Thursday, October 9, 2008
10 Laptop Security Products
Keep a close eye on your laptop, folks; if you're not careful it may become one of the 12,000 laptops a Ponemon Institute and Dell Computer study shows get stolen each week at U.S. airports.
Most laptops go missing at security checkpoints or at the departure gates, the places where you're most likely to be distracted. Only 30 percent of travelers are ever able to recover their laptops.
What's worse, nearly half of the people in the study say their laptops contain customer data or confidential business information. Translation: we are all affected by laptop thievery.
Unfortunately, even if you guard your laptop with your life, there's no sure-fire way to prevent someone from snatching your data or laptop.
Thankfully, there are software and hardware solutions on the market to make your laptop more secure.
Guys!.. Intresting??? If yes, for more info visit:-
http://www.pcmag.com/article2/0,2704,2331776,00.asp
Saturday, October 4, 2008
CISSP Essentials Security School
SearchSecurity.com's CISSP Essentials Security School offers free training for CISSP® certification exam. Benefit from a series of 10 training lessons that explore the fundamental concepts, technologies and practices of information systems security. Each lesson corresponds to a subject domain in the exam's "Common Body of Knowledge" — the essential elements each CISSP-certified practitioner must know.
Each of the 10 lessons includes a 45-minute video presentation, a domain spotlight article that provides an insider's guide to each domain, and an exclusive quiz offering prep questions similar to those on the real CISSP exam.
For more information and free tarining visit:-
http://searchsecurity.techtarget.com/generic/0,295582,sid14_gci1330306,00.html
Each of the 10 lessons includes a 45-minute video presentation, a domain spotlight article that provides an insider's guide to each domain, and an exclusive quiz offering prep questions similar to those on the real CISSP exam.
For more information and free tarining visit:-
http://searchsecurity.techtarget.com/generic/0,295582,sid14_gci1330306,00.html
Friday, October 3, 2008
List of Useful Information Security Related RSS Feeds
Computerworld Breaking News - feed
Dancho Danchev - feed
Dark Reading - feed
del.icio.us/tag/hacking - feed
del.icio.us/tag/pentest - feed
del.icio.us/tag/security - feed
eEye Research - feed
GNUCITIZEN - feed
Hack In The Box - feed
hackers @ microsoft - feed
honeyblog - feed
InfoWorld: Top News - feed
MSDN Architecture Center - feed
Mal-Aware.org - feed
Metasploit - feed
Malware Advisor - feed
Malware Help.Org - feed
Metasploit - feed
milw0rm.com - feed
Mal-Aware.org - feed
NYT > Technology - feed
PC World: Latest Technology News - feed
Rootsecure.net - secnews -- feed
Slashdot - feed
SearchSecurity : Security Wire Daily News - feed
Security Adviser - feedsecurosis.com - feed
Spyware Sucks - feedSecurity Fix - feed
SecurityFocus News - feed
SANS Reading Room - feed
SANS Internet Storm Center - feed
SunbeltBLOG - feed
Tenable Network Security - feed
TrendLabs Malware Blog - feed
Infosec Writers Latest Security Papers - feed
The Register - feed
washingtonpost.com - Technology - feed
Wired::Security - feed
Websense Security Labs - feed
Dancho Danchev - feed
Dark Reading - feed
del.icio.us/tag/hacking - feed
del.icio.us/tag/pentest - feed
del.icio.us/tag/security - feed
eEye Research - feed
GNUCITIZEN - feed
Hack In The Box - feed
hackers @ microsoft - feed
honeyblog - feed
InfoWorld: Top News - feed
MSDN Architecture Center - feed
Mal-Aware.org - feed
Metasploit - feed
Malware Advisor - feed
Malware Help.Org - feed
Metasploit - feed
milw0rm.com - feed
Mal-Aware.org - feed
NYT > Technology - feed
PC World: Latest Technology News - feed
Rootsecure.net - secnews -- feed
Slashdot - feed
SearchSecurity : Security Wire Daily News - feed
Security Adviser - feedsecurosis.com - feed
Spyware Sucks - feedSecurity Fix - feed
SecurityFocus News - feed
SANS Reading Room - feed
SANS Internet Storm Center - feed
SunbeltBLOG - feed
Tenable Network Security - feed
TrendLabs Malware Blog - feed
Infosec Writers Latest Security Papers - feed
The Register - feed
washingtonpost.com - Technology - feed
Wired::Security - feed
Websense Security Labs - feed
Friday, September 26, 2008
How to Protect Yourself from Web 2.0 Hackers
Introduction to Web 2.0
Web 2.0 is a living term describing changing trends in the use of World Wide Web technology and web design that aims to enhance creativity, information sharing, collaboration and functionality of the web. Web 2.0 concepts have led to the development and evolution of web-based communities and hosted services, such as social-networking sites, video sharing sites, wikis, blogs, and folksonomies. The term became notable after the first O'Reilly Media Web 2.0 conference in 2004. Although the term suggests a new version of the World Wide Web, it does not refer to an update to any technical specifications, but to changes in the ways software developers and end-users utilize the Web.
According to Tim O'Reilly:
“Web 2.0 is the business revolution in the computer industry caused by the move to the Internet as platform, and an attempt to understand the rules for success on that new platform.”
5 steps to Protect Yourself from Web 2.0 Hackers:
1. Run a security suite. It isn't good enough anymore to run merely antivirus. You need a software firewall, antispam, antiphishing, antispyware, anti-rootkit, host-based intrusion prevention solution. These will keep you from getting infected with the malware I try to push to your PC. We don't talk much about antispam, as if spam were just an annoyance.But if you don't read my phishing e-mails, then you'll never visit my fake site, run my buffer overflow exploit, and infect yourself with my malware.
2. Update signatures. I can change my attacks frequently, so you'd better download new signatures or your security suite won't recognize the new ones. Of course, I can stay ahead of signatures, which is why you need the firewall and HIPS.
3. Be street-smart on the Web. Trust no one. Don't share any more information publicly than you need to. And don't use anything you share as your password. If you write about your dog on Facebook and my app grabs his name, then you can bet I'm going to try all kinds of variations on Toto as your password on the common banking sites and PayPal—and, if I can
find it, your PC.
4. Use strong passwords. I hate when marks use strong passwords because it really slows me down. Make sure your password is more than six characters long, contains a mix of letters and numbers, and doesn't include a word that can be found in the dictionary.
5. Mix it up. Don't use the same password on every site. If you do, then once I crack one I have access to everything you do online. The same goes for your credit card and ATM card PIN.
6. Be cryptic. When possible, encrypt important data files at rest and in transit. That means clicking on the "Sign in securely" link, even though it's an extra click, and making sure that you see the little lock in your browser that means the site is using SSL to encrypt traffic. Read your application provider's EULA and find out who owns your data stored online (the answer may surprise you), how they isolate your data from other peoples' data (if they do), and the security measures they've enacted to protect you. A free app is nice, but isn't your identity worth more? Cancel services that won't encrypt your files and explain the other securitymeasures they take.
See you online... Cheers!!!
Web 2.0 is a living term describing changing trends in the use of World Wide Web technology and web design that aims to enhance creativity, information sharing, collaboration and functionality of the web. Web 2.0 concepts have led to the development and evolution of web-based communities and hosted services, such as social-networking sites, video sharing sites, wikis, blogs, and folksonomies. The term became notable after the first O'Reilly Media Web 2.0 conference in 2004. Although the term suggests a new version of the World Wide Web, it does not refer to an update to any technical specifications, but to changes in the ways software developers and end-users utilize the Web.
According to Tim O'Reilly:
“Web 2.0 is the business revolution in the computer industry caused by the move to the Internet as platform, and an attempt to understand the rules for success on that new platform.”
5 steps to Protect Yourself from Web 2.0 Hackers:
1. Run a security suite. It isn't good enough anymore to run merely antivirus. You need a software firewall, antispam, antiphishing, antispyware, anti-rootkit, host-based intrusion prevention solution. These will keep you from getting infected with the malware I try to push to your PC. We don't talk much about antispam, as if spam were just an annoyance.But if you don't read my phishing e-mails, then you'll never visit my fake site, run my buffer overflow exploit, and infect yourself with my malware.
2. Update signatures. I can change my attacks frequently, so you'd better download new signatures or your security suite won't recognize the new ones. Of course, I can stay ahead of signatures, which is why you need the firewall and HIPS.
3. Be street-smart on the Web. Trust no one. Don't share any more information publicly than you need to. And don't use anything you share as your password. If you write about your dog on Facebook and my app grabs his name, then you can bet I'm going to try all kinds of variations on Toto as your password on the common banking sites and PayPal—and, if I can
find it, your PC.
4. Use strong passwords. I hate when marks use strong passwords because it really slows me down. Make sure your password is more than six characters long, contains a mix of letters and numbers, and doesn't include a word that can be found in the dictionary.
5. Mix it up. Don't use the same password on every site. If you do, then once I crack one I have access to everything you do online. The same goes for your credit card and ATM card PIN.
6. Be cryptic. When possible, encrypt important data files at rest and in transit. That means clicking on the "Sign in securely" link, even though it's an extra click, and making sure that you see the little lock in your browser that means the site is using SSL to encrypt traffic. Read your application provider's EULA and find out who owns your data stored online (the answer may surprise you), how they isolate your data from other peoples' data (if they do), and the security measures they've enacted to protect you. A free app is nice, but isn't your identity worth more? Cancel services that won't encrypt your files and explain the other securitymeasures they take.
See you online... Cheers!!!
Tuesday, September 23, 2008
Certification still pays for CISSPs, CISMs
Information security certifications aren't often easy to obtain, but according to new IT data, those who have them are seeing their salaries rise.
Following the release of data from its most recent quarterly IT salary survey Foote Partners LLC, a Vero Beach, Fla.-based independent research group, announced that pay for IT certifications was down for the eighth straight quarter, but a few sectors bucked the trend.
"Of the 165 certified skills we survey, only 17 increased in value over last year," said David Foote, the firm's founder and CEO. Included in that handful of skills are several security certifications, such as the Certified Information Systems Security Professional (CISSP) and Certified Information Security Manager (CISM).
In fact, seven of the 17 certifications that increased in value were from the security sector, with those who had earned the GIAC Security Expert (GSE) certification posting a whopping 36.4% average salary increase during the last 12 months: the largest salary growth of any certified professional. Overall, pay for security certifications was up 0.4% during the last six months and 2% during the last year (through July 1, 2008), compared with the downward trend of all IT certifications, which lost 2.5% during the last six months and 3.5% during the past year.
Also measured in the annual report were the changes in value for uncertified IT skills. The increase in pay for uncertified network security management skills was in step with the salary increase of GSE certified workers at 36.4% for last year.
According to Foote, spikes in value occur when the gap between demand and skills supply widens. "There are two reasons why that can occur," he said, "and it is rarely a decline in skills supply that cause[s] gap fluctuations -- it's surging demand."
So what's making the difference for security? Foote said the upward trend started with business' compliance concerns when the Sarbanes Oxley Act (SOX) debuted in 2002; it made sense for enterprises to put some money into security infrastructure and personnel to avoid paying the penalties of being noncompliant. Security awareness, however, has grown from there.
Separately, Foote Partners' data shows that the companies surveyed have raised their budgets for IT security governance by an average of 10.8% in the past year. Enterprises are more interested in keeping their data secure following high-profile breaches like the one at TJX Companies Inc. "Businesses are starting to hold vendors' feet to the fire," Foote said. "They are asking … for products with baked-in security."
With increased awareness comes greater need for experienced security pros to manage security plans and systems. This, Foote said, is why demand for security certifications -- particularly those with security management-related certifications like GSE, CISSP and CISM -- is growing.
Foote predicts demand for certified information security practitioners will only increase. Once greater security education comes into sync with budget planning, the demand and funding for security staff will continue to rise.
The seven security certifications that gained in value over the last year were GSE, CISM at 27.3%, the Certified Hacking Forensics Investigator (CHFI) at 14.3%, the GIAC Certified Intrusion Analyst (GCIA) and GIAC Systems and Network Auditor (GSNA) both at 11.1%, the Cisco Certified Security Professional (CCSP) at 9.1% and CISSP at 8.3%.
Foote said information security has proven to be one of the most stable IT niches for those who enjoy the work and are well-trained. "Conditions are in place for a fairly sustained momentum [when it comes to] staffing skilled security people internally," Foote said.
Saturday, September 20, 2008
Google Docs flaw could allow others to see personal files
A security researcher said he has discovered a vulnerability in Google Docs that mysteriously allows private documents to appear in other users' accounts.Tim Bass, a researcher posting Monday on the ISC(2) blog, wrote that when he recently was using his Google Docs account he found that it was listing documents as "owned" by him but that did not belong to him.In his case, he discovered documents written in Thai. When Bass contacted the owner of those files, that person also mentioned that his account contained documents not owed by him or normally shared with him.Bass said he suspects a JavaScript error in the way in which Google manages user sessions is to blame. A Google spokeswoman said Tuesday afternoon that the company was prepping a fix.Google Docs is a web-based application that saves files not to a user's desktop -- as is the case with programs such as Microsoft Office -- but to Google servers so users can retrieve documents from anywhere using the internet."The bottom line is that the security breach is real and dangerous," Bass said. "Your Google Docs, and I suspect other Google applications that use the same session management code, are vulnerable. There may be an underlying XSS (cross-site scripting) vulnerability as well."
Subscribe to:
Posts (Atom)