http://information-security-resources.com Part of the Infosec Island ™ Network Wed, 17 Mar 2010 23:54:46 +0000 http://backend.userland.com/rss092 en From Mark Smail It’s not uncommon for even tech-savvy road warriors who pack their own EV-DO modems to simply hop on the hotel’s network instead of using up their precious bandwidth allotment for the month. Unfortunately for the frequent flyers among us, recent industry research from TrustWave’s Spider Labs showed ... http://information-security-resources.com/2010/03/17/hackers-lurking-in-hotel-networks/ From Mourad Ben Lakhoua Core Security Technologies (CST) has discovered a critical vulnerability in windows virtual PC allows an attacker to bypass security measures and run a malicious code on the guest machine. The concerned platform for this vulnerability is Virtual PC 2007, Virtual PC 2007 SP1, Windows Virtual PC, Virtual Server ... http://information-security-resources.com/2010/03/17/7-month-vulnerability-in-windows-virtual-pc/ From Ted LeRoy A more accurate title for this article would have been how to increase security on a Cisco border router, but that's too long. This article assumes some familiarity with Cisco routers.  If you're not familiar with Cisco IOS command line interaction, consult reference [2] below, or Cisco documentation. Thoroughly securing ... http://information-security-resources.com/2010/03/17/how-to-secure-a-cisco-router/ From Comet Way back when, the first webserver was created, serving HTML documents. HTML was designed to show documents with hypertext links, and also to allow the documents to have semantic markup that would be displayed to the reader. HTML version 1 included a HEAD and BODY section.  The HEAD section contains information ... http://information-security-resources.com/2010/03/17/on-html-insecurities/ From Crystal Craven Information Security Gurus and Marketing Professionals are often at odds with each other in the business realm. Marketing used to primarily be a print and face to face business function. Thanks to the over-haul of standard marketing strategies, marketing has grown new roots on the web and has found ... http://information-security-resources.com/2010/03/16/when-social-networking-clashes-with-security/ From Wayde York No one likes SPAM (the email variety.) Every responsible user of the Internet and surely every responsible information security professional would agree that anti-spam efforts are needed and likely should be expanded. What happens, however, when the Internet-based anti-spam agents become a hindrance to business? While there over 70 ... http://information-security-resources.com/2010/03/16/spam-block-public-servants-or-vigilantes/ From Robert Siciliano The Internet has made our personal and professional lives very transparent. We now live in the fishbowl. Despite what many will argue, your privacy is no longer fully in your control. What you say, do and post can live forever. You are being judged in the process. And ... http://information-security-resources.com/2010/03/16/sticky-situations-in-social-media/ From Mourad Ben Lakhoua SSH is a perfect security alternative to Telnet and has been used by system administrators and IT managers to configure, implement servers and network devices. Here I wanted to list a manual on Secure Shell usage. First let’s start by choosing SSH client. We will find ... http://information-security-resources.com/2010/03/14/quick-tips-for-using-secure-shell/ From Ted LeRoy Many organizations have to comply with multiple regulatory requirements for their information security infrastructures. Fragmented efforts to comply Sarbanes-Oxley (sarbox or SOX), Gramm Leach Bliley Act (GLBA), Health Insurance Portability and Accountability Act (HIPAA),  Payment Card Industry - Data Security Standard (PCI-DSS), and ISO 27000 series, to name a ... http://information-security-resources.com/2010/03/14/consolidate-compliance-with-open-source/ By Anthony M. Freed, Director of Business Development, Infosec Island Network There is an UNEQUAL amount of good and bad in most things, the trick is to work out the ratio and act accordingly… The Jester Infosec Island has once again gained exclusive access to a video demonstration of the ... http://information-security-resources.com/2010/03/11/dos-attack-reveals-widespread-vulnerabilities/ From www.databreaches.net From the press release, results of the annual “Human Factor in Laptop Encryption” study by Absolute Software and the Ponemon Institute: This year’s expanded study was conducted in the United Kingdom, Canada, France, Germany and Sweden, in addition to the United States. The study found that 15% of German and 13% ... http://information-security-resources.com/2010/03/11/study-shows-employees-put-data-at-risk/ By Aeon Group If you choose believe the writings of Mandiant, you’re under the impression that Chinese hackers are hellbent on taking over every large corporation in the United States. If you choose to follow the writings of McAfee[2], you’re under the impression that “Chinese hackers only wanted Google’s secret ... http://information-security-resources.com/2010/03/09/tracking-google%e2%80%99s-script-kiddie-hackers/ By Juan Granados Up to this point in my career Digital Forensic Analysis consisted of a basic scan for documents from the exited employees hard drive. Given the extensive nature of my past investigations, I was convinced that I could easily impress the executives at my company by doing more. So, the research ... http://information-security-resources.com/2010/03/09/newbie-introduction-to-digital-forensics-part-2/ By Anton Chuvakin Today, many people are looking for very simple solutions to big and complex problems – and the area of logging and log management is no exception. Following that theme, we have created a "Critical Log Review Checklist for Security Incidents" which is released to the world today. In addition to ... http://information-security-resources.com/2010/03/09/simple-log-review-checklist-released/ From Daniel Kennedy Microsoft published security advisory 981169 yesterday in response to the zero day vulnerability reported a few days prior. The vulnerability is in the help system and can be triggered by luring an Internet Explorer user into pressing the F1 key. Windows 2000, Windows XP SP2 & SP3, and Windows 2003 ... http://information-security-resources.com/2010/03/08/press-f1-for-help-microsoft-zero-day-threat/