The debate on whether vulnerabilities should be disclosed to force a vendor to fix the problem in a reasonable period or kept covert until a fix has been implemented has been a big discussion in the Information Security field. Black Hats, White Hats and even Grey Hats have their opinions.

Computer security is frequently associated with three core areas, which can be conveniently summarized by the acronym “CIA” standing for Confidentiality — Ensuring that information is not accessed by unauthorized persons; Integrity — Ensuring that information is not altered by unauthorized persons in a way that is not detectable by authorized users; Authentication — Ensuring that users are the persons they claim to be.

As I prepare to conduct my next IT security audit at a client’s site, I realize some things have not changed in the past few years. The client’s reaction towards the security audit is always amazing the day before the on-site visit as they exhibit a sense of fear. For the most part, it has [...]

Apple’s new iPad is set to be released on April 3rd and SecurityOrb.com a Washington D.C.-based information security media company has looked beyond the hype into the possible security matters consumers should be concerned about.

As security professionals, we work in an environment that never stops
changing.  New technologies and innovative new uses for old technologies
seem to appear every day.  Unfortunately, along with the benefits that
every new technology brings, there are new and novel security challenges
that need to be addressed. We’re forced to constantly learn just to keep
up.
Two of the newest [...]

(IN)SECURE Magazine is a freely available digital security magazine
discussing some of the hottest information security topics.
Issue 26 has just been released. Download it from:
http://www.insecuremag.com
The covered topics include:
- PCI: Security’s lowest common denominator
- Analyzing Flash-based RIA components and discovering vulnerabilities
- Logs: Can we finally tame the beast?
- Launch arbitrary code from Excel in a restricted environment
- [...]

One of the key aspects of conducting digital forensics pertains with the proper collection and authentication of the evidence. If the evidence is not collected properly, there is a very good chance the results of the examination will be questioned. Following digital forensic best practices, we typically conduct our examination on copies, often referred to as “forensic images” of the original evidence.

Microsoft has released security bulletin MS10-038. This security bulletin contains all the relevant information about the security updates for Microsoft Office 2008 for Mac OS X.  To view the complete security bulletin, visit the following Microsoft website:
http://www.microsoft.com/technet/security/bulletin/ms10-038.mspx
This update improves security. It includes fixes for vulnerabilities that an attacker can use to overwrite the contents of [...]

Information technology conflicting with personal and information privacy has been a major topic in recent months keeping privacy organizations including the Washington D.C. based Electronic Privacy Information Center (EPIC) busy as the premiere privacy watchdog in the U.S. For example, recent issues such as Google asking the NSA for assistance in the investigation of a cyber-attack that occurred on its network.

Standard wireless communication occurs when the end user and the wireless access point are able to communication on a point-to-point basis without interruptions. There are many attack variations in existence against wireless networks that breaks the standard communication format. These attacks includes the denial of service attacks, the man in the middle attacks and the WEP key-cracking attack to name a few and are described below.

A white hat hacker is a computer and network expert who attacks a security system on behalf of its owners or as a hobby, seeking vulnerabilities that a malicious hacker could exploit. Instead of taking malicious advantage of exploits, a white hat hacker notifies the system’s owners to fix the breach [...]