Dell motherboards infected with malware
July 27th, 2010
Dell has admitted that a number of replacement motherboards for the PowerEdge R310, R410, R510 and T410 servers (less than one percent of installed base of the four server models) contained malware in the flash storage.
del.icio.us 
digg itWeb Application Exploits and Defenses
June 18th, 2010
Web Application Exploits and Defenses
A Codelab by Bruce Leban, Mugdha Bendre, and Parisa TabrizThis codelab shows how web application vulnerabilities can be exploited and how to defend against these attacks. The best way to learn things is by doing, so you’ll get a chance to do some real penetration testing, actually exploiting a real application.
Cyberattack on Google Said to Hit Password System
April 20th, 2010
New details on Google attack
Insidious Worm Makes Unauthorized Purchases When Computer User Is Drunk
February 20th, 2010
Cloud Computing Risk Assessment
November 24th, 2009
The European Network and Information Security Agency (ENISA) identified 35 key security risks of cloud computing. Supported by a group of subject matter expert comprising representatives from Industries, Academia and Governmental Organizations, ENISA has conducted a risks assessment on cloud computing business model and technologies. The report provide also a set of practical recommendations.
http://www.enisa.europa.eu/act/rm/files/deliverables/cloud-computing-risk-assessment/
Information Security Jobs in 2009
September 17th, 2009
Foote Partners LLC released updated report on trends in IT skills, certifications, and pay. “[... the] trends survey research indicates that the recession has had only a minimal impact on demand for critical IT skills in the areas such as architecture, business process, information security, communications, e-commerce and several ERP and infrastructure specializations”. Click here to download a free copy of 2009 IT Skills Trends Report Update.
PCI Security Standards Council Guidelines for Deploying WLANs
July 21st, 2009
PCI Security Standards Council issues guidance and installation suggestions for testing and deploying 802.11 Wireless Local Area Networks.
Predicting Social Security numbers from public data
July 9th, 2009
This is nothing new. I already blogged about covert channels and how publicly available data can be used to accurately guess personal information.
[...]Using only publicly available information, we observed a correlation between individuals’ SSNs and their birth data [...] The inferences are made possible by the public availability of the Social Security Administration’s Death Master File and the widespread accessibility of personal information from multiple sources, [...] results highlight the unexpected privacy consequences of the complex interactions among multiple data sources in modern information economies [...]