Twitter
LinkedIn
RSS

Archive for April 19th, 2012


ISC StormCast for Friday, April 20th 2012 http://isc.sans.edu/podcastdetail.html?id=2479, (Thu, Apr 19th)

(c) SANS Internet Storm Center.

Read More...

Digging Into the Nitol DDoS Botnet

Nitol is a distributed denial of service (DDoS) botnet that seems to be small and not widely known. It mostly operates in China. McAfee Labs recently analyzed a few samples; we offer here the communications protocol and the Trojan’s capabilities

Read More...

Compliance isn't security, but companies still pretend it is, according to survey

“It has become a cliche in information security: Compliance is not security. But there is still an unsettling amount of denial out there, based on a recent study from HIMSS Analytics and Kroll Advisory Solutions.

Read More...

OpenSSL Security Advisory – CVE-2012-2110, (Thu, Apr 19th)

Earlier today, the OpenSSL team released a fix for a recently discovered vulnerability that exposes applications, that use certain features of OpenSSL, to a heap overflow. Since OpenSSL is used extensively, there is much speculation and discussion about who is vulnerable

Read More...

Security BSides Chicago 2012 Presentation Lineup

“Each BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of space and time. It creates opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration….”

Read More...

On the Value of Security Conferences

“Something to think about… had an interesting topic come up at the OWASP AppSec APAC in Sydney recently about the value of security conferences. Now, I enjoy the talks, the comradery, and the community around security conferences as much as the next guy but I'm starting to believe that maybe we're doing it wrong.

Read More...

Businesses unable to comply with EC 24 hour breach notification

“UK businesses do not believe they have the capability to comply with new European Commission Data Protection Directive rules, specifically the ability to generate accurate breach notifications in the event of a data leak.

Read More...

Who 'shot the sheriff' … FBI, Berrien County try to crack website hack

“They're the ones who protect us from crime, but now one local police agency is a crime victim. They know who, but investigators are trying to figure out how hackers were able to take over the Berrien County Sheriff's Department website. Anonymous IRC, a group known for targeting government websites, started a cyber attack last Monday dubbed Shoot the Sheriff Sunday….”

Read More...

Privacy Hawks Skeptical of Anti Cyber-Crime Crusade

“Cyber criminals now threaten millions of Americans, according to the federal government.”There are 1 million cyber-crime victims every single day globally. Last year, there were twice as many cyber-crime victims as there were newborn babies,” Adam Palmer, Norton Security's lead cyber security adviser, said

Read More...

Dance Moves As an Identifier

A burglar was identified by his dance moves , captured on security cameras: “The 16-year-old juvenile suspect is known for his ‘swag,’ or signature dance move,” Heyse said, “and [he] does it in the hallways at school.” Presumably, although the report doesn’t make it clear, a classmate or teacher saw the video, recognized the distinctive swag and notified authorities. But is swag admissible to identify a defendant? Assuming it really is unique or distinctive — and it looks that way from the clip, but I’m no swag expert — I’d say yes

Read More...