Archive for the ‘Infrastructure Security’ Category

Newer Entries »

Critical Infrastructure Act

October 4, 2010

The Bill, which aims to close cyber infrastructure culnerabilities, was introduced yesterday.

The Bill would allow the Administration to create a more robust set of regulations for the information systems that control our critical infrastructure. It expands the authority of the Department of Homeland Security to create, verify and enforce measures to protect these critical information systems.

This bill would also require DHS to work with industry, the Defense and Commerce Departments, and the National Institute of Standards and Technology, as well as sector specific regulatory agencies, in creating these measures.

Waiting for the Bill text to be made public to find out how is it different from the Homeland Security Act of 2002: Critical Infrastructure Information Act

Posted in Consumer Information Protection, Cybersecurity, Infrastructure Security, Senate or House Bill | Leave a Comment »

The Top Cyber Security Risks Report

September 26, 2010

HP recently published second edition of the annual Top Cyber Security Risks report containing in-depth analysis and attack data from TippingPoint DVLabs, vulnerability data from Qualys and additional analysis provided by the Internet Storm Center and SANS.

The report focuses on four key areas:
• Increased Consumerization of Enterprise Computing
• Prolonged and Persistent Targeting of Web Applications
• Increased Organization and Sophistication of Attackers
• The Unrelenting Presence of Legacy Threats

Posted in Anti Virus, Application Security, Information Security, Infrastructure Security, Metrics, Report / Paper, Threat Management, Vulnerability Analysis | Leave a Comment »

US urges NATO to build ‘cyber shield’

September 18, 2010

A new dimension of collective defence

Lynn said the Pentagon strategy has identified “five pillars” to cyber security: recognising cyberspace as the next domain of warfare; the need for active defences; the protection of critical infrastructure; enhancing collective defence; and the need to “marshall our technological prowess.”

Posted in Cybersecurity, Infrastructure Security | Leave a Comment »

Preventing pervasive string injection-type attacks

June 16, 2010
Kaminsky, the famous security researcher, launched a startup – introducing Interpolique as the first product
Interpolique — which was released for security experts and IT to poke around at and analyze, but not to use operationally — is basically a framework that lets developers continue to write code the way they always have, but with a tool that helps prevent them from inadvertently leaving string injection flaws in their code. It requires developers to use different prefixes that describe variables of the strings, without requiring any major changes to their coding style, he says. And the resulting code is automatically formatted in such a way that can’t be easily abused by the bad guys.

Posted in Application Security, Infrastructure Security, Secure Coding | Leave a Comment »

Quantum Cryptography System Hacked

May 18, 2010

Should we be worried?

When it comes to secure messaging, nothing beats quantum cryptography, a method that offers perfect security. Messages sent in this way can never be cracked by an eavesdropper, no matter how powerful.

At least, that’s the theory. Today, Feihu Xu, Bing Qi and Hoi-Kwong Lo at the University of Toronto in Canada say they have broken a commercial quantum cryptography system made by the Geneva-based quantum technology startup ID Quantique, the first successful attack of its kind on a commercially-available system.

Posted in Application Security, Communication, Cryptography, Information Security, Infrastructure Security | Leave a Comment »

Newer Entries »
Follow

Get every new post delivered to your Inbox.

Join 994 other followers