News

< Security <
TwitterFacebook
Get flash to fully experience Pearltrees
Threat Level : Results are not updated realtime. Voting and URL addition is subject to approval. You may vote as many times as you wish, but only one vote per URL will count. https://isc.sans.edu/links.html

Links | SANS Internet Storm Center; Cooperative Network Security Community - Internet Security

http://isc.sans.edu/diary.html?storyid=12454

Is it time to get rid of NetBIOS?

NetBIOS, and its weaknesses that allow extremely easy spoofing have been well known all the way since 2005. I recently discussed NetBIOS with a colleague of mine, Arcel, and this discussion prompted me to see if anything changed with NetBIOS and recent Windows releases. While I was almost certain that the old NetBIOS spoofing attacks do not work any more, I was stunned to see that even the latest and greatest Windows 7 still enable NetBIOS over TCP/IP by default.
After being named by the Wall Street Journal earlier today, Global Payments Inc. has issued a press release about the breach reported earlier today by Brian Krebs: Global Payments Inc, a leader in payment processing services,... Steven Harmon reports: In a puzzling breach of security, computer storage devices containing identification information of 800,000 Californians using the state’s child support services have gone missing. The Department of... http://www.databreaches.net/

Office of Inadequate Security

http://www.infoworld.com/d/security/what-monitor-stop-hacker-and-malware-attacks-189501 The 2012 Verizon Data Breach Investigations Report released last week continues to reverberate. The stats that jumped out at me: 96 percent of data breaches were relatively easy for attackers to pull off, and 97 percent of those attacks were easily avoidable. Want to protect yourself against malicious hackers and malware? Do the basics better and more consistently. Patch better, isolate better -- and for god's sake, enable your monitoring.

What to monitor to stop hacker and malware attacks | Security - InfoWorld

10 hard truths IT must learn to accept | It management - InfoWorld

http://www.infoworld.com/t/it-management/10-truths-it-must-learn-accept-934 July 18, 2011 In a perfect world, your network would suffer no downtime and be locked down tight. You'd be in perfect compliance with all government regulations, and your users would all be self-supporting. The cloud would take care of nearly all your infrastructure needs, and there wouldn't be a single device accessing the network you didn't first approve of and control.
I love gadgets. Not only that, but I love gadgets for my gadgets: cases, docks, stands, mounts, keyboards, and pretty much anything else you can think of. There's also a dark side at work here, though: I'm also a perfectionist. As such, I'm always on a quest for the perfect thingy-majig, which, in all likelihood, probably doesn't exist. Ergo, when I saw the Power Dock Flex from Bracketron (I have to admit, I'm a sucker for most things with the word "flex" in the name), I thought it seems like a fantastic idea.

Android News, Reviews, Apps, Games, Phones, Tablets, Tips, Mods, Videos, Tutorials - Android Police

http://www.androidpolice.com/

Ultimate Pentesting VM | InfoSec Daily

Setting up the ultimate penetration or security distribution has obviously been made significantly easier with the advent of BackTrack. While I regularly use BackTrack on engagements, I do make some changes that I find makes my life easier. This is began as a set of steps that I used on BackTrack 4 Virtual Machine (VM). http://www.isdpodcast.com/resources/upv
Earlier in the week Apple released a Java update which included software to remove the Flashback Trojan from OS X Lion machines running Java. The Flashback Trojan removal tool is now also available for OS X Lion machines not running Java. This Flashback malware removal tool is available through the OS X Software Update tool, or from Apple's downloads site at http://www.apple.com/support/ downloads/

Internet Storm Center; Cooperative Network Security Community - Internet Security

http://isc.sans.edu/index.html
The following organizations provide a variety of training targeted specifically to CSIRTs including development, design, implementation and operations http://www.csirt.org/news_%20links/index.html

CIRT-News links

Home | GSO - Network Security Resources

http://www.governmentsecurity.org/ by Mirko Zorz - Wednesday, 14 March 2012. The past 10 years represent a very interesting timeframe for reviewing vulnerability disclosures and ensuing changes that continue to affect risk management in IT organizations around the world. Vulnerability disclosures across the industry in 2011 were down...
What: Ever wanted to participate in Live action Capture the Flag? Well here is your chance. This contest is modeled on so-called "penetration tests" which is when ethical hackers attempt to break in to a company's computer systems with the target's permission. This is in an effort to find security problems before the bad guys do. The contest won't just involve sitting at computers, it will also involve other typical activities: performing reconnaissance of physical facilities, surveillance of individuals, urban exploration, infiltration of buildings, and surreptitious contact with moles in the target organization.

InfoSec Daily | Your daily source of Pwnage, Policy and Politics.