Recent Posts
Information Security Short Takes
Return To Blog Listing
Information Security and ICT Strategy Analysis and Tutorials
Recent Posts Tagged With 'information security'
GenApple - First Glance at the First Information Brokerage
Internet has become a transfer medium for a lot of new business models, some of which have failed and others which are thriving. In this environment, there is new service called GenApple, which boasts to be the 'first information brokerage in the wor...
How To - Malicious Web SIte Analysis Environment
There are numerous sites and web-server side scripts which perform malicious attacks or simply unpleasant problems to their visitors.The latest one that gained prominence, is the although not really causing much harm is the "Want 2 C Something Hot?"....
Database Admin Hacking his Ex Firm - Is It All His Fault?
Data Breaches has just published information about a Former GEXA employee pleads guilty to computer intrusionAccording to the article, here is what happenedKim remotely accessed the GEXA Energy computer network and the GEXA Energy Management System (...
HTTPS Data Exposure - GET vs POST
Here is a quick chart showing the data exposure when considering GET vs POST and also HTTP vs HTTPS.URL arguments refer to arguments in the URL for GET or POST (e.g. foo.com?arg1=something).Body arguments refer to data communicated via POST paramater...
How to Trust Cloud Computing
Cloud Computing is becoming more and more the buzzword of every conference, meeting and article. Yet it is still in it's inception, and there are multitude of issues and problems. Cloud services are springing up like mushrooms after rain, and all the...
IT Risks vs. Information Risks
As an Information Security professional I think it is increasingly important to understand the difference between IT Risk and Information Risks. You should also understand the advantages in enabling business strategies by ensuring that you brand eac...
Information Security and Strategy Carnival - issue #5
For the fifth issue of the Information Security and Strategy Carnival, I am pleased to present the following texts:Dan Cornell over at Denim Group posts a great article on 13 Things a Web Application Attacker Won't Tell You as well as 5 More Things...
OWASP Publishes Top 10 Web App Security Risks for 2010
Last night the OWASP project published the 2010 issue of their Top 10 Web Application Security Risks. The list is still in Release Candidate status, so it may change. The difference from the previous lists according to the statement by OWASPA signifi...
Analysis of Windows Security Logs with MS Log Parser
When investigating an intrusion in a Windows system, one of the first places to start is the Windows security log. Security event log is also very useful for analysis when searching for anomalies and possible intrusions.Reading through a Windows secu...
Role of Information Security Manager
As the Information Security Manager you will take responsibility for developing, maintaining monitoring compliance of all information security policy and procedures.The successful Information Security Manager will performsecurity risk analysis and ri...
Reminder Tutorial - Enable Auditing on Windows 7
Auditing is a one of the major tools used in detecting system intrusions or malicious activity on systems and network. And yet, even in the 'secure by design' incarnation - Windows 7, the Microsoft Client OS log event entries in the security log out...
200 Posts on Shortinfosec
We are celebrating the 200 posts on ShortinfosecHere are some statistics:Active for 1 year and 9 monts - Shortinfosec started on 15 February 2008200 original posts written60,151 visits since it's active3 changes of design http://web.archive.org/web/2...
Digital Forensics Framework - A Perspective Forensics Tool
After Helix Forensic went commercial, the open source Computer Forensics is missing a tool that integrates required forensic techniques as well as Helix did.The toolA group which calls themselves ArxSys have developed a Python based Forensic Analysis...
Risk Assessment with Microsoft Threat Assessment & Modeling
Every organization has some form of Information Security Risk assessment. Some perform a formal risk assessment, others simply use their practical experience. Whatever method is chosen, it always help to use a tool which will assist the organization ...
Example Risk Assessment of Exchange 2007 with MS TAM
In our previous post, we discussed the process of risk assessment assisted with Microsoft Threat Analysis and Modeling. While that post was purely theoretical, we are following up with a sample risk assessment of an IT service - Exchange 2007 infrast...
Nessus vs Retina - Vulnerability Scanning Tools Evaluation
We have mentioned our favorite vulnerability scanning tools in this blog. But a lot of time has passed since, so it is time to put these tools against each other and evaluate the quality of the results received when scanning the same target.UPDATE: A...
New Version of Microsoft Baseline Security Analyzer
Our Microsoft Baseline Security Analyzer scanner has just reported that a new version (2.1.1) is available. It can be downloaded from the following URLhttp://www.microsoft.com/downloads/details.aspx?FamilyID=b1e76bbe-71df-41e8-8b52-c871d012ba78&d...
Windows 7 Full Disk Encryption with Truecrypt
After the TrueCrypt Full Disk Encryption Review and the 5 rules to Protecting Information on your Laptop, we are following up with a practical test of full disk encryption of Windows 7.Shortinfosec is a great promoter of full disk encryption of lapto...
Tutorual - Free Auditing of Active Directory for Information Security
Active Directory within a large organization goes through a lot of changes throughout the day. There are a lot of possibilities for error, creation of accounts with high privileges or missing the disabling task on an employee leaving the company.Info...
Evaluation of Security Information Event Management Systems
Evaluating Security Information Event Management (SIEM) solutions come in a lot of different flavours. The industry is not yet mature, and the competitors are pushing their own solutions, based on their background and capabilities. In general, they w...
Evaluation of Security Information Event Management Systems
Evaluating Security Information Event Management (SIEM) solutions come in a lot of different flavours. The industry is not yet mature, and the competitors are pushing their own solutions, based on their background and capabilities. In general, they w...
Real Benefit of Security Information Event Management
Security Information Event Management is the echoing buzzword in most industries these days. Banking, Telecommunications, Power and Energy - anyone and everyone is under internal audit and regulator scrutiny to implement a Security Information Event ...
Real Benefit of Security Information Event Management
Security Information Event Management is the echoing buzzword in most industries these days. Banking, Telecommunications, Power and Energy - anyone and everyone is under internal audit and regulator scrutiny to implement a Security Information Event ...
5 biggest mistakes of information security
Does your information security implementation suffer from mistakes in approach? Everyone is focused on information security, and security is a constant addition into every corporate mission statement. And yet in nearly every security implementation t...
5 biggest mistakes of information security
Does your information security implementation suffer from mistakes in approach? Everyone is focused on information security, and security is a constant addition into every corporate mission statement. And yet in nearly every security implementation t...
5 Minute Security Assessment
A security assessment is a big deal. It takes a lot of time, requires a good chunk of budget since it is done by independent consultants and the outcome is at best 'OK, but could be better'.For all these reasons, as well as some egoistic ones which w...
5 Minute Security Assessment
A security assessment is a big deal. It takes a lot of time, requires a good chunk of budget since it is done by independent consultants and the outcome is at best 'OK, but could be better'.For all these reasons, as well as some egoistic ones which w...
3 Things no book about hacking will ever tell you
There are tons of books which 'teach' you on how to become a hacker. Some boast to make you a hacker in XX number of days, or brag about being authored by the greatest experts in the field, or some other commercial mumbo-jumbo.But is there any great ...
3 Things no book about hacking will ever tell you
There are tons of books which 'teach' you on how to become a hacker. Some boast to make you a hacker in XX number of days, or brag about being authored by the greatest experts in the field, or some other commercial mumbo-jumbo.But is there any great ...
Cloud Backup - A gamble on several levels
Online or cloud backup was one of the buzz words of cloud computing, and was actually leading the wave in terms of commercial implementation. Hewlett-Packard had it's Upline service, Yahoo had it's Briefcase, IBackup is going strong. But the market ...
