China: Internet Freedom Is Culturally Relative

By Richard Stiennon, Chief Research Analyst, IT-Harvest

We have had a few weeks to absorb the implications of wide spread Chinese supported attacks against Google and thirty or so other organizations. The US Secretary of State made one of the most affirmative statements on Internet freedom yet articulated by a government. Various policy analysts have chimed in as well. Some thoughts on what they have said…

China is Engaging in Cyber Espionage

By Richard Stiennon, Chief Research Analyst, IT-Harvest

China is engaging in systematic industrial and military espionage via the Internet. Do not be surprised as more and more organizations announce that they too have been targets. For that matter, do you know if your own organization has been the victim of Chinese cyber spying?

Google Engages China with Cyber Vigilantism

By Richard Stiennon, Chief Research Analyst, IT-Harvest

Google has long maintained that by providing their search, hosted blogging, and email services to the people of China they were supporting access to information and community that would be a long term benefit. Last week we learned that engineers at Google have been engaging in their own form of cyber vigilantism by hacking into a command and control server in Taiwan…

Scam Alert: Rogue Gmail Account Phishing

Anthony M. Freed, Editor and Publisher of Information Security Resources

One of the penalties of having a well published email address is that I receive dozens of phishing emails, scam letters, and other nefarious material en masse daily. Most of these are the typical inheritance, lottery, and sweepstakes scams - but then there are the ones that at first glance may seem legitimate. Take for instance the following email I received over the holiday weekend.

Tools for Detecting Spoofed Email Headers

By Bozidar Spirovski, CISSP, MCSA, MCP

In the age where a huge percentage of all attacks are done through e-mail, very few of us know how to analyze where this e-mail was sent from. This analysis must go beyond the sender e-mail displayed in your e-mail client (which are easily spoofed). Here is a simple tutorial on analyzing Internet headers.

• Categories

  • Anthony M. Freed (26)
  • Bill Brenner (2)
  • Bob Violino (1)
  • Bozidar Spirovski (23)
  • Breach (540)
  • Britt Womelsdorf (5)
  • By Dr. InfoSec (2)
  • Cara Garretson (7)
  • CCCNews (1)
  • Chorey Taylor & Feil (8)
  • Christophe Veltsos (2)
  • Christopher Burgess (7)
  • CIOZone (26)
  • Class Action Lawsuit (111)
  • Cloud computing (109)
  • Coby Royer (5)
  • CTO Forum (9)
  • D&O Liability (597)
  • Daniel Wallace (5)
  • Danny Lieberman (11)
  • DataLine (10)
  • David Alexander (2)
  • Derek Crawford (1)
  • Doug Pollack (7)
  • due diligence (306)
  • Fame Foundry (1)
  • FEATURE ARTICLE (428)
  • Financial (583)
  • Fred Leland (7)
  • Gene Kim (3)
  • Government (369)
  • Greg George (5)
  • H1N1 (15)
  • hackers (535)
  • healthcare (130)
  • Heather Bourgoin (1)
  • HomeATM (8)
  • identity-theft (531)
  • IDExperts (17)
  • Ike Z. Devji (1)
  • Infosec Island Network (34)
  • Insider Threat (486)
  • Internet Crime Complaint Center (1)
  • Internet Security Alliance (67)
  • ISR News (321)
  • Jacqueline Herships (2)
  • Jenni Hesterman (3)
  • John M. Salomon (2)
  • John Watkins (7)
  • John-Patrick Skaar (2)
  • Kaliber Data Security and Compliance Consultants (3)
  • Kat Sanders (2)
  • Ken Leeser (3)
  • Kevin L. Jackson (10)
  • Kevin M. Nixon (21)
  • Larry Ketchersid (1)
  • Laton McCartney (7)
  • Lauren Taylor (1)
  • Linda McGlasson (1)
  • malware (497)
  • Mark Smail (1)
  • Mark Wright (1)
  • Mel Duvall (3)
  • Michael Eggebrecht (3)
  • Michael Lohr (1)
  • Michael O'Conner (4)
  • MicroSolved (1)
  • Mike Duncan (3)
  • Mike Meikle (4)
  • Mike Spinney (1)
  • Military (207)
  • national security (449)
  • PCI (304)
  • PCI Security Standards Council (32)
  • Physical Security (11)
  • privacy (548)
  • Rachel James (10)
  • reach (7)
  • Rebecca Herold (16)
  • Richard Stiennon (44)
  • Robert Siciliano (34)
  • Sarbanes-Oxley (498)
  • ScamStop (2)
  • Sean Wilkins (2)
  • Semyon Dukach (1)
  • Simon Heron (14)
  • Software Associates (11)
  • Steven Fox (19)
  • SUPERAntiSpyware (3)
  • Sybase (6)
  • Symplified (5)
  • The Jester (8)
  • The Privacy Professor (16)
  • Thomas R. Fox (8)
  • Tom Groenfeldt (2)
  • Tom McLain (2)
  • Trefis (14)
  • Tripwire (18)
  • Uncategorized (621)
  • virtualization (97)
  • Webcast (49)

• ISR Headline Index

  • When Social Networking Clashes with Security
  • Spam Block: Public Servants or Vigilantes?
  • Sticky Situations in Social Media
  • Quick Tips for Using Secure Shell
  • Consolidate Compliance With Open Source
  • DoS Attack Reveals Widespread Vulnerabilities
  • Study Shows Employees Put Data at Risk
  • Tracking Google’s Script Kiddie Hackers
  • Newbie Introduction to Digital Forensics Part 2
  • Simple Log Review Checklist Released
  • Press F1 for Help? Microsoft Zero Day Threat!
  • A Newbie’s Introduction to Digital Forensics
  • Security Best Practice: Trust But Verify…
  • Google, Adobe, and Big Oil Under Attack!
  • Building your OWN Malware Lab (Part 2)

• Recent Comments

  • Ryan Aslett on Data Loss Prevention Has Jumped the Shark
  • Tom on (Lack Of) Encryption and The HITECH Act
  • ADMIN on Patriot Hacker Hits Jihad With DDoS Attacks
  • Robert Siciliano on Data Loss Prevention Has Jumped the Shark
  • Karen J. Cox on Data Loss Prevention Has Jumped the Shark
  • Scot McLeod on Outsourcing Breach Response Lowers Costs
  • John Marke on Gartner Tells CIOs to Embrace Social Media
  • Social Engineering and Enterprise Security | CIO – Blogs and … | Enterprise Engineering Addict on Gartner Tells CIOs to Embrace Social Media
  • From Russia, With Smartphones on Top 8 Social Media Security Threats
  • Judith Hoffman on Scam Alert: Rogue Gmail Account Phishing
• 
  

  Information Security Resources

  Top network security blogs