Skip to main content

Home/ Information Security/ Group items tagged controls

Rss Feed Group items tagged

Filter: All | Bookmarks | Topics Simple Middle
Skeptical Debunker

Microsoft Recruited Top Notch Guns for Waledac Takedown - CIO.com - Business Technology... - 0 views

www.cio.com/...otch_Guns_for_Waledac_Takedown

Microsoft VeriSign Waledac botnet counterattack

shared by Skeptical Debunker on 25 Feb 10 - Cached
  • Microsoft revealed on Wednesday that it gained a court order that compelled VeriSign, the .com registry, to remove 277 ".com" names from its rolls, effectively cutting off communication between the Waledac's controllers and their infected machines. The legal action is unprecedented at the domain name level, said Andre' M. DiMino, co-founder of The Shadowserver Foundation, a group that tracks botnets and helped take down Waledac. In June 2009, a federal court ordered the shutdown of 3FN, a rogue ISP supplying connectivity to botnets such as Pushdo and Mega-D, but this appears to be the first major action at the domain-name level. "It's definitely pretty groundbreaking," DiMino said. "To disable and disrupt a botnet at this level is really pulling the weed out by the root." But behind the scenes, Microsoft's legal action was just one component of a synchronized campaign to bring down Waledac. Last year, researchers with the University of Mannheim in Germany and Technical University Vienna in Austria published a research paper showing how it was possible to infiltrate and control the Waledec botnet. They had studied Waledac's complicated peer-to-peer communication mechanism. Microsoft -- which was annoyed by Waledec due to its spamming of Hotmail accounts -- contacted those researchers about two weeks ago to see if they could perform their attack for real, according one of the University of Mannheim researchers, who did not want to be identified. "They asked me if there was also a way besides taking down those domains of redirecting the command-and-control traffic," said the Mannheim researcher. Waledac distributes instructions through command-and-control servers that work with a peer-to-peer system. Led by a researcher who did his bachelor thesis on Waledac, the action began early this week. "This was more or less an aggressive form of what we did before," the Mannheim researcher said. "We disrupted the peer-to-peer layer to redirect traffic not to botmaster servers but to our servers." At the same time, Microsoft's legal efforts brought down domain names that were used to send new instructions to drones. The result has been dramatic: Up to 90 percent of the infected machines, which amount to at least 60,000 computers, are now controlled by researchers, half of which are in the U.S. and Europe and the rest scattered around the globe.
  • Skeptical Debunker on 25 Feb 10
     
    Four days ago, top-notch computer security researchers launched an assault on Waledac, a highly sophisticated botnet responsible for spreading spam and malicious software. As of Thursday, more than 60,000 PCs worldwide that have been infected with malicious code are now under the control of researchers, marking the effort one of the most highly successful coordinated against organized cybercrime.
Carlos Gomes

IT Controls: How and Where Do You Start? - 0 views

www.itsmwatch.com/...3505171

assurance controls itil msia quotes security

shared by Carlos Gomes on 13 Mar 07 - Cached
  • As Stephen Katz, former CISO of Citibank, once said, "Controls don't slow the business down; like brakes on a car, controls allow you to go faster."
anonymous

Identity and Access Management: Explained in Detail - 0 views

goo.gl/ZcF3Qn

information informaion security information technology tech technology IAM Access Management Identity Management

shared by anonymous on 05 Jan 17 - No Cached
  • anonymous on 05 Jan 17
     
    Identity and Access Management is an information security framework which focuses on the security of the digital identities in a workplace and enables an administrator to maintain control over the access to the company resources, both physical and digital
Kiran Kuppa

Want to Block Common Passwords? Sorry, That is Patented | Xato - Passwords & Security - 0 views

xato.net/...sswords-sorry-that-is-patented

password security authentication patent

shared by Kiran Kuppa on 29 Jul 13 - No Cached
  • Kiran Kuppa on 29 Jul 13
     
    What amazes me though is how many patents I encounter that have been granted for some of the most obvious, well-known and ordinary techniques we use in the authentication process. In fact, every imaginable aspect of password selection, authentication, storage, and recovery seems to be covered by one or more patents.As the title says, the process of checking for common or weak passwords is patented. In fact, it is covered by quite a few patents: 1.System for controlling access to a secure system by verifying acceptability 2.Specifying a set of forbidden passwords 3.Preventing trivial character combinations 4.Password strength checking method and apparatus… 5.Method and system for proactive password validation 6.Method, system, and storage medium for determining trivial keyboard sequences of proposed passwords 7.Apparatus and method for indicating password quality and variety
Devid Thomas

curso de seguridad en redes - 0 views

www.iicybersecurity.com

curso de seguridad en redes

shared by Devid Thomas on 25 Apr 15 - No Cached
  • Devid Thomas on 25 Apr 15
     
    Cuando usted está tratando de construir un sitio web seguro o una aplicación web, que ayuda a ver el problema a través de los ojos del adversario, para comprender las debilidades que pueden ser utilizados para atacar a un sitio web. A través de ejercicios prácticos de curso de seguridad en redes, este curso de vídeo 3 horas que le mostrará varias de las deficiencias más comunes y cómo pueden ser explotadas por un atacante - en este caso, usted. Después de aprender esto de international institute of cyber security, usted estará mejor preparado para proteger sus propios, sus clientes o sitios web de su empleador de este tipo de ataques. Durante el curso de seguridad en redes echamos un vistazo más de cerca a la Burp Suite Ubicación del sitio y la araña. Este módulo cubre luego pasar por los controles del lado del cliente, Cross-Site Scripting (XSS), y cómo utilizar XSS almacenado desfigurar un sitio web. En este punto, usted ha aprendido acerca de la explotación. En este módulo se discute cómo encontrar realmente estas vulnerabilidades, ofreciendo un sencillo proceso paso a paso.
Rich Hintz

What a Botnet Looks Like - CSO Online - Security and Risk - 0 views

www.csoonline.com/...What_a_Botnet_Looks_Like

network security botnet

shared by Rich Hintz on 27 Oct 08 - Cached
  • What a Botnet Looks Like
  • Rich Hintz on 27 Oct 08
     
    Researcher David Vorel mapped interconnected, bot-infected IP addresses and created this geometric representation; CSO contributor Scott Berinato annotated the map and added interactive controls so you can zoom in and explore botnets' inner workings
Rich Hintz

SAML Single Sign-On (SSO) Service for Google Apps - Google Apps APIs - Google Code - 0 views

code.google.com/..._reference_implementation.html

sso google authentication saml identity security applications

shared by Rich Hintz on 27 Oct 08 - Cached
  • SAML Single Sign-On (SSO) Service for Google Apps
  • Rich Hintz on 27 Oct 08
     
    Google Apps offers a SAML-based Single Sign-On (SSO) service that provides partner companies with control over authorization and authentication of hosted user accounts to access web-based applications like Gmail or Google Calendar
Rich Hintz

AirMagnet - Enterprise Wireless Network Security and Troubleshooting - 0 views

www.airmagnet.com

wifi security wireless diagnostics

shared by Rich Hintz on 27 Oct 08 - Cached
  • Rich Hintz on 27 Oct 08
     
    control over the entire lifecycle of the wireless LAN (WLAN) from network design and deployment to 24x7 intrusion prevention and troubleshooting. AirMagnet provides visibility into all aspects of your wireless airspace with the intelligence to automatically diagnose, explain and respond
Skeptical Debunker

Huge 'botnet' amputated, but criminals reconnect - washingtonpost.com - 0 views

www.washingtonpost.com/...AR2010031003890.html

botnet maleware ZeuS reconnected

shared by Skeptical Debunker on 11 Mar 10 - Cached
  • Skeptical Debunker on 11 Mar 10
     
    "The sudden takedown of an Internet provider thought to be helping spread one of the most promiscuous pieces of malicious software out there appears to have cut off criminals from potentially millions of personal computers under their control. But the victory was short-lived. Less than a day after a service known as "AS Troyak" was unplugged from the Internet, security researchers said Wednesday it apparently had found a way to get back online, and criminals were reconnecting with their unmoored machines. "
Carlos Gomes

Companies need to sell security to business-unit execs - Network World - 0 views

www.networkworld.com/...090706-security-business.html

assurance msia security

shared by Carlos Gomes on 13 Mar 07 - Cached
  • Stamp says that business units must accept responsibility for the security of the data they generate and control to head off data leaks. "IT people are data custodians, not owners," Stamp says. "We need to transfer responsibility to business people
hansel molly

Great Remote Computer Support Services - 2 views

Computer Support Professional offers unrivaled online computer support services that gave me the assurance that my computer is in good hands. Every time I needed the help of their computer support ...

computer support

started by hansel molly on 06 Jun 11 no follow-up yet
1 - 13 of 13
Showing 20 items per page