HNS MAIN FEED
Deploying enterprise software securely
Wednesday, 27 August 2008, 11:57 PM CET
This laundry list of security requirements is a lot to think about for every application deployment, but vigilance in this area can drastically improve an organization’s security posture. The requirements can be put into a standardized template, and at the end of the process each requirement should have a mark for pass, fail, or perhaps not applicable. Anything marked as a failure should be noted and can be escalated or accepted as a risk.
Most organizations fail to stop interior network threats
Tuesday, 26 August 2008, 9:25 PM CET
A survey by Opine Consulting revealed nearly half of the IT professionals who responded had endpoints connecting to their corporate networks without their knowledge. Yet compared to other security issues, 86 percent of respondents said controlling network access ranked as a high priority.
Security risks for mobile computing on public WLANs
Monday, 25 August 2008, 11:54 PM CET
This article illuminates the effectiveness of VPN security mechanisms, data encryption, strong authentication and personal firewalls and shows how optimal protection can be achieved by dynamically integrating each of these technologies.
Reverse engineering: Smashing the signature
Wednesday, 20 August 2008, 3:35 PM CET
Many antivirus and antispyware solutions identify malicious programs by looking for known unique signatures contained inside them. Those signatures are stored inside a database which is constantly updated. This tutorial guides you through a number of steps to encrypt the executable file code section in order to render antivirus signature checking techniques ineffective against identifying the malicious code.
Internet terrorist: Does such a thing really exist?
Tuesday, 19 August 2008, 5:25 PM CET
In this article, a former CISO discusses the notion of worrying about the potential risk of terrorism against his organization and how it seems to be the lowest priority given the choices at hand. Ironically, terrorism today seems to be an emerging concern in the commercial world and many are actively pursuing methods and technology to help combat the problem. As a result, he began to research this trend to determine its drivers and potential implications to information security as we know it today.
Reputation attacks: A little known Internet threat
Monday, 18 August 2008, 8:06 PM CET
Reputation attacks target both individuals and companies, and their goal is to ruin the victim’s reputation. While attack techniques are varied, the consequences are often the same: a damaged reputation resulting in many cases in financial loss. Attackers can use several methods to ruin a company’s reputation.
Video - DTrace: The reverse engineer's unexpected swiss army knife
Thursday, 14 August 2008, 11:45 PM CET
David Weston is a security engineer at Science Applications International Corporation. In this video, made at Black Hat Europe, David illustrates his research related to DTrace. Created by SUN and originally intended for performance monitoring, DTrace is one of the most exciting additions to OS X Leopard and is being ported to Linux and BSD. It offers an unprecedented view of both user and kernel space, which has many interesting implications for security researchers.
Report reveals which piracy groups pose significant threat
Wednesday, 13 August 2008, 11:11 PM CET
V.i. Labs issued a report revealing that piracy groups are fully exploiting security gaps in the common licensing mechanisms used in electronic design automation (EDA), computer-aided design (CAD), and product lifecycle management (PLM) software to produce counterfeit versions of these high-priced applications.
Hard Drive Recovery
Wednesday, 27 August 2008, 11:57 PM CET
This laundry list of security requirements is a lot to think about for every application deployment, but vigilance in this area can drastically improve an organization’s security posture. The requirements can be put into a standardized template, and at the end of the process each requirement should have a mark for pass, fail, or perhaps not applicable. Anything marked as a failure should be noted and can be escalated or accepted as a risk.Most organizations fail to stop interior network threats
Tuesday, 26 August 2008, 9:25 PM CET
A survey by Opine Consulting revealed nearly half of the IT professionals who responded had endpoints connecting to their corporate networks without their knowledge. Yet compared to other security issues, 86 percent of respondents said controlling network access ranked as a high priority.Security risks for mobile computing on public WLANs
Monday, 25 August 2008, 11:54 PM CET
This article illuminates the effectiveness of VPN security mechanisms, data encryption, strong authentication and personal firewalls and shows how optimal protection can be achieved by dynamically integrating each of these technologies.Reverse engineering: Smashing the signature
Wednesday, 20 August 2008, 3:35 PM CET
Many antivirus and antispyware solutions identify malicious programs by looking for known unique signatures contained inside them. Those signatures are stored inside a database which is constantly updated. This tutorial guides you through a number of steps to encrypt the executable file code section in order to render antivirus signature checking techniques ineffective against identifying the malicious code.Internet terrorist: Does such a thing really exist?
Tuesday, 19 August 2008, 5:25 PM CET
In this article, a former CISO discusses the notion of worrying about the potential risk of terrorism against his organization and how it seems to be the lowest priority given the choices at hand. Ironically, terrorism today seems to be an emerging concern in the commercial world and many are actively pursuing methods and technology to help combat the problem. As a result, he began to research this trend to determine its drivers and potential implications to information security as we know it today.Reputation attacks: A little known Internet threat
Monday, 18 August 2008, 8:06 PM CET
Reputation attacks target both individuals and companies, and their goal is to ruin the victim’s reputation. While attack techniques are varied, the consequences are often the same: a damaged reputation resulting in many cases in financial loss. Attackers can use several methods to ruin a company’s reputation.Video - DTrace: The reverse engineer's unexpected swiss army knife
Thursday, 14 August 2008, 11:45 PM CET
David Weston is a security engineer at Science Applications International Corporation. In this video, made at Black Hat Europe, David illustrates his research related to DTrace. Created by SUN and originally intended for performance monitoring, DTrace is one of the most exciting additions to OS X Leopard and is being ported to Linux and BSD. It offers an unprecedented view of both user and kernel space, which has many interesting implications for security researchers.Report reveals which piracy groups pose significant threat
Wednesday, 13 August 2008, 11:11 PM CET
V.i. Labs issued a report revealing that piracy groups are fully exploiting security gaps in the common licensing mechanisms used in electronic design automation (EDA), computer-aided design (CAD), and product lifecycle management (PLM) software to produce counterfeit versions of these high-priced applications.
