• Most trusted companies for privacy

    Updated: 2011-07-31 15:55:25
    Ponemon Institute is releasing our annual Most Trusted Companies for Privacy study this coming week.  This is the eighth year that we conducted a U

  • Links on your Facebook Wall, (Sat, Jul 30th)

    Updated: 2011-07-30 17:27:54
    We received an email from a reader today about a link on his wife's Facebook wall. The link in ...(more)...

  • Reverse Engineering Tools For Android

    Updated: 2011-07-30 17:17:00

  • Howto: Wireless Ownage Video Of Securitytube.net

    Updated: 2011-07-30 16:19:00

  • Data Encryption Ban? Really?, (Sat, Jul 30th)

    Updated: 2011-07-30 01:48:28
    On Friday an article appeared on techdirt.com claiming that Pakistan is trying to ban encryption und ...(more)...

  • Sony Breaches a Reminder for Enterprises to Check Liability Insurance

    Updated: 2011-07-30 00:21:54
    Not all insurance policies are created equal and organizations should check their policies before a data breach to see if they are covered. In the case of Sony, perhaps not. - Recent high-profile cyber-attacks have renewed interest in cyber-insurance as CEOs worry about covering the cost of a data breach if, or when, they get attacked. However, the policies they are buying may not help them in case of a large-scale breach. Sony is discovering this the hard way a...

  • Spammers Scan Social Networks to Research Targeted Attacks

    Updated: 2011-07-29 21:22:27
    The amount of personal and professional information posted on social networks means it's increasingly easier for criminals to create a detailed profile of their victims. - Social networks provide spammers with plenty of opportunities to scam users in new and more effective ways, a security expert said. Social networks have become ubiquitous, with more than 500 million users on Facebook, 100 million on LinkedIn and a reported 200 million users on Twitter. Google cl...

  • Anonymous Claims Network Breach of FBI Security Contractor ManTech

    Updated: 2011-07-29 19:16:54
    Anonymous continued with its string of attacks designed to embarrass the FBI, this time claiming to have breached the network of ManTech International, the FBI's cyber-security contractor. - As promised, Anonymous has sought to embarrass the FBI with a network attack, this time going after defense contractor ManTech International. quot;Hacktivist quot; collective Anonymous claims to have quot;owned quot; the defense contractor ManTech International and promised to release the sto...

  • 10 Ways to Give Your System Administrators a Break

    Updated: 2011-07-29 18:10:42
    IT Security Network Security News Reviews eWeek HOME NEWS REVIEWS STORAGE SECURITY DESKTOPS NOTEBOOKS MOBILITY Cloud Computing Biz Advisor BLOGS WHITE PAPERS WEBCASTS Security News Security Reviews Security Blogs IT Infrastructure Government IT Open Source Enterprise Networking Applications Videos All eWeek Topics Home IT Security Network Security News Reviews News Reviews 10 Ways to Give Your System Administrators a Break IT Security Network Security News Reviews : 10 Ways to Give Your System Administrators a Break By Fahmida Y . Rashid on 2011-07-29 System administrators have a difficult job . They have to keep track of what users are doing , what applications are running and what information is leaving and coming into the corporate network . Despite repeated reminders , users click on

  • Apple Lion talking on TCP 5223, (Fri, Jul 29th)

    Updated: 2011-07-29 17:31:06
    When Lion first appeared in the Apple App store most of probably blindly click YESYES YES  ...(more)...

  • VMware ESX third party updates for Service Console packages glibc and dhcp - http://www.vmware.com/security/advisories/VMSA-2011-0010.html, (Fri, Jul 29th)

    Updated: 2011-07-29 07:23:33
    ...(more)...

  • Emerging Multi-Tenant Datacenter Markets Underserved But Heating Up

    Updated: 2011-07-29 01:25:00
    Network Computing www.networkcomputing.com RSS Newsletters Current Issue Issue Archives Whitepapers About Us Home News and Analysis Pro Reports Tech Centers Deduplication End to End APM Private Cloud WAN Security Channels Backup Recovery Cloud Computing Cloud Storage Data Center Data Protection Networking Mgmt Private Cloud Servers Storage Storage Mgmt UC VoIP Virtualization WAN App Acceleration Wireless Bloggers Lee H . Badman Frank Berry Jeff Doyle Stephen Foskett Mike Fratto David Hill Howard Marks Joe Onisick Jim Rapoza Tom Trainer Upcoming Events Interop New York Oct 3-7 Register now to attend Interop New York , the IT industry's most comprehensive conference and expo . Learn about important innovations that help get business done while cutting costs and increasing productivity .

  • Java 7.0 released. Get it here - http://blogs.oracle.com/javase/entry/java_7_has_released, (Thu, Jul 28th)

    Updated: 2011-07-29 00:18:39
    ...(more)...

  • Announcing: The "404 Project", (Thu, Jul 28th)

    Updated: 2011-07-28 14:53:07
    We all know that web applications are the new firewall. However, so far we had a hard time collectin ...(more)...

  • EmpowerID Group Manager - Voted WindowSecurity.com Readers' Choice Award Winner - Group Policy Management

    Updated: 2011-07-28 08:00:07
    EmpowerID Group Manager was selected the winner in the Group Policy Management category of the WindowSecurity.com Readers' Choice Awards. ScriptLogic Active Administrator and NetIQ Group Policy Administrator were runner-up and second runner-up respectively.

  • Symantec Earnings Shine Due to 'Toxic' Security Threats, Big Data

    Updated: 2011-07-28 04:45:56
    Strong demand in Symantec's backup, data archiving, data loss prevention and security offerings pushed revenue up 15 percent to $1.65 billion. - Data protection and software management provider Symantec beat Wall Street analyst expectations for its fiscal first quarter thanks to strong performance from its security and data storage business lines. Symantec July 27 reported net income of $172 million, or 22 cents a share, for the fiscal ...

  • LulzSec, Anonymous Hacker Arrests Won't Solve Security Attacks

    Updated: 2011-07-28 04:20:07
    News Analysis: Even if law enforcement organizations arrested everyone in Anonymous and LulzSec tomorrow, it really wont solve the problem of network intrusions, botnets and attacks. - The FBI and Scotland Yard should be praised in their ability to track down, identify and arrest members of the related hacking organizations Anonymous and LulzSec. The cyber-sleuthing they did is not easy. When you have to do it well enough for the arrest to hold up in court, its harder still. ...

  • XenApp and XenDesktop could result in Arbitrary Code Execution, (Thu, Jul 28th)

    Updated: 2011-07-28 01:20:56
    Citrix has identified a vulnerability in the XenApp and XenDesktop which could potentially be exploi ...(more)...

  • Microsoft Malware Protection Center Research Laboratory Opens in Munich

    Updated: 2011-07-27 21:26:35
    Microsoft has expanded its malware research operations in Munich, Germany, to analyze and detect ongoing cyber-threats. - The latest member of the Microsoft Malware Protection Center family is open and fully operational in Germany, according to Microsoft. The new malware research facility is in Munich and will monitor threats in the region, Microsoft said July 26. The facility will be looking at both active threat...

  • Security Researchers Say Mac Backdoor Olyx Falls Short of Serious Threat

    Updated: 2011-07-27 19:23:34
    The Microsoft Malware Protection Center reported that it found a new Mac backdoor. However, it appears Intego and Kaspersky had already found it. - Microsoft researchers uncovered a new piece of Mac malware that can install remote-control backdoors on compromised machines. Other researchers questioned whether it was a credible threat at this time. Microsoft researchers came across the backdoor, named Olyx, in a package which contained a dif...

  • Internet Storm Center iPhone App now available. Feedback/Feature Requests welcome. Search App Store for "ISC Reader" , (Wed, Jul 27th)

    Updated: 2011-07-27 17:47:59
    ------ Johannes B. Ullrich, Ph ...(more)...

  • I’m moving to Akamai

    Updated: 2011-07-27 16:20:38
    I don’t have time for a long post, but on the off chance you’re not a podcast listener and you’re not on twitter, I announced on the podcast last night that I am leaving my current role as a QSA at Verizon Business and I will be the newest Security Evangelist at Akamai.  I will [...]

  • Facebook Facial Recognition Gets Easier Opt-Out: Jepsen

    Updated: 2011-07-27 15:47:42
    Facebook caves to privacy pressures from Connecticut Attorney General George Jepsen and others by running ads to let users opt out of the tag-suggestions facial-recognition feature. - Facebook July 26 said it has made it easier for subscribers to opt out of a controversial feature that uses facial-recognition technology to tag users in photos. Connecticut Attorney General George Jepsen is taking credit for the change, which includes deleting the facial-recognition data of us...

  • Network Security Podcast, Episode 249

    Updated: 2011-07-27 13:34:01
    Once again, the podcast team is unable to get together long enough to record a podcast.  Rich is off wandering around China and Zach had to answer an emergency bat signal somewhere in Gotham Park.  Which left Martin alone with Josh Corman, newly appointed Director of Security Intelligence at Akamai.  As usual with these two, [...]

  • Disk Encryption - The Next Generation (Bitlocker Administration and Monitoring)

    Updated: 2011-07-27 09:00:12
    This article discusses disk encryption in view of Microsoft's Bitlocker, and Microsoft Bitlocker Administration and Monitoring (MBAM) solution.

  • SSLSniff with iOS Detection

    Updated: 2011-07-27 04:50:00

  • U.S. Officials Tell Congress the Country Lags in Fortifying IT Security

    Updated: 2011-07-27 04:24:20
    Despite the increase in volume and sophistication of cyber-attacks, government officials testified before a U.S. House subcommittee that the country has been slow to beef up IT security. - While cyber-attacks against U.S. computer networks are becoming more frequent and increasingly more sophisticated, the country is lagging in its efforts to beef up IT security, government officials testified in front of Congress. The Energy and Commerce Subcommittee on Oversight held hearings ...

  • OWASP Session Management "Cheat Sheet", (Wed, Jul 27th)

    Updated: 2011-07-27 01:22:49
    Application session management (or rather the lack thereof) is still one of the most frequen ...(more)...

  • Apple Macintosh Leaks Passwords Through FireWire When in Sleep Mode

    Updated: 2011-07-27 01:07:02
    Security researchers managed to obtain passwords saved on the Mac while in sleep mode using a FireWire device. The issue exists in both Mac OS X "Snow Leopard" and "Lion." - It is possible to recover user passwords from Mac systems set on sleep mode, including running the latest version of Mac OS X quot;Lion, quot; a password recovery software vendor said. Passware researchers were able to recover passwords by connecting to a Mac through the FireWire port, the co...

  • Lancope To Offer High-Performance Network Flow Collector, Leverage Firewall Flow Data

    Updated: 2011-07-26 15:30:00
    Lancope’s newest flow-based security, network and application-monitoring appliance features increased performance. The high-end StealthWatch FlowCollector 4000 features a monitoring capacity of 120,000 flows per second (FPS) per collector to scale for very large enterprise networks.

  • Apple Redoes 'Snow Leopard' Update, Patches iOS, iWork Office Suite

    Updated: 2011-07-26 13:54:14
    Apple released a new Mac OS 10.6.8 software update for "Snow Leopard" to address problems an earlier update caused. - Less than a week after Apple's new Mac OS X quot;Lion quot; made its debut, it released a software update to resolve problems from an earlier update and provided three security updates. Mac OS X 10.6.8 resolved some issues that arose after quot;Snow Leopard quot; users applied the earlier upd...

  • Pwn Residential Router With Routerpwn

    Updated: 2011-07-26 11:59:00

  • HowTo: Learn Batch Programming Fast And Easy

    Updated: 2011-07-26 07:33:00

  • U.S. Cyber-Security Tsar Resigns Unexpectedly

    Updated: 2011-07-26 05:27:55
    The director of US-CERT, a division of the Department of Homeland Security has resigned amidst a surge in the number of cyber-attacks on government agencies and private contractors. - The director of the United States Computer Emergency Response Team resigned last week without any official explanation. Randy Vickers resigned July 22, effective immediately, according to an email to employees sent by Roberta Stempfley, acting assistant secretary at Department of Homeland Securi...

  • Fake Apple Stores in China Sign of Heavy Demand for iPhone, iPad

    Updated: 2011-07-26 05:05:08
    China has always been known for counterfeiting high-end luxury brands. But not content to pirate software or copy phones, entrepreneurs have now cloned the entire Apple Store. - Chinese officials closed two unauthorized Apple stores for operating without a proper business license, according to news reports. However, three other fake Apple stores were allowed to remain open because they had proper local permits. As part of a probe of more than 300 IT businesses, the Kun...

  • When the FakeAV coder(s) fail, (Mon, Jul 25th)

    Updated: 2011-07-25 20:14:17
    As I already wrote in many previous diaries, various FakeAV groups go through a lot of work to make ...(more)...

  • Security, Log Management & Burying Stumps

    Updated: 2011-07-25 15:26:48
    : , Careers News Events Contact Support About Tenable Enter search text Solutions Solutions Overview Compliance Vulnerability Scanning Vulnerability Management Configuration Auditing Log Management SIEM Products Products Overview Nessus Scanner Nessus ProfessionalFeed SecurityCenter Log Correlation Engine Passive Vulnerability Scanner Services Services Overview Nessus Perimeter Service QuickStart Services Training Certification Training Certification Overview Become Certified Courses Delivery Methods Training Schedule eLearning Portal Expert Resources Expert Resources Overview Whitepapers Webinars Videos Discussion Forum Tenable Blog Partners Partners Overview Become a Partner Strategic Partners Enterprise Channel Partners Subscription Channel Partners Professional Services Partners Store

  • HP On Right Track With Two Network OSes

    Updated: 2011-07-25 14:00:00
    When HP completed the 3Com acquisition, it seemed obvious that the ProCurve product line was due for termination. In the last two years, HP has steadfastly continued with ProCurve and its custom ASIC development, and maintains that both the A-Series and the ProCurve occupy different spaces in the market. Maintaining two different product lines makes sense for HP and its customers.

  • HP Introduces New Consulting Services To Bring UC Into The Enterprise

    Updated: 2011-07-25 12:53:00
    HP unveiled three new consulting services to hasten the introduction of unified communications (UC) technology into the enterprise. The services focus on delivering multiple voice communication systems; accommodating the modern workplace, where employees work remotely and from multiple locations; and making sure the network has the capacity to deliver UC, particularly videoconferencing.

  • Metasploit Console Customizable Prompts

    Updated: 2011-07-22 05:16:00

  • Making IT Where There Is (Almost) None: More On Haiti

    Updated: 2011-07-21 15:29:00
    Back in April of this year, I was part of a group that went to Haiti to work with an educational institution to rebuild its IT operations after the January 2010 earthquake. What I discovered is that there isn’t a lot to rebuild, and the creation of an IT environment largely from scratch is what is really needed.

  • Endace Brings Real-World Data To Network Testing

    Updated: 2011-07-21 12:00:00
    For many businesses, testing the capabilities of their networks, and the core systems that run on those networks, requires using some form of testing device to generate a load of simulated traffic to find out where and when problems will occur under heavy loads. But what if a company could use its own traffic to test its networks? The Endace Capture Replay System makes it possible to record up to 16 TBytes of a company’s network traffic and then use that recorded traffic as a basis for network testing.

  • Damn Small SQLi Scanner [DSSS]

    Updated: 2011-07-21 04:05:00

  • Howto: Install Chrome OS on Macbook AIR

    Updated: 2011-07-21 02:09:00

  • Dell Acquires Force10, Solidifies Data Center Story

    Updated: 2011-07-20 19:18:00
    Rumors about which networking company Dell was going to acquire have been silenced today with the announcement of its intent to acquire Force10. What Dell gets from Force10 is an equipment vendor that specializes in high-performance computing and has a clearly defined strategy to support cloud computing, orchestration and automation.

  • Wifuzz-"Smashing APs for fun & profit "

    Updated: 2011-07-20 14:38:00

  • June 2011 Mobile Browsing Statistics

    Updated: 2011-07-20 07:49:57
    Android is supposedly selling way more phones than Apple, but everything I see in terms of usage data points to Apple being way ahead. Not that my site is an indicator, but in terms of devices used to hit this site, Apple is seriously dominant. Granted, my site has a design slant at times, and [...]

  • Security Issues when Connecting Computers to Cellular Networks

    Updated: 2011-07-20 07:00:02
    Cellular towers are almost ubiquitous, so it's a great convenience to be able to connect your computer to one of these networks and access the Internet in locations that no other ISP serves. But what are the security implications? That's what we'll look at in this article.

  • Network Security Podcast, Episode 248

    Updated: 2011-07-20 01:50:17
    Rich is away for a bit, so we’re joined by friend-of-the-show Josh Corman, who’s here to give his two cents on this week’s stories and talk about some upcoming events. Incidentally, Martin and Josh are on a panel at B-Sides Las Vegas this year, entitled “Better to burn out than to fade away?”, and they’re [...]

  • Security Is Not One-Size-Fits-All

    Updated: 2011-07-19 20:50:29
    When it comes to security, specifically when it comes to vulnerability management, one size doesn’t fit all. Organizations need to customize their tools based on a wide variety of business requirements. These include everything from scan windows, frequently changing credentials, report distribution and most importantly the architecture and volume of data that needs to be [...]

  • SQL Injection Tools List

    Updated: 2011-07-19 04:16:00

  • Dell Kace Applies Itself To The SMB Market

    Updated: 2011-07-18 18:00:00
    Dell's Kace business unit is looking to broaden its addressable market with a line of systems management appliances that have been designed to meet the needs of small and midsize businesses. The M300 Asset Management Appliance is targeted at SMBs with 50 to 200 employees looking for simple, reliable and affordable solutions for such routine IT tasks as hardware and software inventory, software license compliance, and asset tracking and management.

  • SSLH = HTTPS, SSH, and OpenVPN on the same port.

    Updated: 2011-07-18 16:38:00
    </img

  • Find PCAP files with Google

    Updated: 2011-07-17 10:31:00
    I maintain a page on the NetworkMiner Wiki with a list showing where pcap files can be found on the Internet. Some pcap repositories in this list, like Pcapr and OpenPacket.org have quite extensive lists of pcap files with indexed meta data about what protocols each pcap file contains. However, som[...]

  • HTML 5 - XSSQL attack

    Updated: 2011-07-16 01:44:00

  • ECCOUNCIL was hacked again.

    Updated: 2011-07-16 01:38:00

  • Howto: Attacking through proxies

    Updated: 2011-07-14 08:59:00

  • Chrome Extensions for Security Professional

    Updated: 2011-07-14 01:48:00

  • Microsoft Patch Tuesday Roundup - July 2011

    Updated: 2011-07-13 13:14:59
    : Careers News Events Contact Support About Tenable Enter search text Solutions Solutions Overview Compliance Vulnerability Scanning Vulnerability Management Configuration Auditing Log Management SIEM Products Products Overview Nessus Scanner Nessus ProfessionalFeed SecurityCenter Log Correlation Engine Passive Vulnerability Scanner Services Services Overview Nessus Perimeter Service QuickStart Services Training Certification Training Certification Overview Become Certified Courses Delivery Methods Training Schedule eLearning Portal Expert Resources Expert Resources Overview Whitepapers Webinars Videos Discussion Forum Tenable Blog Partners Partners Overview Become a Partner Strategic Partners Enterprise Channel Partners Subscription Channel Partners Professional Services Partners Store

  • Applocker: Scenarios for Use and Deployment

    Updated: 2011-07-13 06:00:02
    This article covers Windows 7 integrated security feature AppLocker.

  • Hacking with Evilgrade on Backtrack5

    Updated: 2011-07-13 05:25:00

  • Network Security Podcast, Episode 247

    Updated: 2011-07-13 01:18:46
    As the countdown to Doom in Vegas, or BSides/Defcon/Black Hat as some might call it, Rich, Zach and Martin take a little break from the news to talk to one of the people who helped come up with the idea of BSides, Jack Daniel. Jack gives us a little bit of background on how the [...]

  • Microsoft Patch Tuesday – July 2011

    Updated: 2011-07-13 00:57:00
    I’m really starting to enjoy the “odd” months, Microsoft kept to their pattern and released only four security bulletins today. A welcome reprieve from last month’s sixteen bulletins. The only “Critical” rated vulnerability released today affects the Windows Bluetooth 2.1 stack. This particular vulnerability is somewhat interesting due to the attack vector. As you know, [...]

  • Right-click Metasploit Integration

    Updated: 2011-07-12 17:45:01
    At eEye we have been continuing an aggressive release schedule of major product updates that simplify your vulnerability management and compliance process. One of the ways that we continue to simplify vulnerability management is through new capabilities and reporting that allow for better prioritization of vulnerabilities from an overall risk management perspective. While other products [...]

  • Call For Papers on Software Static Analysis

    Updated: 2011-07-12 14:15:01
    Call for Papers IEEE Security & Privacy Software Static Analysis Abstract submissions due: 15 Aug. 2011 Final submissions due: 15 Sept. 2011 Publication date: May/June 2012 Secure and reliable software is hard to build, but the costs of failure are steep. Data breaches caused by attackers exploiting vulnerabilities in software made many headlines in 2011 [...]

  • New Phishing Attack Spreads on Twitter

    Updated: 2011-07-09 20:17:20
    A new phishing attack is making the rounds on Twitter. The attack is spread through direct messages with the familiar ‘is this you in the video?’ hook line including a link to the supposed video. The message uses a shortened URL as is typical of Twitter links, and the user is unaware the link they’re about to click leads to a phishing page.

  • Howto: Compile "Slowloris with TOR" Source Code.

    Updated: 2011-07-09 09:50:00

  • THE Security Problem is Scale

    Updated: 2011-07-08 18:24:09
    Rich Mogull talks about real world IT security challenges today in his column, “Simple Isn’t Simple” in Dark Reading. I agree 100%. One of the Rich’s points is security has to scale or it doesn’t solve the real world problem. In most cases we know how to solve a security problem for a single instance [...]

  • Howto: Install evilgrade on Backtrack5

    Updated: 2011-07-08 05:45:00

  • Vega | Open Source Web Application Scanner

    Updated: 2011-07-08 01:41:00

  • Infocon: green

    Updated: 2011-07-07 20:55:24
    Links on your Facebook Wall

  • Core Security Integration

    Updated: 2011-07-07 19:16:31
    Sometimes the simplest things make the biggest difference. A few weeks ago, I published a blog on Metasploit Integration and have had multiple inquiries on similar types of integration. First, I would personally like to thank the Core Security team for providing evaluation licenses and integration into Core Impact. Second, a big thank you for [...]

  • Exposed Anonymous and LulzSec by Teampoison

    Updated: 2011-07-07 03:33:00

  • Building a Malware Analysis Lab

    Updated: 2011-07-06 07:00:08
    In this article I am going to discuss some of the things that need to be taken into consideration when building a malware analysis lab.

  • Network Security Podcast, Episode 246

    Updated: 2011-07-06 01:43:41
    With BlackHat/DEFCON and B-Sides Las Vegas only a month away, the fellas are back and getting primed (well, their livers are, anyway). The usual roundabout collection of stories, barbs, and blathering fill this week’s show, ending on a sad note. This past weekend, acclaimed security and privacy researcher and advocate, Len Sassaman, passed away. While [...]

  • Article: Penetration Testing with Brute Forcing Tool.

    Updated: 2011-07-04 09:56:00

  • The two faces of hacking

    Updated: 2011-07-04 05:50:00

Current Feed Items | Previous Months Items

Jun 2011 | May 2011 | Apr 2011