Archive for the ‘Security’ Category

Newer Entries »

NFCU Site Unsecure

Friday, August 14th, 2009

I have been a memeber of NFCU since I joined the US Navy 20 plus years ago. And I hate to say that I have used their site on a daily basis and never once noticed the issue with the home page being unsecure. While the login information is sent secure once you have clicked on the submit button, the page itself is not. Therefore as Scott Jarkoff states this site is ripe for a phising scam.

When I visted the site today after reading the article I noticed a new “Security” link under the logon area. Clicking the link brings up a pop up window which goes about stating the Home Page is not secured by HTTPS but that the information entered is transmitted securely. Security FAIL!

A user can access a secure NFCU logon site by leaving the logon information blank and clicking the submit button, which drops you on to the expected HTTPS secure log on.

Read the whole post as well as a demand from RSA, which oversees NFCU security.

NFCU Site Unsecure

Posted in Security | No Comments »

InfoSec Compendium: August 13th

Thursday, August 13th, 2009

Good evening everyone! Hope your week is coming to a successful close.

Here are some InfoSec posts that I found interesting.

1 – Word Press Password bug

2 – Browser Vulnerability

3 – Hacking a Voting Machine for around 100k

4 – eBay Password Vulnerability prompts change

5 – Navy CIO says cybersecurity is an urgent national issue

And of course the big interview with the CEO of Heartland discussing their security breach.

6 – Heartland CEO answers questions (blames others) about their Security Breach

Posted in Compendium, News, Security | No Comments »

InfoSec Compendium: August 8th

Saturday, August 8th, 2009

Good monring and welcome to the first InfoSec Compendium. Here I will post links to Information Security articles that I have found intersting. This compendium my consist of only a few links or many, this is not a reflection on any thing more than my own preferences or lack of time.

1 – DOD to review use of social-media technology – Federal Computer Week

2 – Hackers Target House.gov Sites – Washington Post

3 – Weaponizing Apple’s iPod Touch – InformationWeek

There are differing views on Cloud Computing and how it will change the IT landscape as well as its affect on Security. I approach Security from a Risk Management stand point, which is much easier for the C-suite to understand. This brief article addresses the ideas behind Cloud Computing and how compaines may use Risk Management to address their use of the cloud.

4 – Cloud Changes Cost of Attacks – DevCentral

That is it for the first InfoSec Compendium.

Subscribe to SecurEvolution

Posted in Announcement, Cloud Computing, News, Security, Social Networking | No Comments »

Newer Entries »