Information Security News
Help Net Security
A call to arms for infosec professionals
Help Net Security
A call to arms for infosec professionals. by Brian Honan - CEO BH Consulting - Wednesday, 10 April 2013. Bookmark and Share. An old saying says “nature abhors a vacuum,” meaning that in the absence of something nature will find a way of filling that gap.
DSD's top 4 infosec strategies now mandatory for Aust govt
In particular, Infosec 4 requires that all agencies document and implement procedures and measures to protect their systems and networks, and specifically notes that it "includes implementing the mandatory 'Strategies to Mitigate Targeted Cyber ...
by Peter Bright
Microsoft Accounts—the credentials used for Hotmail, Outlook.com, the Windows Store, and other Microsoft services—will soon offer two-factor authentication to ensure that accounts can't be compromised through disclosure of the password alone.
Revealed by LiveSide, the two factor authentication will use a phone app—which is already available for Windows Phone, even though the two-factor authentication isn't switched on yet—to generate a random code. This code must be entered alongside the password.
For systems that are used regularly, it's possible to disable the code requirement and allow logging in with the password alone. For systems that only accept passwords, such as e-mail clients, it appears that Microsoft will allow the creation of one-off application-specific passwords.
Some versions of a popular Wi-Fi router sold under the Linksys brand expose users to a variety of exploits that allow remote attackers to take full control of the devices, a security expert said.
"If you have this router on your network and you browse [a] malicious website, five seconds later your router now has a new password and is available from the Internet," Purviance told Ars. "So [an attacker] can just log into it as if [he] was on your network." From there, an attacker could do anything a normal administrator could do, including installing a version of the device firmware that contains a backdoor and changing settings to use malicious domain name lookup servers. The security consultant documented more of his findings in a recently published blog post.
Addressing the InfoSec Staffing Crisis
The IT security industry faces a major staffing crisis, according to the latest research. But what can schools, businesses and industry associations actually do to start addressing the problem? The new Global Information Security Workforce Study from ...
Posted by InfoSec News on Apr 09http://news.cnet.com/8301-1009_3-57578567-83/u.s-air-force-designates-six-cyber-tools-as-weapons/
Posted by InfoSec News on Apr 09http://www.forbes.com/sites/brucerogers/2013/04/08/current-state-of-cyber-security-more-concern-over-facebook-than-credit-cards/
Posted by InfoSec News on Apr 09http://news.techworld.com/security/3440950/sql-injection-flaws-easy-find-exploit-veracode-report-finds/
Posted by InfoSec News on Apr 09http://www.israelnationalnews.com/News/News.aspx/166898
Posted by InfoSec News on Apr 09http://www.foreignaffairs.com/articles/139139/zachary-k-goldman/washingtons-secret-weapon-against-chinese-hackers