Contribuez à SecuObs en envoyant des bitcoins ou des dogecoins.
Nouveaux articles (fr): 1pwnthhW21zdnQ5WucjmnF3pk9puT5fDF
Amélioration du site: 1hckU85orcGCm8A9hk67391LCy4ECGJca

Contribute to SecuObs by sending bitcoins or dogecoins.

Chercher :
Newsletter :  


Revues :
- Presse
- Presse FR
- Vidéos
- Twitter
- Secuobs





Sommaires :
- Tendances
- Failles
- Virus
- Concours
- Reportages
- Acteurs
- Outils
- Breves
- Infrastructures
- Livres
- Tutoriels
- Interviews
- Podcasts
- Communiques
- USBsploit
- Commentaires


Revue Presse:
- Tous
- Francophone
- Par mot clé
- Par site
- Le tagwall


Top bi-hebdo:
- Ensemble
- Articles
- Revue
- Videos
- Twitter
- Auteurs


Articles :
- Par mot clé
- Par auteur
- Par organisme
- Le tagwall


Videos :
- Toutes
- Par mot clé
- Par site
- Le tagwall


Twitter :
- Tous
- Par mot clé
- Par compte
- Le tagwall


Commentaires :
- Breves
- Virus
- Failles
- Outils
- Tutoriels
- Tendances
- Acteurs
- Reportages
- Infrastructures
- Interviews
- Concours
- Livres
- Communiques


RSS/XML :
- Articles
- Commentaires
- Revue
- Revue FR
- Videos
- Twitter


RSS SecuObs :
- sécurité
- exploit
- windows
- attaque
- outil
- microsoft


RSS Revue :
- security
- microsoft
- windows
- hacker
- attack
- network


RSS Videos :
- curit
- security
- biomet
- metasploit
- biometric
- cking


RSS Twitter :
- security
- linux
- botnet
- attack
- metasploit
- cisco


RSS Comments :
- Breves
- Virus
- Failles
- Outils
- Tutoriels
- Tendances
- Acteurs
- Reportages
- Infrastructures
- Interviews
- Concours
- Livres
- Communiques


RSS OPML :
- Français
- International











Revue de presse francophone :
- Appaloosa AppDome nouent un partenariat pour accompagner les entreprises dans le déploiement et la protection des applications mobiles
- D-Link offre une avec un routeur VPN sans fil AC
- 19 mai Paris Petit-Déjeuner Coreye Développer son business à l'abri des cyberattaques
- POYNTING PRESENTE LA NOUVELLE ANTENNE OMNI-291, SPECIALE MILIEU MARITIME, CÔTIER ET MILIEU HUMIDE
- Flexera Software Les utilisateurs français de PC progressent dans l'application de correctifs logiciels, mais des défis de tailles subsistent
- Riverbed lance SD-WAN basé sur le cloud
- Fujitsu multi-récompensé VMware lui décerne plusieurs Partner Innovation Awards à l'occasion du Partner Leadership Summit
- Zscaler Private Access sécuriser l'accès à distance en supprimant les risques inhérents aux réseaux privés virtuels
- QNAP annonce la sortie de QTS 4.2.1
- Une enquête réalisée par la société de cyber sécurité F-Secure a décelé des milliers de vulnérabilités graves, potentiellement utilisables par des cyber criminels pour infiltrer l'infrastru
- Trouver le juste équilibre entre une infrastructure dédiée et cloud le dilemme de la distribution numérique
- 3 juin - Fleurance - Cybersécurité Territoires
- Cyber-assurances Seules 40 pourcents des entreprises françaises sont couvertes contre les violations de sécurité et les pertes de données
- Des étudiants de l'ESIEA inventent CheckMyHTTPS un logiciel qui vérifie que vos connexions WEB sécurisées ne sont pas interceptées
- Les produits OmniSwitch d'Alcatel-Lucent Enterprise ALE gagnent en sécurité pour lutter contre les cyber-attaques modernes

Dernier articles de SecuObs :
- DIP, solution de partage d'informations automatisée
- Sqreen, protection applicative intelligente de nouvelle génération
- Renaud Bidou (Deny All): "L'innovation dans le domaine des WAFs s'oriente vers plus de bon sens et d'intelligence, plus de flexibilité et plus d'ergonomie"
- Mises à jour en perspective pour le système Vigik
- Les russes ont-ils pwn le système AEGIS ?
- Le ministère de l'intérieur censure une conférence au Canada
- Saut d'air gap, audit de firmware et (in)sécurité mobile au programme de Cansecwest 2014
- GCHQ: Le JTRIG torpille Anonymous qui torpille le JTRIG (ou pas)
- #FIC2014: Entrée en territoire inconnu
- Le Sénat investit dans les monnaies virtuelles

Revue de presse internationale :
- VEHICLE CYBERSECURITY DOT and Industry Have Efforts Under Way, but DOT Needs to Define Its Role in Responding to a Real-world Attack
- Demand letter served on poll body over disastrous Comeleak breach
- The Minimin Aims To Be The Simplest Theremin
- Hacking group PLATINUM used Windows own patching system against it
- Hacker With Victims in 100 Nations Gets 7 Years in Prison
- HPR2018 How to make Komboucha Tea
- Circuit Bender Artist bends Fresnel Lens for Art
- FBI Director Suggests iPhone Hacking Method May Remain Secret
- 2016 Hack Miami Conference May 13-15, 2016
- 8-bit Video Wall Made From 160 Gaming Keyboards
- In An Era Of Decline, News Sites Can t Afford Poor Web Performance
- BeautifulPeople.com experiences data breach 1m affected
- Swedish Air Space Infringed, Aircraft Not Required
- Why cybercriminals attack healthcare more than any other industry
- Setting the Benchmark in the Network Security Forensics Industry

Annuaire des videos
- FUZZING ON LINE PART THREE
- Official Maltego tutorial 5 Writing your own transforms
- Official Maltego tutorial 6 Integrating with SQL DBs
- Official Maltego tutorial 3 Importing CSVs spreadsheets
- install zeus botnet
- Eloy Magalhaes
- Official Maltego tutorial 1 Google s websites
- Official Maltego tutorial 4 Social Networks
- Blind String SQL Injection
- backdoor linux root from r57 php shell VPS khg crew redc00de
- How To Attaque Pc With Back Track 5 In Arabique
- RSA Todd Schomburg talks about Roundup Ready lines available in 2013
- Nessus Diagnostics Troubleshooting
- Panda Security Vidcast Panda GateDefender Performa Parte 2 de 2
- MultiPyInjector Shellcode Injection

Revue Twitter
- RT @fpalumbo: Cisco consistently leading the way ? buys vCider to boost its distributed cloud vision #CiscoONE
- @mckeay Looks odd... not much to go on (prob some slideshow/vid app under Linux)
- [SuggestedReading] Using the HTML5 Fullscreen API for Phishing Attacks
- RT @BrianHonan: Our problems are not technical but cultural. OWASP top 10 has not changed over the years @joshcorman #RSAC
- RT @mikko: Wow. Apple kernels actually have a function called PE_i_can_has_debugger:
- [Blog Spam] Metasploit and PowerShell payloads
- PinkiePie Strikes Again, Compromises Google Chrome in Pwnium Contest at Hack in the Box: For the second time thi...
- @mikko @fslabs y'all wldn't happen to have lat/long data sets for other botnets, wld you? Doing some research (free/open info rls when done)
- RT @nickhacks: Want to crash a remote host running Snow Leopard? Just use: nmap -P0 -6 --script=targets-ipv6-multicast-mld #wishiwaskidding
- An inexpensive proxy service called is actually a front for #malware distribution -

Mini-Tagwall
Revue de presse : security, microsoft, windows, hacker, attack, network, vulnerability, google, exploit, malware, internet, remote, iphone

+ de mots clés pour la revue de presse

Annuaires des videos : curit, security, biomet, metasploit, biometric, cking, password, windows, botnet, defcon, tutorial, crypt, xploit

+ de mots clés pour les videos

Revue Twitter : security, linux, botnet, attack, metasploit, cisco, defcon, phish, exploit, google, inject, server, firewall

+ de mots clés pour la revue Twitter

Top bi-hebdo des articles de SecuObs
- [Ettercap – Partie 2] Ettercap par l'exemple - Man In the Middle et SSL sniffing
- [Infratech - release] version 0.6 de Bluetooth Stack Smasher
- [IDS Snort Windows – Partie 2] Installation et configuration
- [Infratech - vulnérabilité] Nouvelle version 0.8 de Bluetooth Stack Smasher
- Mises à jour en perspective pour le système Vigik
- USBDumper 2 nouvelle version nouvelles fonctions !
- EFIPW récupère automatiquement le mot de passe BIOS EFI des Macbook Pro avec processeurs Intel
- La sécurité des clés USB mise à mal par USBDUMPER
- Une faille critique de Firefox expose les utilisateurs de Tor Browser Bundle
- Installation sécurisée d'Apache Openssl, Php4, Mysql, Mod_ssl, Mod_rewrite, Mod_perl , Mod_security

Top bi-hebdo de la revue de presse
- StackScrambler and the Tale of a Packet Parsing Bug

Top bi-hebdo de l'annuaire des videos
- DC++ Botnet. How To DDos A Hub With Fake IPs.
- Comment creer un server botnet!!!!(Réseau de pc zombies)
- Defcon 14 Hard Drive Recovery Part 3

Top bi-hebdo de la revue Twitter
- RT @secureideas: I believe that all the XSS flaws announced are fixed in CVS. Will test again tomorrow if so, release 1.4.3. #BASESnort
- Currently, we do not support 100% of the advanced PDF features found in Adobe Reader... At least that's a good idea.
- VPN (google): German Foreign Office Selects Orange Business for Terrestrial Wide: Full
- @DisK0nn3cT Not really, mostly permission issues/info leak...they've had a couple of XSS vulns but nothing direct.
- Swatting phreaker swatted and heading to jail: A 19-year-old American has been sentenced to eleven years in pris..
- RT @fjserna You are not a true hacker if the calc.exe payload is not the scientific one... infosuck.org/0x0035.png

Top des articles les plus commentés
- [Metasploit 2.x – Partie 1] Introduction et présentation
- Microsoft !Exploitable un nouvel outil gratuit pour aider les développeurs à évaluer automatiquement les risques
- Webshag, un outil d'audit de serveur web
- Les navigateurs internet, des mini-systèmes d’exploitation hors de contrôle ?
- Yellowsn0w un utilitaire de déblocage SIM pour le firmware 2.2 des Iphone 3G
- CAINE un Live[CD|USB] pour faciliter la recherche légale de preuves numériques de compromission
- Nessus 4.0 placé sous le signe de la performance, de l'unification et de la personnalisation
- [Renforcement des fonctions de sécurité du noyau Linux – Partie 1] Présentation
- [IDS Snort Windows – Partie 1] Introduction aux IDS et à SNORT
- Origami pour forger, analyser et manipuler des fichiers PDF malicieux

Taming the 21st Century's Wild West of CyberspaceDebunking the Myths about CAs and SSL CertificatesAn Ethics for the New and Old SurveillanceEnabling Pain-Free SSL Certificate ManagementCall for B

Si vous voulez bloquer ce service sur vos fils RSS
Si vous voulez nous contacter ou nous proposer un fil RSS

Menu > Articles de la revue de presse : - l'ensemble [tous | francophone] - par mots clé [tous] - par site [tous] - le tagwall [voir] - Top bi-hebdo de la revue de presse [Voir]

S'abonner au fil RSS global de la revue de presse



Taming the 21st Century's Wild West of CyberspaceDebunking the Myths about CAs and SSL CertificatesAn Ethics for the New and Old SurveillanceEnabling Pain-Free SSL Certificate ManagementCall for B

Par Information Security Today Essential Information for Managing the Security of a Modern Evolving En
Le [2013-08-19] à 16:06:43



Présentation : The world faces unprecedented risks across the Internet in what has become known as The 21st Century's Wild West, where attacks on computer systems and networks are generally conducted with the complete anonymity and impunity for those perpetrating these acts. Establishing a robust system of monitoring, controls, and sanctions to ensure that the Internet functions as a trusted and heavily defended environment that fosters cooperation, collaboration, and commerce will have a dramatic effect on the stability, viability, and resilience of our interconnected global economy.Over the years a few misconceptions about CAs and the SSL infrastructure have arisen. Despite reports and scare tactics about the collapse of the SSL CA model, the CA Security Council CASC is here to set the record straight and dispel the myths of the industry. Here are nine myths and facts about CAs and SSL certificates.As the recent revelations about the NSA's Prism and Tempora programs shows, new surveillance technologies and various forms of electronic location monitoring raise important social, political, and cultural questions. This chapter suggests concepts to order the rich variation the topic offers across kinds of tools for collecting personal information and across various contexts regardless of whether they involve national security, work, commerce, family, or friends.According to a recent Certificate Management Survey conducted by Symantec, one of the most significant issues facing businesses today is the sheer number of certificates there are to manage. In fact, organizations are now managing nearly 2,000 certificates on average. One-third of companies surveyed felt that their certificate catalogue is less than somewhat accurate. The average organization lost 222,000 just in the last year due to a variety of certificate-related mishaps. This article provides best practices to effectively manage SSL certificates in order to maintain positive company perception and revenue.The main objective of this book is not only to describe the state of art cryptographic algorithms, but also to demonstrate how they can be implemented using a programming language i.e., C . Generally, books that discuss cryptographic algorithms do not elaborate the implementation issues. Therefore, a gap between the understanding and the implementation remains unattained. The motivation of this book is to seal that leakage and to educate someone in such way that he will be capable of developing and implementing his own designed cryptographic algorithm.This chapter describes how to green your data centers and servers by choosing green suppliers when you buy in data center services. It explains why you should start now, and discusses planning buildings, power supplies, and servers, storage, and networking.I don't know if you've ever read Stratfor's guidance on personal security, such as Taming Chaos with a Personal Plan, but this new book, Personal Security A Guide for International Travelers, provides a comprehensive approach to personal security and safety when travelling, or even while at home. To support your pre-trip preparations, this chapter, Before You Go, maps out expert advice and lessons from real life cases to give you insights into basic planning questions.There has been a wide interest in the secure design and implementation of smart grid systems. The SCADA system is on of the most important legacy systems of the smart grid systems. In this excerpt, the authors demonstrate the challenges to secure the current automation systems, such as SCADA systems, with examples.Wherever wireless networks are deployed, security vulnerability will always exist. Security attacks and vulnerabilities can only be mitigated if best practices, as well as correct policies and standards, are used. This chapter discusses some of the important and best practices that can be implemented for improving mobile and wireless security. Wireless security will continue to be a research topic as long as there are ways to attack or obtain unauthorized access to wireless networks.Everyone has an opinion about the 'Cloud' and its effect on business. Some believe it is dark and scary and fraught with unnecessary risk, while others would argue its silver lined and the path to greater business performance and cost savings. The truth is that the Cloud undeniably has the potential to open up a whole new dimension of opportunities to businesses, but only if data security is properly addressed.Since the September 11th attacks, the scientific and engineering communities have been called upon to help the world respond to security challenges. This volume focuses on challenges involving multidisciplinary problem analysis and systems engineering approaches to security. It presents a comprehensive survey of state-of-the-art methods for the surveillance and protection of citizens and critical infrastructure against both natural and deliberate threats. The first section analyzes technical issues related to surveillance. Next, the book examines legislative, organization, and management issues with a specific emphasis on privacy concerns. Finally, the contributors discuss innovative solutions and new research topics garnering heightened attention.Data anonymization provides a systematic and integrated approach to privacy protection that goes far beyond simple data-masking or network security from external or internal theft. Discussing the analysis, planning, set-up, and governance, this timely manual illuminates the entire process of adapting and implementing anonymization tools and programs to increase the success of privacy protection in vulnerable organizations. Providing a 360 degree view of data privacy protection, it details data anonymization patterns, automation tool capabilities, and the key factors for success in disguising the person behind the data.Bill Buchanan, author of Introduction to Security and Network Forensics, has created a series of videos to accompany the textbook. There is a video for each chapter, as well as many of the labs. Still, you really should read the book.It is the disparity between theoretical approaches and real-life operations that makes it necessary to approach whitelisting with pragmatism. Because right now the major problem with whitelisting is that it is very expensive from the point of view of human involvement. You can't completely eliminate that expense, but you can at least minimize it by keeping user workflows unimpeded while the decision-makers look closely into those 50 shades of gray.This is an excerpt from The Complete Book of Data Anonymization From Planning to Implementation by Balaji Raghunathan.The first installment of this series covered the Inventory of Authorized and Unauthorized Devices and the Inventory of Authorized and Unauthorized Software. The second article covered two more Controls designed to offer guidance on managing secure hardware and software configurations on a variety of devices, as well as the implementation of continuous vulnerability assessments and remediation efforts. Now it is time to take a closer look at Controls 5 and 6 of the CSIS 20 Critical Security Controls, which deal with malware defenses and application security, respectively.Offering compelling practical and legal reasons why de-identification should be one of the main approaches to protecting patients' privacy, this book outlines a proven, risk-based methodology for the de-identification of sensitive health information. It situates and contextualizes this risk-based methodology and provides a general overview of its steps. Author Khaled El Emam University of Ottawa and Privacy Analytics supplies a detailed case for why de-identification is important as well as best practices to help you pin point when it is necessary to apply de-identification in the disclosure of personal health information.The Center for Strategic and International Studies CSIS recently released Version 4 of the Twenty Critical Security Controls. The critical controls identified by the workgroup focus on four basic tenets. This article looks at two more Controls designed to offer guidance on managing secure hardware and software configurations on a variety of devices, as well as implementing continuous vulnerability assessments and remediation efforts.The Center for Strategic and International Studies CSIS recently released Version 4 of the Twenty Critical Security Controls. The critical controls identified by the workgroup focus on four basic tenets. This series of three articles is intended to highlight the specific requirements you need to understand, and can later be used as a checklist.Brazil is now the number one country in the world for the use of banking malware. The high levels of e-commerce in Europe and the low levels of security often involved suggest that this is likely to be a prime target for Brazilian cyber criminals - and the organizations that buy the data they steal.Starting with an introduction to Android architecture and applications, this book covers security features and issues specific to Android platform and applications , including possible attacks and means to prevent them. Authors Anmol Misra and Abhishek Dubey describe mobile devices pen-testing methodology and techniques for DLP Data Leak Prevention . They also discusses advanced topics including reverse engineering and forensics, malware analysis, secure coding and hardening guidelines for Android, and how to perform threat modeling for Android mobile devices applications and incorporate them into enterprise SDLC processes.Lars Nielsen of SMS PASSCODE explains why multi-factor authentication is moving from traditional token-based preset codes to real-time connected and mobile systems, and the provisioning and security benefits this offers.In kill chain analysis, an attacker has to progress through stages before they achieve their objective, and it takes just one successful mitigation effort to thwart the attacker. SSI can increase the timeliness and accuracy of security incident detection efforts and increase the overall effectiveness of all network security tools.From a security perspective, you have to consider how you want to physically segment your network. Cloud computing pushes the economy of scale, and that is typically achieved by setting up a single virtual cluster for all your computing needs. However, security requirements might dictate a different agenda of pooling your computing and storage resources. It might also drive your decision making around firewall technology, and where to draw the physical fences versus virtual ones. This is an excerpt from Securing Cloud and Mobility A Practitioners Guide by Ian Lim, E. Coleen Coolidge, and Paul Hourani.The CISO has become the new Man-in-the-Middle, increasingly caught between the Executive World where he must effectively connect security to the business, and the more familiar Technical World where the he must continue to communicate effectively in terms of controls and benchmarks.This article discusses the key three cyber security challenges for this year Increase in Exploit Kits, an increase in mobile device cyber-security threats and an increase in sophistication of threats. Then it outlines how businesses can combat these attacks, providing useful security tips.News media in the U.S. are abuzz with stories about cyber-attacks on top banks as financial institutions emerge as the prime targets of cyber-criminals. Reports suggest that since September 2012, cyber-attacks on bank networks have exploded. Cyber-criminals are now siphoning off login credentials of employees and administrative passwords of IT resources, using techniques that include spam and phishing emails, keystroke loggers, and Remote Access Trojans RAT . Bolstering internal controls as detailed in this article will ensure that privileged identities will not be compromised, even if a hacker manages to penetrate the perimeter. Similarly, they will mitigate threats due to attacks by malicious insiders.This book explains and then helps readers live with the psycho-techno phenomenon that is bring your own technology BYOT . You will learn how to understand these new end-users and their demands, as well as the strategic and tactical ramifications of these demands. Next, author Jessica Keyes covers the broad range of technical considerations such as selection, connectivity, training, support, and security. She includes best practices and case studies of well-known companies, including IBM, Ford, and CarFax.Compliance standards, of which there are many, can be and should be used as a guide to write comprehensive and effective security policies. Many standards cover much of the same topics, but state the requirements in a slightly different way. This book provides a simplified way to write policies that meet the major regulatory requirements, without having to manually look up each and every control. It supplies a way to address the regulatory requirements of the organization by writing policy statements that address these requirements.The first PC viruses appeared more than 25 years ago. Little did we realize that this was just the beginning of what would become a series of threat waves. Today, we find ourselves combatting advanced malware, targeted attacks and advanced persistent threats APTs . This article discussee how you can raise your game to defeat this new class of attackers.The recent Red October wave of concerted cyber assaults demonstrates that social engineering is by far the most potent tool in the hacker's arsenal. These attacks occur nearly every day and are often successful, regardless of technical controls and countermeasures deployed within corporate networks. This article discusses the attacks and the ways in which your enterprise can protect its assets.CRC Press announced the launch of Featured Authors, a new web portal that connects researchers, academics, librarians and book buyers with authoritative authors in their fields. Available at www.crcpress.com authors or by clicking on the Featured Authors tab on the CRC Press homepage, Featured Authors makes books, bios, events and social media information readily accessible to online audiences at no cost.The availability and security of many services we rely upon are routinely put at risk by cyber threats. This volume outlines security concepts, methodologies, and relevant information pertaining to SCADA systems and technology that quietly operate in the background of utility and industrial facilities worldwide. The book supplies information for securing industrial automation process control systems as part of a critical infrastructure protection program. The authors present a best practices approach to securing business management environments at the strategic, tactical, and operational levels.The Internet is an essential tool, but it also presents risks to productivity, e-safety and network security. Web filtering provides powerful tools to address these issues, but taking a one-size-fits-all approach is not enough to meet the dynamic and diverse needs of most organizations. Instead, a genuine real-time Web filtering solution is needed to ensure categorization and filtering of Web page content keeps up to date with the ever-growing Internet.Biometric data is at the limits of what current personal data privacy laws consider worthy of protection. This type of identifier covers fingerprints, voiceprints, and facial images. While the risk factors are not nearly as threatening to consumers as more traditional PII, they do exist. Until recently, the dangers of biometric identification using DNA were more theoretical than real. That has suddenly changed. This article looks ar the risk factors of biometric identification using DNA.Why do people seem all too happy to do things in the virtual world they would never dream of doing in the real world Organizations are happy to hand over bunches of keys that open every sensitive file and expose the softer underbelly of the network. Why do they do that This article, written by Andrew Avanessian, Avecto VP of Professional Services, explores this and offers a virtual solution to the physical problems.This article explores the idea that it is impossible to provide effective physical security of a mobile device while using available technology and training practices. It discusses current mobile security technologies, and their limitations, and presents potential new future to solve the problems. Finally, it proposes a solution that utilizes many different aspects of security measures to provide the best protection. Given the proliferation of valuable and often regulated information, organizations strive to carefully conceal it behind the best security technologies available. However, data remains only as secure as the encryption keys and certificates that safeguard it. And here lies the problem enterprise key and certificate management EKCM is extremely complex. With hundreds of different companies providing these services, and even variable technologies used internally within organisations, EKCM is considered by those working in the IT space as a black art. This article takes a closer look at what is needed to master this discipline.Covering information security metrics, this book provides practical advice on how to specify, develop, use, and maintain a more meaningful and useful system of metrics. It explains how to use metrics to identify problem areas and drive security improvements. With a focus on measurement, W. Krag Brotby and Gary Hinson discuss metrics that support an information security management system that complies with ISO IEC 27001. The authors introduce capability maturity metrics that you can use to measure and drive continuous improvement in information security. They also introduce the PRAGMATIC mnemonic to help practitioners like you choose better metrics.This article explains why you need to understand what applications are needed by what users and provide access without slowing down business productivity and without opening security gaps for data leakage or malware. It also provide six next-gen firewall policy tips to secure the perimeter in the application age.It is the time of year again when IT security experts predict what the next year will bring. Here are some predictions and trends that Infosecurity Europe exhibitors expect to see in 2013.Almost daily the media report of confidential information being disposed of in park bins, laptops being found in taxis, and passwords being published on the Internet. While this is undoubtedly concerning, the findings from a global security study on data leakage have revealed that the data loss resulting from employee behaviour poses a much more extensive threat than many IT professionals believe. Here are some steps you can take to tackle data leakage.It is hard enough these days to get a job. Getting promoted once you are there is even harder. This articles highlights four areas that will help you get ahead.The study of cryptography is motivated by and driven forward by security requirements. Zhenfu Cao presents the fundamental definitions, precise assumptions, and rigorous security proofs of cryptographic primitives and related protocols. He also describes how they originated from security requirements and how they are applied. The book provides vivid demonstrations of how modern cryptographic techniques can be used to solve security problems. The applications cover wired and wireless communication networks, satellite communication networks, multicast broadcast and TV networks, and newly emerging networks. It also describes some open problems that challenge the new directions of modern cryptography.Doomsayers have been predicting that the world will end, with the latest date just a few days on December 21. If they are right, then we will shot even exist in 2013, so perhaps this article could be a little premature. However, if the date passes without incident, here is what your organization needs to know to avoid its own Armageddon during the next twelve months.This article from PhishMe looks at how to spot and protect against spear phishing attacks. After explaining what spear phishing is, it provides tips about what sort of things in emails should raise a red flag, both in terms of the sender and the content, and recommendations for the procedures that companies and employees should follow.This artcile by Joanne Rogers of CS Risk Management looks at how the proposed Data Protection Regulation has ruffled feathers. Focusing on the implications for businesses and what an increase in potential fines will mean. An updated law that takes the increasing challenges of data security into account is long overdue, but will the potential benefits of the new regulation outweigh the perceived burdens.This is an excerpt from Digital Forensics Explained by Greg Gogolin.This is an excerpt from The Definitive Guide to Complying with the HIPAA HITECH Privacy and Security Rules by John J. Trinckes, Jr.Young employees take more risks with software. This does not have to be a problem. From the point of view of traditional, centralized IT, BYOD and consumer software are inherently difficult to assimilate. Admins are instinctively wary and with good reason. In conventional IT, the users are the source of most problems, starting with the misuse of software. But here is an intriguing thought far from being negative and risky, perhaps the way Generation Y adopts new applications could have long-term benefits if a way can be found to accommodate the behaviour.Social media can be a powerful business tool, but hackers are finding increasingly sophisticated ways to exploit our online relationships. This article by Joanne Rogers of CS Risk Management examines the many potential benefits and risks, and discusses what should be the key considerations for your enterprise when utilizing social media.This book discusses how built-in and third-party networking tools can be used to diagnose network problems and performance issues as well as enhance the security of computer systems. The author covers a variety of networking tools and demonstrates how they can be used to determine ahead of time whether or not existing Internet connectivity can support such activities as voice and video over IP, while coverage of other tools shows readers how to prevent keyboard hacking and negate the operation of unwanted advertisement trackers through checking for and eliminating different types of attack software.From applying security policies to DLP and effective user authentication, there are many infosecurity lessons to be learned from the classic space opera. Terry Greer-King, Check Point UK managing director, shows how companies can avoid the mistakes of the Empire.Making IT Lean presents Lean concepts and techniques for improving processes and eliminating waste in IT operations and IT Service Management. The authors provide a context for discussing several areas of application within this domain, allowing you to quickly gain insight into IT processes and Lean principles. The text reviews IT Service Management, with reference to the IT Infrastructure Library ITIL as a framework for best practices. Filled with straight forward examples, it provides enough modeling tools so you can start your Lean journey right away.The debate about privacy compliance has always been a heated one. Add to the mix new European Commission legislation and you have a recipe for not only a lively debate but also a controversy about the interference in privacy of a European bureaucracy. This article concentrates on examining the stances that have been taken, their validity and, more importantly, what an enterprise needs to do as it turns from merely talking shop to setting and implementing concrete policies on privacy.Our current grid system is quickly becoming obsolete. One solution to this problem is smart grid. Smart grids will be able to efficiently handle our increasing energy demands and reduce the environmental impact by incorporating renewable resources. This chapter discusses what smart grids are and the technology they use, and provides case studies of early implementations.The technical problems associated with using Windows pre-Vista as a standard user, i.e., without administrative privileges, has left an expectation that users should have full control over their PCs, including the ability to install unauthorised software and change key operating system components. User Account Control UAC in Vista and Windows 7 had made it more practical to run with a standard user account and led many organizations to look seriously at removing administrative rights from end users. Yet if not planned thoroughly, this can not only bring unexpected technical problems, but a mutiny in the ranks.Recent high-profile security breaches have cost millions in revenue and lost opportunities. These fears, along with new security standards and regulations, have driven IT professionals to deploy encryption more broadly. Organizations are struggling to properly manage and control these rapidly multiplying certificates and keys to prevent security breaches, system downtime and other disasters. It is a Catch 22 situation, but it does not have to be.This book introduces new cross-layer design approaches for wireless sensor networks using identity-based cryptography. It starts with a review of the existing layered approach and then examines new attack vectors that exploit the layered approach to security. After providing the necessary background, the authors present a cross layer design approach to address authentication, integrity, and encryption. They also examine new ID based key management mechanisms using a cross layer design perspective as well as secure routing and new intrusion detection techniques.As IT moves farther from the relatively safe and secure confines of data center glasshouses and internal physical networks with interfaces for Wi-Fi mobile and Internet computing, security has become even more important than it was in the past. As networked storage enables storage and information resources to be accessed over longer distances and outside the safe confines of the data center, more security threats exist and more protection is needed.LANs are configured to have switches that maintain a table called the Content Addressable Memory CAM , which is used to map individual MAC Media Access Control addresses on the network to the physical ports on the switch. The switch CAM table poisoning attack is the malicious act of corrupting the entries in the switch CAM table so that the network traffic will be redirected away from the intended hosts. This malicious activity may create a DoS situation, as the switch becomes unable to forward packets to their real and legitimate destinations.Networkless connectivity combined with strong two-factor authentication allows straightforward user access, without constraints, to deliver a completely dynamic set up at the time of connection. So, whether you are merging, re-merging, de-merging or just looking to introduce a more flexible working practice, securely, make sure its future proof and cost-effective. This article discusses implementing and managing secure access in a period of rapid change.This article explains the difference between proactive and reactive digital forensics and how they can help you and your organization to fight against malware and malicious activity.This book provides comprehensive coverage of enterprise mobility. It emphasizes the value and impact of enterprise mobility, discusses the technology that backs this business change, and explains how enterprise mobility will be used in different industries. Focusing on mobility concepts, Section 1 addresses the needs of business managers and decision makers in an enterprise. Section 2 presents mobile solutions and case studies in different industries. Section 3 covers mobile application development. Section 4 provides details on the key technology considerations in mobility.The more technology makes our working lives easier, the more it seems technology complicates our lives by making it easier for insiders with malicious intent and outsiders bent on stealing our secrets to steal our data. Whether you have done it recently or sometime in the past, you will have locked down and secured your corporate data and make sure that your organization cannot be breached. Here are ten tips to prevent a data catastrophe.Providing the tools to create, propose, execute, and evaluate team development plans, this book offers insights and access to critical resources that enable readers to transfer a vision and mission statement, goals, and deliverables into concrete, actionable plans for the teams they lead. Complete with case studies and practical tips, the text first explains how team development affects productivity before identifying the strengths and weaknesses in each stage of team development. The author then outlines her method for creating a team development plan and addresses the challenge of gaining commitment.Every organization faces one challenge to their IT security position - the user. It doesn't matter how much security training and advice a person is given - if they want to, and can, do something then they will. Unfortunately, a user with admin rights - wittingly or unwittingly - is like a loose cannon. You just don't know when or where he's going to strike, and the results can be devastating. And once a problem occurs, it all too often turns into a downward spiral that can bring down your reputation and your business. This article outlines 10 logical reasons why every organization should develop a policy of least privilege.




AddThis Social Bookmark Widget



Les derniers articles du site "Information Security Today Essential Information for Managing the Security of a Modern Evolving En" :

- Healthcare Informatics Improving Efficiency through Technology, Analytics, and Management
- Analyzing and Securing Social Networks
- The Innovation Factory
- Cloaking Is the New Perimeter
- Balancing the Risk and Opportunity of Deep Customer Data Analytics
- Multilevel Modeling of Secure Systems in QoP-ML
- A Guide to the National Initiative for Cybersecurity Education NICE Cybersecurity Workforce Framework 2.0
- Security without Obscurity A Guide to PKI Operations
- The Hotel Industry Has a PoS Malware Problem
- What You Need to Know about the EU General Data Protection Regulation




S'abonner au fil RSS global de la revue de presse

Menu > Articles de la revue de presse : - l'ensemble [tous | francophone] - par mots clé [tous] - par site [tous] - le tagwall [voir] - Top bi-hebdo de la revue de presse [Voir]



Si vous voulez bloquer ce service sur vos fils RSS :
- avec iptables "iptables -A INPUT -s 88.190.17.190 --dport 80 -j DROP"
- avec ipfw et wipfw "ipfw add deny from 88.190.17.190 to any 80"
- Nous contacter par mail




SecuToolBox :

Mini-Tagwall des articles publiés sur SecuObs :

Mini-Tagwall de l'annuaire video :

Mini-Tagwall des articles de la revue de presse :

Mini-Tagwall des Tweets de la revue Twitter :