Security Weekly News 30 December 2010 – Summary

Feedback and/or contributions to make this better are appreciated and welcome Highlighted quotes of the week: “Real IT/security talent will work where they make a difference, not where they reduce costs, “align w/business,” or serve other lame ends.” – Richard Bejtlich “woodworking tools do not make chairs == security tools do not make security.” – …

Security Weekly News 30 December 2010 – Full list

Category Index Hacking Incidents / Cybercrime Unpatched Vulnerabilities Software Updates Business Case for Security Web Technologies Network Security Mobile Security Privacy General Tools Funny Hacking Incidents / Cybercrime Gawker was hacked six months ago, say sources close to Gnosis  [www.guardian.co.uk] Server was cracked using ‘local file inclusion’ weakness and hacking group then worked through system …

Security Weekly News 23 December 2010 – Full List

Category Index Hacking Incidents / Cybercrime Unpatched Vulnerabilities Software Updates Business Case for Security Web Technologies Network Security Cloud Security Privacy Mobile Security Cryptography / Encryption General Tools Funny Hacking Incidents / Cybercrime Gardai prepare file on welfare officer  [www.independent.ie] Gardai are expected to send a file to the Director of Public Prosecutions (DPP) in …

Migitating ISP disruption

The problem There was an unexpected challenge to put together the security weekly news last night: My ISP mistakenly thought I had not paid my bills last month and decided to disrupt my web browsing experience by displaying a web page that said something like “information page … you have not paid x,y,z .. to …

Security Weekly News 16 December 2010 – Summary

Feedback and/or contributions to make this better are appreciated and welcome Highlighted quotes of the week: “Any reliance on a generic scanning tool as your primary security control is nothing more than a false sense of security and a disaster waiting to happen. ” – Michael Coates “Instead of asking why Gawker leaked all those …

Security Weekly News 16 December 2010 – Full List

Category Index Hacking Incidents / Cybercrime Unpatched Vulnerabilities Software Updates Business Case for Security Web Technologies Network Security Mobile Security Cryptography / Encryption Privacy General Tools Funny Hacking Incidents / Cybercrime The Real Lessons Of Gawker’s Security Mess  [blogs.forbes.com] Gossip site Gawker has experienced a large data breach whose scale fully came to light Sunday. …

Security Weekly News 09 December 2010 – Summary

Feedback and/or contributions to make this better are appreciated and welcome Highlighted quotes of the week: “Porting all those security fixes in PHP 5 back to PHP 4.4.9 is a PITA” – Steffan Esser (Still using PHP 4? Good luck!) “Criticizing WAF tech is so “2009” – AppSec is so difficult, you need to use …

Security Weekly News 09 December 2010 – Full List

Category Index Hacking Incidents / Cybercrime Software Updates Business Case for Security Web Technologies Network Security Database Security Mobile Security Privacy Cloud Security Tools General Funny Hacking Incidents / Cybercrime WikiLeaks backers hit MasterCard and Visa in cyberstrike  [www.reuters.com] Credit card giants MasterCard and Visa came under intense cyber attack on Wednesday as supporters of …

Security Weekly News 02 December 2010 – Summary

Feedback and/or contributions to make this better are appreciated and welcome Highlighted quotes of the week: “OWASP top 10 is in danger of becoming the pci of the app layer. it’s not enough” – Gal Shpantzer “Remember deceivers tend to actually engage in greater eye contact not less. The myth of looking away to lie …