Welcome!


Compliance

Today’s software development is geared more towards building upon previous work and less about reinventing content from scratch. Resourceful software development organizations and developers use a combination of previously created code, commercial software, open source software, and th...
With Cloud Expo 2012 New York (10th Cloud Expo) now just six weeks away, what better time to introduce you in greater detail to the distinguished individuals in our incredible Speaker Faculty for the technical and strategy sessions at the conference... We have technical and strategy...
Advanced malicious content and attacks are starting to threaten conventional network filtering technologies that are not able to keep up with the increased volume and complexity of network traffic. Currently, one in every 14 downloads contains malicious content that may create operatio...
When we aren’t fighting crime, taking over the world, or enjoying a good book by the fire, we here on the eEye Research team like to participate in the Any Means Possible (AMP) Penetration Testing engagements with our clients. For us, it’s a great way to interact one-on-one with IT fol...
Here's a common scenario and one that will become more common with the ever increasing penetration of Tablet Devices in the Enterprise... Your Senior Exec just got their iPad. They love it. They use it everywhere. Literally everywhere! That’s a scary word for anyone involved in securi...
In most organizations today, there is sensitive data that is overexposed and vulnerable to misuse or theft, leaving IT in an ongoing race to prevent data loss. Packet sniffers, firewalls, virus scanners, and spam filters are doing a good job securing the borders, but what about insider...
Social media, including Facebook, Twitter and LinkedIn, is used extensively by many functional areas in companies today to communicate about and promote their efforts, and to interact with their constituencies. For the marketing department, in particular, social media can help build br...
Have to agree that this writer gets it right. At the end of his blog post, he highly recommends everyone take a good look at Google's terms of service. And, that is more sense than we usually get from people writing about our data service suppliers, such as Apple, Facebook, Google, an...
We saw what typically happens when trying to use static rule-based log correlation to perform real-time incident management... combinatory explosion and lack of scalability. How do you automate non-deterministic attacks in a few discrete steps??? Today, we'll look at more scenarios fo...
You’ve spent months fixing the red items on an internal audit report and just passed a regulatory exam. You’ve performed a network vulnerability assessment and network pen test within the last year and have fixes in place. You’ve tightened up your information security policy and recent...
The goal of the scanning phase is to learn more information about the target environment and discover openings by interacting with that target environment. This article will look at some of the most useful scanning tools freely available today and how to best use them. During this proc...
Web applications are vulnerable to multitude of security attacks. This exposes the underlying businesses and the consumer data wide open to public view.However for the internet application multiple programming practices need to be followed to prevent such attacks. This paper details i...
The recent spike in insider threats, coupled with a rise in compliance considerations, has forced organizations to ensure only authorized users access sensitive application functionality and data. Historically, user entitlements or authorization logic has been embedded inside an applic...
I will demonstrate how to ARP poison a connection between a Windows 7 and Windows 2008 R2 Server using Cain. The Microsoft Remote Desktop Protocol (RDP) provides remote display and input capabilities over network connections for Windows-based applications running on a server. RDP is ...
In the wake of yesterday's FBI seizure of servers, it is interesting to note that one of the industry's most seasoned executives, Abiquo CEO Pete Malcolm, has been anticipating just such an eventuality for a while. In a SYS-CON.tv Power Panel recorded on the eve of Cloud Expo New York,...
This week let's review why logs are such a popular and powerful tool when performing forensics, and how to insure that investigators are working from a clean stream of data. Logs used in forensics have several distinct advantages. First, logs can be used not only to solve the IT crim...
As enterprises struggle to remain profitable in an ever-changing risk environment, the current economic crisis has elevated the need for effective business risk management. Information security is a key parameter that affects business risk. The academic definition of information securi...
The WikiLeaks security fiasco has shed a lot of light on document security and its inherent irony: namely that the more confidential a document is, the more it’s likely to be shared. Web Security Journal reached out to the CEO of Brainloop, Peter Weger, to discuss the notion of so-...
You may think IT compliance is nothing more than big government sticking its nose into everyone’s business. Compliance equals Big Brother. OK, so there is some truth in that government compliance regulations are a little over the top, and perhaps there are just too many of them that fu...
Users are the weakest link when it comes to information security. Without intending to, they cost more money in security breaches than outside hackers. This is why all regulations require the demonstration of strong access security. But focusing purely on regulatory compliance proofs a...
The x86 architecture has become the CPU of choice not only for network appliances, but also for embedded communication equipment in wireline and wireless networking. As the need to cater to higher-performance networking while supporting security and virtualization becomes more prevalen...
According to Intel, the reason this makes sense are: Acquisition enables a combination of security software and hardware from one company to ultimately better protect consumers, corporations and governments as billions of devices - and the server and cloud networks that manage ...
The draft specification of CloudAudit - an API aimed at providing a common interface and namespace to enable automated the auditing of cloud infrastructures with respect to any number of compliance frameworks - has just been released to the IETF. CloudAudit, according to the draft, pro...
Cybercrime saw significant growth in 2009. It increased in prevalence and geographic spread. The only thing that didn’t grow was the skill level required to participate. It was easier for non-skilled attackers to conduct sophisticated attacks because of the availability of toolkits. Th...
Data is the lifeblood of any organization and, in the last decade, increasing emphasis has been placed on protecting that data so organizations can recover the information that they need in the time frame they need it. Replication is now rapidly emerging as a viable form of data protec...
This article discusses Open Source compliance and the challenges faced when establishing a compliance program, provides an overview of best practices, and offers recommendations on how to deal with compliance inquiries.
The CSA domain structure–even without the benefits of the guidance–at least serves as a concrete reminder of what’s behind the slogan. Have a close look at the guidance. Read it; think about it; disagree with it; change it–but in the end, make it your own. Then share your experienc...
Modern inter-networked software architecture created for today’s “on-demand” business needs have fundamentally increased the susceptibility of applications and, more important, data to security-related attacks and compromises. The rapidly changing environment: increased data breach/los...