A well known Information Security researcher who is best known for his recent work in collating and archiving reports of the often-inextricably linked forerunner to identity theft, data loss, has recently spoken out against the seemingly poor standard of compensation generally offered by the affected companies to their consumers.
A less known part of the recent ARP attack against H D Moore's MetaSploit site was an attempted Denial of Service attack that coincided with the successful ARP attack.
Information security experts have been steadily increasing their awareness and concern over the risks associated with poorly managed Serial Control and Data Acquisition systems (SCADA), normally used to control and manage public utilities, such as sewage, power, water, and other electronic interfaces to engineered systems.
It isn't often that old hacking methods make significant news, but an ARP attack received widespread attention earlier this week, more so for the perceived target, than for the actual attack itself.
The Times of India recently reported a case that will strike fear into the hearts and minds of information security specialists and C-level executives that support and promote the use of outsourcing for company processes and operations.
Following TJX's major loss of credit card data last year, the company implemented a series of internal changes that were meant to make it more difficult for theft to take place again in the future. The only problem was that the implementation was not exactly ideal and at least one TJX employee identified this and made an effort to report the situation internally. When faced with no response from the company, he chose to release the information publicly.
Remaining platform and technology agnostic in Information Security is a progressively more difficult task as people and companies develop the skills and abilities to form professional fee-based relationships with the vendors that they previously reported about.
A Zip Bomb is a small Zip file that exploits capabilities of compression algorithms and settings to expand into a file or set of files that consume system resources to the point of system unusability. Didier Stevens, continuing his recent work in finding interesting sections of the PDF data scheme, has described techniques for the PDF equivalent of the Zip bomb, or a PDF Bomb.
Recent reporting from AP and The Charleston Gazette demonstrates that selling snake oil will eventually catch up with you. LifeLock, an identity theft protection company based in Arizona, is facing a class-action lawsuit alleging that their services are 'inept' at preventing identity theft from taking place.
Antivirus and antimalware developers have been in the spotlight for the last month or so and have been the focus of malware developers for much longer over the plan to run the Race to Zero contest at this year's DefCon in Las Vegas. Now, it might be the turn of companies that produce and promote 'This Site is Safe from Hackers'-style certification and coverage for their clients to share the spotlight.
Hurricane Katrina proved a fertile ground for fraudsters to scam money off those willing to help the needy. Now the China earthquake has bred a new variant of the morally reprehensible, with donated funds being siphoned off one charity site.
If you are running a Debian-based Linux system and haven't already caught up with the announcement [1] that there was a major flaw with the generation of SSH, OpenVPN, DNSSEC, SSL/TLS session keys and X.509 certificate key material, you might want to update your system to address the problem.
Many Information Security practices have outcomes that are difficult to quantify. How do you prove that your measure is effective at preventing whatever malicious activity is out there from being effective against your system?
Unintentional exposure of sensitive data through Word files is a has caused problems for companies in the past, especially when people forget that Track Changes can easily allow document recipients to view information that has been deleted or sanitised for release.
Recent research is suggesting that Google's audio capture is the latest in a string of CAPTCHA's to have been defeated by software.