Ethical Vulnerability Disclosure

/
The debate on whether vulnerabilities should be disclosed to force a vendor to fix the problem in a reasonable period or kept covert until a fix has been implemented has been a big discussion in the Information Security field. Black Hats, White Hats and even Grey Hats have their opinions.

Taxonomy of Computer Security

/
Computer security is frequently associated with three core areas, which can be conveniently summarized by the acronym “CIA” standing for Confidentiality — Ensuring that information is not accessed by unauthorized persons; Integrity — Ensuring that information is not altered by unauthorized persons in a way that is not detectable by authorized users; Authentication — Ensuring that users are the persons they claim to be.

IT Security Audits: A Necessary Evil…

/
As I prepare to conduct my next IT security audit at a client’s…

iPad Security

/
Apple's new iPad is set to be released on April 3rd and SecurityOrb.com a Washington D.C.-based information security media company has looked beyond the hype into the possible security matters consumers should be concerned about.

SANS WhatWorks in Virtualization and Cloud Computing Summit with Tom Liston, Washington DC, August 19-20

/
As security professionals, we work in an environment that never…

(IN)SECURE Magazine Issue 26 released

/
(IN)SECURE Magazine is a freely available digital security magazine discussing…

Digital Forensic Acquisition

/
One of the key aspects of conducting digital forensics pertains with the proper collection and authentication of the evidence. If the evidence is not collected properly, there is a very good chance the results of the examination will be questioned. Following digital forensic best practices, we typically conduct our examination on copies, often referred to as "forensic images" of the original evidence.

Microsoft Office 2008 12.2.5 Update for Mac OS X

/
Microsoft has released security bulletin MS10-038. This security…

Information Security vs Information Privacy

/
Information technology conflicting with personal and information privacy has been a major topic in recent months keeping privacy organizations including the Washington D.C. based Electronic Privacy Information Center (EPIC) busy as the premiere privacy watchdog in the U.S. For example, recent issues such as Google asking the NSA for assistance in the investigation of a cyber-attack that occurred on its network.

Types of Wireless Attacks

/
Standard wireless communication occurs when the end user and the wireless access point are able to communication on a point-to-point basis without interruptions. There are many attack variations in existence against wireless networks that breaks the standard communication format. These attacks includes the denial of service attacks, the man in the middle attacks and the WEP key-cracking attack to name a few and are described below.