-
1.Default key algorithm in Thomson and BT Home Hub routers | GNUCITIZEN (www.gnucitizen.org)
-
2.Schneier on Security: Information Leakage from Keypads (www.schneier.com)
Not exactly high tech... but I have used this technique myself!
-
3.London Stock Exchange to abandon failed Windows platform - Computerworld Blogs (blogs.computerworld.com)
-
4.Serious SMS vulnerability discovered for the iPhone (www.neowin.net)
-
5.Counterfeiters, Pirates and Organized Crime : Information Security Resources (information-security-resources.com)
There is a threat difficult to quantify or even detect, one that has not yet grabbed the headlines or captured the imagination, and yet is relentlessly and efficiently looting, pillaging and plundering the U.S. and global economies of their magic ingredient — trade secrets.
-
6.A Closer Look at Facebook's New Privacy Options (www.readwriteweb.com)
Good, Gooder, Good enough?
-
7.Cisco-may-take-on-microsofts-office | Breaking News! (diarybuzz.com)
Oh boy....
-
8.Techworld.com - ATM vendor threatens security firm over flaw (www.techworld.com)
-
9.Stiennon Talks to SecureLexicon’s Steven Fox : Information Security Resources (information-security-resources.com)
Listen to the podcast as Steven asks me about “Knowing thy enemy”, “lessons learned”, “crowd sourcing attacks”, “understanding environmental and cultural context”, “Iranian cyber war”, and “political goals”.
-
10.Social Engineering: Anatomy of a Hack (www.csoonline.com)
Cookies key to social engineering (as in tasty ones, not HTTP Session ones), says social engineer.
-
11.Multi-Platform Enterprise Mobility Solutions : Information Security Resources (information-security-resources.com)
There are products out there claiming to be “Enterprise Solutions” that only support a single mobile operating system, or, worse yet, a single version of a single operating system. While these products may do an admirable job managing the subset of devices that run that OS, what about the rest?
-
12.Heartland (HPY) Implements E2EE System : Information Security Resources (information-security-resources.com)
“Monday’s successful test involved Zones 1, 2, 3 and 4,” detailed Steven M. Elefant, Heartland’s executive director of end-to-end encryption. “We believe that protecting data in these zones alone will significantly impact the protection of cardholder data.
-
13.Audits and the Change Management Process : Information Security Resources (information-security-resources.com)
If the auditor observers that no one is showing up to the change management meetings, authorizations are rubber stamped without any real evaluation, unauthorized changes and unplanned outages are occurring regularly, then she will likely flag this as a potential high risk area.
-
14.Making PCI Stand For Coordination & Impact : Information Security Resources (information-security-resources.com)
It will be no small task in terms of cost and effort for many of the impacted companies to make the transition from self-assessment to onsite 3rd party assessment. However, there are ways to lessen the burden and actually drive business-value from the engagement.
-
15.Sun Tzu and The Art of CIO Success : Information Security Resources (information-security-resources.com)
The CIO is a “General”. Generals are not concerned with how the weapons function or how the rank-and-file are performing. This is the job of the lieutenants. The General focuses on the strategic application of resources on the battlefield.
-
16.Model Employees May Be The Insider Threat : Information Security Resources (information-security-resources.com)
It is important to realize that insider threats are not just a people problem, but a technical problem as well. There are certain controls and best practices that you can follow to help identify and address threats and minimize your organizations risk.
-
17.Inside the Due Diligence Value Proposition : Information Security Resources (information-security-resources.com)
Due Diligence can be categorized as a fraud management tool, an information gathering exercise or just a shield that will provide some value in case something goes wrong. It is important to undertake a DD for all transaction irrespective of the value. You cannot evaluate it in terms of ROI. Consider it as a cost just like a premium paid for insurance.
-
18.XSS explained to high level management by cartoon. (www.virtualforge.de)
It's a bit long but provides a good explanation of what XSS is, how it works and how an attacker can use it, even through firewalls and encryption.
-
19.Cyber Security Week In Review: June 27th : Information Security Resources (information-security-resources.com)
Exploits of unpatched Windows bug will jump, says Symantec; Mozilla tackles XSS vulnerabilities with new technology; New Facebook blog: We can hack into your profile; Red Condor’s Spam Trip Wire detects new virus; Adobe Releases Update for Shockwave Player; Gates Creates Cyber-Defense Command; Google clamps down on ‘malvertising’; Hacked high-profile Twitter accounts still spreading malicious links; Spam, Phishing, and Malicious Code Related to Recent Celebrity Deaths.
-
20.Manchester council breaches Data Protection Act (www.v3.co.uk)
Unencrypted laptops go missing, ICO calls foul.
-
21.
'Undocumented' admin accounts in two types of router used by telecoms companies. Doh!
-
22.On Communications Sector Cyber Security : Information Security Resources (information-security-resources.com)
From an “all hazards” approach, we worry about the overall architecture of the system. If there were a major incident in one facility, will we and our customers have what they need to survive a major hit?
-
23.ShackF00 » 10 Things Your Auditor Isn’t Telling You (daveshackleford.com)
It's funny because it's true.
-
24.Acoustic Side-Channel Attacks on Printers (www.infsec.cs.uni-sb.de)
Reconstructing text using the noise from a dot matrix printer. Awesome!
-
25.Sensitive Data and the Pharmacy Industry : Information Security Resources (information-security-resources.com)
There is a surfeit of Information today, and although we have come up with ways and means to store them for eternity, we are still not able to ensure their security. Information is valuable only as long as it remains protected, and once in the hands of people who are likely to misuse it, it turns into a recipe for disaster.
Powered by