an important question: Where do cyber vigilantes fall on the infosec ethics spectrum?
http://information-security-resources.com/2010/01/27/q-a-with-anti-jihadi-hacker-the-jester/Recently we have witnessed the emergence of international hactivist and vigilante... more
-
-
These types of attacks are typically launched from computer robots (bots) which are exploited computers which have an Internet connection. These bots are then directed by central controllers to do the tasks assigned. These tasks vary but can include initiating a DDoS attack on a specified target. Now when the combined bandwidth of thousands of bots comes into play, any company can have their Internet connectivity partially or completely blocked.
http://information-security-resources.com/2010/01/20/dos-attacks-and-continuity-of-operations/These types of attacks are typically launched from computer robots (bots) which are... more
-
-
The way most of the vendors do PC security makes it very easy for the bad guys to circumvent their software pretty quickly, said John Viega, vice president of engineering at McAfee and author of a new book, The Myths of Security: What the Computer Security Industry Doesn’t Want You to Know. The technologies generally have not gotten good enough fast enough, and there hasn’t been the best collaboration between vendors, even though they do collaborate, he added. They are getting better, but some vendors, who market by publicly announcing vulnerabilities in popular software packages, do more to hurt than help…
http://information-security-resources.com/2010/01/10/broadcasting-vulnerabilities-hinders-security/The way most of the vendors do PC security makes it very easy for the bad guys to... more
-
-
In China today, there are thousands of people in a sustained effort to collect intelligence, many of them on an entrepreneurial basis within a competing bureaucratic structure. China understands that a strategic vulnerability of the United States is its soft cyber underbelly. I believe they seek to ‘own’ that space, says Mike McConnell, former director of National Intelligence and director of the NSA.
http://information-security-resources.com/2009/12/13/report-china-probing-soft-cyber-underbelly/In China today, there are thousands of people in a sustained effort to collect... more
-
-
This week’s revelation that the Transportation Safety Administration exposed its rules for airport security screening online is outrageous. As holiday travel ramps up, the possibilities and repercussions are horrifying. Coupled with the huge rise in information security breaches across many sectors and rampant identity theft, the TSA’s breach sets the stage for potential disaster.
http://information-security-resources.com/2009/12/09/tsa-breach-is-a-nightmare-for-holiday-travel/This week’s revelation that the Transportation Safety Administration exposed its... more
-
-
-
CIOs are starting to embrace the idea of protecting against the risk that comes about as the unintended consequence of Web 2.0 technology. At the same time, data is becoming increasingly regulated, which is creating new exposures, particularly in the areas of data privacy and reputational risk,” Drew Bartkiewicz, vice president of cyber and new media risk at The Hartford, tells CIOZone’s Latom McCartney.
http://information-security-resources.com/2009/12/07/cyber-liability-insurance-mitigates-exposure/CIOs are starting to embrace the idea of protecting against the risk that comes about... more
-
-
Every week for the past four years the Privacy Rights Clearing House has been chronicling data breaches on a weekly basis. “These are the mega-breaches that can skew the figures in terms of the number of people victimized,” says Paul Stephens, PRCH’s director of policy and advocacy. Here are the ten biggest, most damaging and most embarrassing breaches to date this year.
http://information-security-resources.com/2009/12/04/ten-most-damaging-data-breaches-of-2009/Every week for the past four years the Privacy Rights Clearing House has been... more
-
-
Typically, the economics of cyber security are not readily transparent and they are poorly appreciated. When defensive investment is compromised by factors beyond an organization’s control, the motivation for continued investment is reduced substantially. Effective and sustainable improvements in our collective cyber security posture will stem from a comprehensive understanding of how to effectively motivate all players across our economic landscape to actively engage in proven best-practices in both their business and individual cyber activities.
http://information-security-resources.com/2009/12/03/isalliance-delivers-cyber-security-report/Typically, the economics of cyber security are not readily transparent and they are... more
-
-
“First, the President is correct in his appreciation of the need to view cyber security as not just a technical and security issue, but as an economic one as well. In the 21st century - the digital century - economics and security are opposite sides of the same coin. You cannot affect one without impacting the other.” ~ Congressional Testimony
http://information-security-resources.com/2009/11/18/isalliance-cyber-security-is-economic-issue/“First, the President is correct in his appreciation of the need to view cyber... more
-
-
-
The ISA will release a new cybersecurity report, which proposes frameworks for taking key issues in the Obama Administration’s “Cyberspace Policy Review” document to the next level, in an effort to achieve tangible progress. The report will include frameworks for creating a new, practical model for information sharing; addressing the international nature of cybersecurity issues; developing a market for adopting good security standards and practices; building a highly educated digital workforce; and managing the global IT supply chain.
http://information-security-resources.com/2009/11/11/isalliance-to-release-cyber-security-report/The ISA will release a new cybersecurity report, which proposes frameworks for taking... more
-
