Brian Honan to Speak at COSAC 2007
Our Senior Consultant, Brian Honan, will be addressing the 14th COSAC International Computer Security Symposium in September of this year. Brian will present to the symposium the lessons learnt from his project to establish an independent, trusted and vendor neutral Computer Emergency Response Team to provide services to businesses, organisations and citizens in the Irish Republic. Brian will share […]
Security Concerns Over Travel Visa Website
The company hosting a website that processes visa applications from Indian citizens wishing to travel to the UK had a security hole for over a year allowing someone to view and modify the details of other applicants. The potential abuse of this flaw by criminals and terrrorists is frightening as it could have allowed them to […]
OWASP release the 2007 Top 10 Web Application Vulnerabilities
The excellent work by OWASP continues and they have recently launched the Top 10 web Application vulnerabilities for 2007. The list is a must read for anyone responsible for developing and/or maintaining a web application. It is also equally important for those that are testing applications before they are put into production. This list should […]
CERTs to the Rescue
Some details from TERENA on how various CERT teams throughout Europe are helping Estonia deal with the ongoing attacks against its Internet infrastructure as a result of civil unrest. It is a great example as to how the information security community can work together to tackle Internet crime. “A prolonged and large-scale denial of service attack […]
Details of TJX Hack Emerge – Wireless Networks the Weak Point
The Wall Street Journal has published a story outlining the details on how criminals managed to hack their way into the TJX network and gain access to over 45 million credit card numbers. It appears that in the summer of 2005, criminals using wireless laptops managed to crack into the wireless network of a Marshalls […]
April Issue of the Security Watch Newsletter is Now Available
The April 2007 edition of our sister publication, the Security Watch Newsletter, is now available online. For those of you who do not subscribe to our newsletter, you may find it a useful read as we highlight issues and stories that may not be applicable to our Blog.
Secure Hosting
If you decide to outsource the sourcing of your website or other services to a third party you need to remind yourself that no provider can guarantee you 100% security. Some providers will provide an SLA whereby they will pay penalty fees in the event that your site is compromised, however this is simply a […]
Information Security – The New Golden Goose?
While attending this year’s Infosec show I was suddenly struck with the thought that Information Security has become the new Golden Goose for the IT industry. The vast number of impressive exhibitor stands, professional presentations and the prevalence of suits as the preferred attire for the attendees demonstrated that information security is now a primary […]
Calculating the Cost of a Security Breach
One of the challenges facing many security professionals is justifying the cost of implementing security controls, procedures and supporting technologies. The Privacy Breach impact Calculator from InformationShield could be used to help you estimate the costs of a privacy breach, i.e. where personal data for clients could be exposed. While the tool is focused primarily […]
Internet Security Intelligence
Thanks to Arrigo Triulzi for making me aware of an excellent resource for intelligence on what is happening on the Internet. Arbor Networks host a daily updated snapshot of the top attacks, trends and activities on the Internet that the ATLAS probes deployed in their customer sites have detected in the previous 24 hours. The global activity map gives a […]