Information about general information security issues.

Microsoft’s Next Move for Windows – Samara Lynn

/
Microsoft has bounced back into good grace from Windows Vista with its latest release of its operating system, Windows 7. Many Windows-based users have adopted Windows 7, either upgrading from Windows XP or scraping Vista. In an interesting article titled, “Will Windows 8 Be A Business-Only OS?” from PC Mag, Samara Lynn discussing Microsoft’s potential next move.

Internal IT Security Threat

/
Security Administrators should apply the “Defense in Depth” security model when it comes to protecting the network. This mean network firewalls, IDS, HIDS, host-based firewalls, patch management, security policies and vulnerability scanning.

Adobe Systems Patches 17 Critical Security Holes

/
On June 29, Adobe Systems plugged 17 critical security holes affecting Adobe Reader and Acrobat including a patch for a zero-day vulnerability that impacted many of their other products, on multiple operating systems such as Windows, Mac and Linux. The new versions of Acrobat and Reader are 8.2.3 and 9.3.3, but Adobe strongly recommends using the version 9.x products.

Russian Spies used Steganography

/
The FBI arrested 11 suspected Russian spies for passing U.S. information to Russian spy agents using wireless networking and steganography. Steganography is the process of writing hidden messages in such a way that no one, apart from the sender and intended recipient, knows of the existence of the message, a form of security through obscurity. The message can be hidden in pictures, text and many different forms.

Smart Phone Security

/
A few years ago, there was not a lot of standardization across wireless devices. Differing operating systems, differing implementations of mobile Java, and even varying configurations among devices with the same operating system made it hard to write malicious code that ran on a wide array of devices, Girard said.

Ethical Vulnerability Disclosure

/
The debate on whether vulnerabilities should be disclosed to force a vendor to fix the problem in a reasonable period or kept covert until a fix has been implemented has been a big discussion in the Information Security field. Black Hats, White Hats and even Grey Hats have their opinions.

Taxonomy of Computer Security

/
Computer security is frequently associated with three core areas, which can be conveniently summarized by the acronym “CIA” standing for Confidentiality — Ensuring that information is not accessed by unauthorized persons; Integrity — Ensuring that information is not altered by unauthorized persons in a way that is not detectable by authorized users; Authentication — Ensuring that users are the persons they claim to be.

IT Security Audits: A Necessary Evil…

/
As I prepare to conduct my next IT security audit at a client’s…

SANS WhatWorks in Virtualization and Cloud Computing Summit with Tom Liston, Washington DC, August 19-20

/
As security professionals, we work in an environment that never…

(IN)SECURE Magazine Issue 26 released

/
(IN)SECURE Magazine is a freely available digital security magazine discussing…