Article by Alex Rothacker

Application Security, Inc.'s Team SHATTER (Security Heuristics of Application Testing Technology for Enterprise Research) has researched the Top 10 Database Vulnerabilities in order to provide you with the most up-to-date vulnerabilities, risk and remediation informatio… Read full post »

Just wanted to highlight another useful resource on logging: "How to Do Application Logging Right” by Gunnar Peterson and myself.

Following on our previous IEEE paper (here [PDF]), we explored application logging from a developer's perspective. As Gunnar already pointed out, “audi… Read full post »

This was crossposted from christiaan008.blogspot.com, a blog about the youtube channel Hacking Forensic Security

First off thanks to all the subscribers, the channel has over 700 subscribers. The channel is growing steady.

This time I'll start with a couple of ideas I have for the chann… Read full post »

The rapid growth of cloud computing has encouraged security companies to develop security solutions that can be delivered in the cloud, but some aspects of security have to be delivered on-site in order for businesses to remain fully protected from internet threats.

Our latest guide, examines what… Read full post »

At night things seem very different.  I enjoy going outside after the sun has completely set dark.  You hear sounds you never hear in the daytime.  You see things you never see or notice during daylight.  It’s not much different within the workplace.

In 1990 when I was an int… Read full post »

The steady drumbeat of FCPA enforcement continues -- now the pharma and medical device industries are on the target list, and tobacco companies recently reached plea agreements with the government. 

The enforcement horizon looks like more of the same -- companies hope to escape the enforcement e… Read full post »

For everything in life, there is a corresponding scam. Scammers spend their energy trying to separate hardworking, law-abiding citizens from their money, and they’ll take advantage of any opportunity to do so.

The four seasons provide various opportunities for scams. Summer's “hottest&rdq… Read full post »

Article by Ashesh Mamidi

Small businesses today have shifted from paper records to electronically stored information.  This so-called digitalization process has helped small businesses attain a dramatically more efficient way of doing business.

On the other hand, this has also opened new doors fo… Read full post »

Being at the helm of product development for nearly two decades in the company, Roland Slee, Vice President, Oracle Database Product Management Team, in conversation with Rahul Neel Mani, thinks it is about time the industry reconsiders the way it computes....

A USB key containing hundreds of Ontario patient health information files was stolen almost two weeks ago. According to the CBC, the USB wasn't encrypted and was stolen from the purse of a University Hospital Network (UHN) employee.

The theft of these files has resulted in a call for efforts to… Read full post »

Not so long ago – when a company (business unit, department, or manager) wanted to develop a line of business software application, they would do a system analysis starting with business requirements and then proceed to develop the application and deploy it.

Things have changed. Packaged sof… Read full post »

Ever wonder what a Botnet really looks like? Here is a look at a packet capture of the Zeus Botnet as viewed in the Netwitness Investigator program (Click picture for full screen view).

It was the Netwitness Corporation that first detected the Kneber botnet.

I really like… Read full post »

If you are a cloud computing architect, have I got news for you - NJVC, one of the largest IT solutions providers supporting the U.S. Department of Defense (DoD), is building a high performance cloud computing team.

We help customers solve their toughest mission-critical IT challenges, enabling th… Read full post »

Employees are a company’s best source of information about what is going on in the company. It is certainly a best practice for a company to listen to its own employees, particularly to help improve its processes and procedures.

But more than listening to its employees, a… Read full post »

Tire pressure monitoring systems have been required on new cars beginning 2008 due to the defective Firestone tire debacle that occurred in 2000.  

The tire pressure monitoring systems are based on battery-powered radio frequency identification (RFID) tags affixed to each tire.  An electroni… Read full post »

2.0 Security Standards and Certifications

This is the second installment of six part series on IT Security History and Architecture (Part One).

2.1 Standards

Another big issue is certification. Because the need for security is so evident and the lack of security is so prevalent, various standards and… Read full post »

Israel sees electronic warfare as an alternative to F-35s

There are a few interesting items in a recent issue of Aviation Week and Space Technology. Apparently Israel is rethinking their original plan to purchase 100 of the advanced Joint Strike Fighter.  With a focus on modern warfare and… Read full post »

With the signing of the Healthcare Reform Bill, new and significant compliance requirements must be met by the pharmaceutical, biological, and device industries. 

In the current enforcement environment, healthcare businesses must take a proactive compliance approach or risk significant costs in… Read full post »

With 20+ million iPhones on the market there is a good chance you have one. According to San Francisco police, the 31-year-old city resident rode a bicycle up to a woman and snatched an iPhone out of her hands, and then pedaled away.

Problem was, the woman was carrying the phone… Read full post »

I set up an account on Facebook recently just to see where things are with the social networking site since the last time I checked.

There have been some changes. The porn and sex come-ons no longer populate my “Wall” and there are more controls for who… Read full post »

With the increase in cyber war incidents, and more and more complicated network environments, it is harder today to monitor and analyze networks in real time.

Network forensics was widely implemented as a sub-branch of digital forensics relating to the monitoring and analysis of computer network traf… Read full post »

Enterprise Digital Rights Management by Eric Quellet is a must read paper for any organisation that is considering Enterprise Rights Management.

It helps decision makers consider the implications of using Enterprise Rights Management to protect its intellectual property and how best to implement… Read full post »

1.1 Recent Security Issues

The past year has witnessed an amazing number of articles, reports, seminars and news stories about successful hacking attempts and the lack of data and/or network security.  The GAO recently reported that:

“Despite indications that agencies have improved thei… Read full post »

Risk:  A Growing And Disturbing Trend 

The Washington Post and WSJ Blog both reported on a decision by the University of Virgina Housing Division to remove phones from student dorm rooms.  The obvious justification for the decision is the cost associated with providing phone infrastruc… Read full post »

If you’re reading this blog, you and your family are connected to the internet; your entrée to the internet is via a laptop, desktop PC, smart-phone, or other such devices and you have one, two maybe three separate service providers.

Your connected devices allow you and your… Read full post »