Dell has admitted that a number of replacement motherboards for the PowerEdge R310, R410, R510 and T410 servers (less than one percent of installed base of the four server models) contained malware in the flash storage.

More [1] [2]

From Google code:

Web Application Exploits and Defenses

A Codelab by Bruce Leban, Mugdha Bendre, and Parisa TabrizThis codelab shows how web application vulnerabilities can be exploited and how to defend against these attacks. The best way to learn things is by doing, so you’ll get a chance to do some real penetration testing, actually exploiting a real application.  

New details on Google attack

Insidious Worm Makes Unauthorized Purchases When Computer User Is Drunk

The rise of the cyber war

February 6th, 2010

Dilbert on infosec

November 24th, 2009

Cloud Computing Risk Assessment

November 24th, 2009

The European Network and Information Security Agency (ENISA) identified 35 key security risks of cloud computing. Supported by a group of subject matter expert comprising representatives from Industries, Academia and Governmental Organizations, ENISA has conducted a risks assessment on cloud computing business model and technologies. The report provide also a set of practical recommendations.

Information Security Jobs in 2009

September 17th, 2009

Foote Partners LLC released updated report on trends in IT skills, certifications, and pay. “[… the] trends survey research indicates that the recession has had only a minimal impact on demand for critical IT skills in the areas such as architecture, business process, information security, communications, e-commerce and several ERP and infrastructure specializations”. Click here to download a free copy of 2009 IT Skills Trends Report Update.

PCI Security Standards Council issues guidance and installation suggestions for testing and deploying 802.11 Wireless Local Area Networks.


This is nothing new. I already blogged about covert channels and how publicly  available data can be used to accurately guess personal information.

[…]Using only publicly available information, we observed a correlation between individuals’ SSNs and their birth data […] The inferences are made possible by the public availability of the Social Security Administration’s Death Master File and the widespread accessibility of personal information from multiple sources, […] results highlight the unexpected privacy consequences of the complex interactions among multiple data sources in modern information economies […]

Full article.