Latest Blog Posts
Are you running a WordPress Blog? Update it today
August 12, 2009 Added by:Infosec Island Admin
Another security release for Wordpress was released yesterday (version 2.8.4) which patches a rather annoying security flaw discovered with all prior versions. By sending a specially crafted URL as an unauthenticated user to your WP blog, and attacker can essential reset your admin password and lock you out of your blog.
Comments (0)
Adobe Releases Critical Patches for Flash Player
July 31, 2009 Added by:Infosec Island Admin
Today, Adobe released version 10.0.32.18 of their Flash Player software. This new version fixes multiple critical vulnerabilities, many of this Adobe has not been forthcoming about.
Comments (4)
Extremely Sensitive US Secrets Found on P2P Networks
July 29, 2009 Added by:Infosec Island Admin
According to an article released by the Washington Post today, private firm, Tiversa, Inc, discovered extremely sensitive information on global P2P Networks.
Comments (0)
Not So Smart Grid?
July 14, 2009 Added by:Infosec Island Admin
According to a security researcher, the so-called Smart Grid technology being rolled out accross the country as part of the stimulus bill, may be vulnerable to numerous attacks. According to the researcher, many of the commands that allow the power company to interact with the smart-meters at the user's house (for example) do not require authentication, have no encryption and are ripe fo...
Comments (3)
PCI Auditor Being Sued for Certifiying CardSystems as Compliant
July 13, 2009 Added by:Infosec Island Admin
Savvis is being dragged into court to defend their PCI DDS certification of CardSystems in 2004, which was subsequently responsible for losing a quarter of a million credit card numbers. This is the first of potentially many legal actions against PCI auditors that certified organizations as compliant, when they were subsequently breached and responsible for the loss of consumer cred...
Comments (2)
Google to Build Malware Resistant OS
July 09, 2009 Added by:Infosec Island Admin
According to Google's official Blog, Google plans to extend their Google Chrome browser (considered by most security professionals to be the most insecure browser out there) into a lightweight operating system designed to primarily interact with web-enabled technologies.
Comments (2)
Federal Web sites knocked out by cyber attack
July 08, 2009 Added by:Infosec Island Admin
According to an article by the Assoiated Press, and subsequently the Washington Post, several Government agencies in the US and South Korea were under attack by roughly 60,000 infected PCs across the globe.
Comments (0)
Predictable Social Security Numbers
July 07, 2009 Added by:Infosec Island Admin
According to a story published by the Washington Post today, researchers at Carnegie Mellon University have found that your social security number could be determined just by knowing when and in what zip code you were born in.
Comments (0)
Heartland Regains PCI Compliant Status
May 03, 2009 Added by:Anthony M. Freed
Heartland’s removal from the list of compliant payment processors had followed revelations that the company had suffered what may have been the largest data breach of payment card information to date, although details of the incident have not been made available due to ongoing investigations...
Comments (5)
Payment Card Industry Swallows Its Own Tail
April 01, 2009 Added by:Anthony M. Freed
The greatest threat to the survival of PCI DSS (Payment Card Industry Data Security Standard) may not be the ever-evolving tactics of the criminal hackers, but instead the dysfunctional nature of the relationships between the very parties the standards are meant to serve...
Comments (2)
Visa Puts Heartland on Probation Over Breach
March 13, 2009 Added by:Anthony M. Freed
HPS is now in a probationary period, during which it is subject to a number of risk conditions including more stringent security assessments, monitoring and reporting. Subject to these conditions, Heartland will continue to serve as a processor in the Visa system...
Comments (1)
Marine One Breach Has Winners and Losers
March 01, 2009 Added by:Anthony M. Freed
Billions of dollars are spent on security every year, and it can be trumped by one lapse in judgment. That is a tremendous amount of resources committed to security just to have it undermined by the whim of one individual, and it underscores the precariousness of secure systems...
Comments (2)
Heartland CEO Now Under SEC Investigation
February 26, 2009 Added by:Anthony M. Freed
The investigation may relate to stock trades made by Heartland CEO Robert Carr after Visa notified Heartland of suspicious activity on Oct. 28, 2008. According to insider trade filings, Carr sold just under US$8 million worth of stock between Oct. 29 and the day the breach was disclosed...
Comments (2)
Heartland Update: Reps Respond to Questions
February 01, 2009 Added by:Anthony M. Freed
Heartland first learned of a potential problem from the card associations on October 28th of last year, well after the announcement of this 10b5-1 plan. Heartland categorically denies that Mr. Carr was aware of a potential security breach at the time he adopted his trading plan...
Comments (2)
Heartland Breach Bad As Tylenol Poisonings?
January 25, 2009 Added by:Anthony M. Freed
The company issued statements Friday (1/23) in an effort at damage control in which the CEO compares the potential industry-wide impact of the breach to none other than that of the Tylenol poisonings of some twenty-five years ago that nearly brought down the drug maker...
Comments (7)
U.S.Banks Vulnerable to Sabotage
December 19, 2008 Added by:Anthony M. Freed
Democratic U.S. Rep. James Langevin of Rhode Island, who chairs the homeland security subcommittee on cybersecurity, said: “We’re way behind where we need to be now.” Dire consequences of a successful attack could include failure of banking or national electrical systems, he said...