Published scoops

Dr. Jim Kennedy explains why seaport security is an issue which potentially impacts all businesses and describes the measures that should be taken to maximise seaport cyber security.

LinkedIn is a popular social networking site where you can manage business contacts online. Since you can set up a profile with links to your own website, it seems to attract criminals’ attention as well. A Google search reveals that several hundred fake LinkedIn profiles from nude “Kirsten Dunst” to nude “Hulk Hogan” exist already. The rogue profiles look all alike, with a picture of the celebrity and three links to the parts of the “nude video” like shown in the following picture.

A lot of companies think that they can make the full solution from scratch, including all technical mechanisms for security and encryption. The enterprise customer should tread very lightly when evaluating solutions with custom encryption.

The [Maine] Bureau of Financial Institutions has issued a report on the costs of data security breaches to Maine banks and credit unions.
The study found that of the 75 financial institutions that responded, 71 were affected by a data breach since Jan. 1, 2007, incurring combined expenses totaling more than $2 million, according to a state press release.

Together, the breaches resulted in unauthorized or fraudulent transfers at 25 institutions, including 265 accounts and $75,000 at one institution.

I've been an infrequent yet admiring user of Metasploit for about four years, but I've never tried it on Windows. It strikes me as being something I "just shouldn't do," like running Nmap on Windows or (shudder) Snort on Windows. However, while preparing labs for my upcoming class, I thought I would give version 3.2 a try.

GSO has always had a habit of disabling registration and we have done this before. Now we have opened registration back up after a few months of it being closed. Why do we close registration? Well we want to provide the best resource to our active users for discussing topics. Unfortunately the spammers and kiddies take advantage so we shut it down to preserve the community. So now we are opening backup with Captcha enabled to increase the resistance to spammers. So do yourself a favor and if you have been waiting to sign up do it now.

The next DOJOSEC is this week. I've been invited to speak about the latest compliance trends in PCI and FDCC. Also presenting will be Shaf Ramsey of TechGaurd Security and Dale Beauchamp of the Transportation Security Administration. Mr. Ramsey will discuss the future of virtual worlds such as HIPIHI and the implications they will have for information security. Mr. Beauchamp is a digital forensics expert and will discuss practical memory analysis. The time and location of the event are:

VeriSign announced an immediate transition to the SHA-1 algorithm on new RapidSSL brand certificates. The transition to the SHA-1 algorithm came within a few hours of the public unveiling of an MD5 fl...

So, the economy has changed a great deal over the past few months since Lee Kushner and I announced our survey on career management in information security. And we’ve had some great responses.

Hardening is the process of securing a system by reducing its surface of vulnerability. By the nature of operation, the more functions a system performs, the larger the vulnerability surface.

However, all system hardening efforts follow a generic process. So here is a checklist and diagram by which you can perform your hardening activities.

Kaspersky Lab releases technical preview of Kaspersky Anti-Virus for Windows 7. Kaspersky Lab, a leading developer of secure content management systems, announces the release of a technical prototype of Kaspersky Anti-Virus for Windows 7.

Visit WinVistaClub For More !

So you have submitted your page to GSO and want to get additional votes for your post or article. Now you can add a dynamic voting button to the page.

A new browser war or sorts has begun to emerge of late.  But it's not where you would expect.  This time it's in the area of privacy, a key area of importance for so many.  So since this is becoming such a big thing of late, a company named iSec has done a privacy test on all the ma ...

Portable Executable file infection is a subject I always found to be sketchy. There was always a piece of the puzzle missing in my case... In this article I hope to clarify the matter and hopefully provide a good starting point for those wanting to learn how such tools work.I want to mention that I'm writing this article with an intention of educating others. You may start out with PE infection, but eventually I hope that you'll move onto authoring PE protection tools and exploiting your newly found knowledge in a positive and ethical manner.

What is the best way to wipe a drive? What utility should I use? How many passes is enough? Should I bother wiping a drive if it is encrypted already?