SANS ISC

• SANS Site Network
  • Current Site
  • Internet Storm Center
  • Other SANS Sites Help
  • Graduate Degree Programs
  • Security Training
  • Security Certification
  • Security Awareness Training
  • Penetration Testing
  • Industrial Control Systems
  • Cyber Defense Foundations
  • IT Audit
  • Computer Forensics
  • Software Security
  • Government OnSite Training

Information Security News

1 day ago Powercat

Powercat started as a proof-of-concept tool that I initially developed.

1 day ago D-Link removes fingers from ears, preps mass router patch

Amnesia strikes as hacker discloses remote code exec flaws

Domestic router Daddy D-Link is patching dangerous remote access flaws in several models of its networking gear.

11 hours ago Now Corporate Drones are Spying on Cell Phones

The marketing firm Adnear is using drones to track cell phone users:

The capture does not involve conversations or personally identifiable information, according to director of marketing and research Smriti Kataria. It uses signal strength, cell tower triangulation, and other indicators to determine where the device is, and that information is then used to map the user's travel patterns.

"Let's say someone is walking near a coffee shop," Kataria said by way of example.

The coffee shop may want to offer in-app ads or discount coupons to people who often walk by but don't enter, as well as to frequent patrons when they are elsewhere. Adnear's client would be the coffee shop or other retailers who want to entice passersby.

[...]

The system identifies a given user through the device ID, and the location info is used to flesh out the user's physical traffic pattern in his profile. Although anonymous, the user is "identified" as a code. The company says that no name, phone number, router ID, or other personally identifiable information is captured, and there is no photography or video.

Does anyone except this company believe that device ID is not personally identifiable information?

10 hours ago Wireless Charging: A Surprising New Way To Track You

One of the key vendors of wireless charging in public spaces is positioning itself as an intelligence gathering tool for Starbucks, airports and others. The price for watts will be your data.

8 hours ago How Secure Are You?

The NIST Cybersecurity Framework can help you understand your risks.

8 hours ago DNS enhancement catches malware sites by understanding sneaky domain names

OpenDNS develops filter that can recognize exploit pages before they're served up.

7 hours ago Hillary Clinton's little email fuss: Beyond 'servers in the basement'

Did she do anything wrong? Were federal record-keeping laws broken? Was security compromised? Email expert and presidential scholar David Gewirtz deconstructs Hillary Clinton's emailgate.

5 hours ago FREAK flags are waving across the digital landscape

FREAK flags are waving across the digital landscape, now that another SSL bug has appeared. Jack Wallen offers up his take on the latest flaw and how you can test your servers against the vulnerability.

5 hours ago Online Trust Alliance pens letter to Congress over federal data breach notification law

The Online Trust Alliance (OTA) wrote a letter to Congress earlier this week in response to the recently proposed Personal Data Notification & Protection Act.

3 hours ago Clinton's Email Brouhaha and Politics

Coverage Focus Segues from Secrecy to SecurityWord that Hillary Clinton maintained a personal email server while secretary of state has elevated cybersecurity and privacy as political issues. But it's just the latest example of such issues grabbing the attention of U.S. voters.

3 hours ago "Developer Security Awareness: How To Measure"

In the previous post (What Topics To Cover), we laid the foundation for your developer security awareness-training program. Now let's talk about the metrics we can collect to help improve our program.It's all about the metricsAs we previously mentioned, establishing a common baseline for the entire development team would be helpful. A comprehensive application security assessment should be performed before awareness training begins. For example, the SANS Software Security team has a free web based security assessment knowledge check: http://software-security.sans.org/courses/assessment. A knowledge check such as this allows you to create a baseline, establish core strengths and weaknesses, and steer the types ...

1 day ago Why Clinton's Private Email Server Was Such a Security Fail

Hillary Clinton's homebrew email solution potentially left the communications of the top US foreign affairs official vulnerable to state-sponsored hackers.

The post Why Clinton's Private Email Server Was Such a Security Fail appeared first on WIRED.

11 hours ago Network Capture During Windows Boot using netsh

17 minutes ago Mandarin Oriental Hotels Hit in Credit Card Breach

Mandarin Oriental Hotel Group has confirmed the credit card systems at a number of its hotels in the United States and Europe have been accessed by hackers.

54 minutes ago Clinton's use of private email spawns security, transparency debate

Hillary Clinton used a private email account during her tenure as secretary of state.

54 minutes ago Android 'Gazon' worm proliferates through texts, infects more than 4k phones

The worm has gained traction through spam text messages that promise users an Amazon giftcard.

54 minutes ago Ramirez: FTC focus on data security, fraud, cross device tracking

FTC Chairwoman Edith Ramirez says the agency will continue to ramp up its expertise to protect consumer privacy.

54 minutes ago How to Set Up PHP, HTML & MySql Development on Mac OS X

The following are instructions for setting up a development environment on a Mac that can be used for HTML, PHP and MySQL.

54 minutes ago The weak link in Apple Pay's strong chain is bank verification. Who's to blame?

Fraud on Apple Pay is identity-theft based, so banks and Apple Pay must work together.

1 hour ago Anthem Refuses To Let Inspector General Conduct Full Security Audit

Security industry has mixed reactions.

1 hour ago Hillary Clinton email trove under review for release

WASHINGTON (AP) - The government will review a huge cache of Hillary Rodham Clinton's emails for possible release after revelations she conducted official business as secretary of state in the shadows of a private account. The disclosure has raised questions in the buildup to her expected presidential run about whether she adhered to the letter or spirit of accountability laws.

2 hours ago Alternate Data Stream Persistence using Powershell

2 hours ago Why You Should Not Use The New Smartphone Fingerprint Readers

New smartphone fingerprint authentication technology promises improvements over Apple's TouchID, but it still presents *serious* risks. Here is what you need to know.

2 hours ago javax.net.ssl.SSLPeerUnverifiedException when proxying SoapUI through Burp

2 hours ago Canadian bloke refuses to hand over phone password, gets cuffed

What the Canuck?

A 38-year-old Canadian citizen has been arrested for refusing to hand over his smartphone's password to border agents.

3 hours ago New Model Uses 'Malicious Language Of The Internet' To Find Threats Fast

OpenDNS's new NLPRank tool may identify malicious domains before they are even put to nefarious use.

3 hours ago South Africa to investigate spy allegations

JOHANNESBURG (AP) - The South African government said Thursday that it is investigating allegations, posted on a website, that the head of the state watchdog agency and opposition figures spied for the U.S.

3 hours ago 'Building AI is like launching a rocket': Meet the man fighting to stop artificial intelligence destroying humanity

Skype's co-founder wants to keep humankind safe from the existential threats of artificial intelligence.

3 hours ago PoS Malware Family Targeting SMBs Operated Under the Radar

Point-of-sale (PoS) malware has become one of the chief weapons used by attackers to steal credit and debit card data, and now researchers at Trend Micro say they have found yet another threat to add to the list of tools in criminals' toolboxes.  

3 hours ago Canadian bloke refuses to hand over phone password, gets arrested

What the Canuck?

A 38-year-old Canadian citizen has been arrested for refusing to hand over his smartphone's password to border agents.

3 hours ago How To Put People At The Center Of Enterprise Security

By Paul Proctor and Tom Scholtz Gartner, Inc. Employees carry a range of mobile devices to work these days that they expect to connect to corporate email, sites and services. As an IT professional, you give them access, loaded with the latest security protocols. But how much of the real risk for [...]

4 hours ago Radware Introduces New DDoS Attack Mitigation Platform

Radware, a provider of application delivery DDoS attack protection solutions, this week unveiled its latest attack mitigation platform designed to help carriers and cloud providers protect against high volume DDoS attacks.

5 hours ago Emailgate: How media mistakes created Hillary Clinton's fake, fake identity

The media creates mythology. David Gewirtz looks at how the AP created a new, completely false Hillary Clinton myth about a fake identity, how it's sticking, and where it all went wrong.

5 hours ago Apple's rivals hope its Watch will boost their own wearable tech

By Harro Ten Wolde BARCELONA (Reuters) - Apple's rivals want to benefit from its magic, hoping that its long awaited new smartwatch will finally conjure demand for wearable technology that has so far generated more buzz about its potential than actual sales. Gizmos that users wear on their bodies have yet to live up to the hype as the next big thing in technology. "If Apple is successful, it'll create a rising tide that will lift the whole market," said Ben Wood, a top gadget reviewer at technology market research firm CCS Insight. His company predicts Apple will sell 20 million of its new smart watches this year, helping spur 150 percent growth in the wearable technology sector to 75 million gadgets, rising to 350 million by 2018.

5 hours ago Kony Visualizer puts mobile apps design control in hands of those closest to the business

Explore the latest in enterprise mobility explores advancements in applications design and deployment technologies across the full spectrum of edge devices and operating environments.

5 hours ago The Year of the Linux Smart Phone

The ?Year of the Linux desktop? has almost become a running joke in the Linux community. This idea refers to the year when Linux will claim the dominant market-share percentage from operating systems such as Windows and OSX. While I am not sure if Linux on the desktop will ever become dominant, one thing is for certain: Linux has already outpaced all of the other competitors in the mobile market.

6 hours ago How to Put People at the Center of Enterprise Security

By Paul Proctor and Tom Scholtz Gartner, Inc. Employees carry a range of mobile devices to work these days that they expect to connect to corporate email, sites and services. As an IT professional, you give them access, loaded with the latest security protocols. But how much of the real risk for [...]

7 hours ago Emailgate: How media mythology created Hillary Clinton's fake, fake identity

The media creates mythology. David Gewirtz looks at how the AP created a new, completely false Hillary Clinton myth about a fake identity, how it's sticking, and where it all went wrong.

7 hours ago Sales up at NSA SIM hack scandal biz Gemalto

Dutch biz points to 'challenges' experienced last year

Sales at the world's biggest SIM card maker, Gemalto, which was last month revealed to have been hacked by the NSA and GCHQ, rose by five per cent to €2.5bn (£1.8bn) in 2014.

8 hours ago Which Apps Should You Secure First? Wrong Question.

Instead, develop security instrumentation capability and stop wasting time on '4 terrible tactics' that focus on the trivial.

9 hours ago Experimental DNS catches malware sites by understanding sneaky domain names

OpenDNS develops filter that can recognize exploit pages before they're served up.

10 hours ago Bit9 CEO on Data Breach Defense

The CEO of Bit9 speaks from experience: His firm was hacked, sensitive data stolen and customers put at risk. And what's happened since represents his mission to fend off attackers, even as they refine their hacks.

10 hours ago OCC Expands on Third-Party Cyber-Risks

Director Offers Review of New Cyber-Resiliency GuidanceKevin Greenfield, director of bank IT for the Office of the Comptroller of the Currency, says FFIEC agencies are working to help financial institutions shore up cybersecurity, and a big focus for regulators is third-party risks.