infosec4all.com » General

Dell motherboards infected with malware

admin — Tue, 27 Jul 2010 17:14:34 +0000

Dell has admitted that a number of replacement motherboards for the PowerEdge R310, R410, R510 and T410 servers (less than one percent of installed base of the four server models) contained malware in the flash storage.

More [1] [2]

Web Application Exploits and Defenses

Branko S. Bokan — Sat, 19 Jun 2010 02:51:07 +0000

From Google code:

Web Application Exploits and Defenses

A Codelab by Bruce Leban, Mugdha Bendre, and Parisa TabrizThis codelab shows how web application vulnerabilities can be exploited and how to defend against these attacks. The best way to learn things is by doing, so you’ll get a chance to do some real penetration testing, actually exploiting a real application.

Cyberattack on Google Said to Hit Password System

Branko S. Bokan — Tue, 20 Apr 2010 20:01:27 +0000

New details on Google attack

http://www.nytimes.com/2010/04/20/technology/20google.html

Insidious Worm Makes Unauthorized Purchases When Computer User Is Drunk

Branko S. Bokan — Sun, 21 Feb 2010 04:26:32 +0000

Insidious Worm Makes Unauthorized Purchases When Computer User Is Drunk

The rise of the cyber war

Branko S. Bokan — Sat, 06 Feb 2010 22:14:05 +0000

Dilbert on infosec

admin — Tue, 24 Nov 2009 15:28:17 +0000

Cloud Computing Risk Assessment

admin — Tue, 24 Nov 2009 15:23:50 +0000

The European Network and Information Security Agency (ENISA) identified 35 key security risks of cloud computing. Supported by a group of subject matter expert comprising representatives from Industries, Academia and Governmental Organizations, ENISA has conducted a risks assessment on cloud computing business model and technologies. The report provide also a set of practical recommendations.

http://www.enisa.europa.eu/act/rm/files/deliverables/cloud-computing-risk-assessment/

Information Security Jobs in 2009

Branko S. Bokan — Thu, 17 Sep 2009 18:06:13 +0000

Foote Partners LLC released updated report on trends in IT skills, certifications, and pay. “[... the] trends survey research indicates that the recession has had only a minimal impact on demand for critical IT skills in the areas such as architecture, business process, information security, communications, e-commerce and several ERP and infrastructure specializations”. Click here to download a free copy of 2009 IT Skills Trends Report Update.

PCI Security Standards Council Guidelines for Deploying WLANs

Branko S. Bokan — Tue, 21 Jul 2009 15:57:12 +0000

PCI Security Standards Council issues guidance and installation suggestions for testing and deploying 802.11 Wireless Local Area Networks.

More…

Predicting Social Security numbers from public data

Branko S. Bokan — Thu, 09 Jul 2009 19:01:10 +0000

This is nothing new. I already blogged about covert channels and how publicly available data can be used to accurately guess personal information.

[...]Using only publicly available information, we observed a correlation between individuals’ SSNs and their birth data [...] The inferences are made possible by the public availability of the Social Security Administration’s Death Master File and the widespread accessibility of personal information from multiple sources, [...] results highlight the unexpected privacy consequences of the complex interactions among multiple data sources in modern information economies [...]

Full article.