Thoroughly securing a Cisco router (or any router) is a topic that can require its own book(s) (see the references at the end of this article).  I will cover the basics here though.  The low hanging fruit...

Your latest Vulnerability Assessment is likely a waste of your IT Budget dollars!  Why?  The reason is that today the most prevalent and highest risk vulnerabilities reside within desktop application vulnerabilities and in most cases they are NOT even being included in the testing process.  To make matters worse, malicious individuals and members of organized crime are targeting these vulnerabilities, because they know they are the proverbial low hanging fruit..

Information Security Gurus and Marketing Professionals are often at odds with each other in the business realm. Marketing used to primarily be a print and face to face business function. Thanks to the over-haul of standard marketing strategies, marketing has grown new roots on the web and has found itself buried deep within social networking sites like LinkedIn, Facebook and Twitter. The need for businesses to have an online foot print is critical to reach the masses in today's competitive environment, but the potential loss of client data and security threats to your network are daunting...

The Internet has made our personal and professional lives very transparent. We now live in the fishbowl. Despite what many will argue, your privacy is no longer fully in your control. What you say, do and post can live forever. You are being judged in the process. And there are repercussions for those choices you make more now than ever...

The technique, found by Lava Kuppan describes a scenario where a mix of CSRF, parameter pollution and Clickjacking can defeat CSRF tokens in JSP and (sometimes) in ASP.NET. It’s worth a read. I did briefly mention using CSRF to pre-populate fields that may be necessary to create a Clickjacking scenario during Jeremiah and my brief talk at the world OWASP in New York. But this takes it to a new level, where you can pre-load information in such a way that it will actually defeat the application logic in the process. Anyway, cool stuff by Lava...

There is an UNEQUAL amount of good and bad in most things, the trick is to work out the ratio and act accordingly… The Jester

...the results from the annual "Human Factor in Laptop Encryption" study performed by Absolute Software and the Ponemon Institute reveal some very interesting metrics about the use/adoption of encryption software and the risk posed to businesses from the loss of unencrypted media.

If you choose believe the writings of Mandiant, you’re under the impression that “Chinese hackers are hellbent on taking over every large corporation in the United States.” If you choose to follow the writings of McAfee[2], you’re under the impression that “Chinese hackers only wanted Google’s secret sauce” – their source code. If you choose to follow Damballa’s writings[3], the attackers who penetrated Google are amateur script kiddies. Take your pick, there is no lack of speculation.

Brian Krebs reveals that Fiserv, a “Fortune 500 company that provides bank transaction processing services and software to more than 16,000 clients worldwide,” is urging customers not to use the most updated version of Adobe Reader...

Today’s Malware Strategy and Tactics are advanced and sophisticated. The main purpose for that is to trick antiviruses. Some are using encryption to make the detection difficult for any security software product, other add an AutoRuns to the registry entries to defend itself against anti-malware software or just adding a line to the host file to prevent the antivirus from updating their definition...