|
|
|||
 |
|
|||
CCCure Quiz EngineRated #1 TrainingLibrary of Documents Main Library Area  COBIT© Standard Governance ISO Standard 27001/17799/BS7799 Security Awareness Security Policies SSE-CMM© *Quality versus Quantity* Forum Postings CIsA -Dec 2011- post your results here! Anyone take the new in exam in 2012? Exam - Miami, FL 04/15/2012 Study group - Miami, FL Recommendations on CISSP boot camps CISSP Domains - Question Weighs CISM Dec 2011 result wait time starts again !!! Difference Between Analysis and Assessment CISSP - PASSED FIRST TIME FROM COLOMBIA difference between message digest and a checksum?CISSP's BlogsHere is a list of Blogs maintained by CISSP's. SECURITY JOBS ISC2 BLOGS CISSP's BLOGS - Allen Baranov LEGAL INFO BLOGS - Bow Tie Law's Blog ISO 27001 & BS 25999 - Dejan Kosutic Recommended PodcastsSecurity BooksSurveysTop10 Links· 1: Exam Introduction and overview
· 2: Resume of the 10 domains of the CBK · 3: 2. Access Control CBK Tutorial · 4: China CISSP Study Group · 5: International Information Systems Security Certifications Consortium Inc. · 6: Rob Slade's CISSP Books reviews · 7: 10. Operation Security · 8: 5. Cryptography · 9: 3. Security Architecture and Design · 10: 7. Telecommunication and Network Security CBK tutorial Top10 Downloads· 1: CRAM Study guide on the 10 domains of the CBK
· 2: Domain 1.zip · 3: Study Guide for Domain 1 - Access control Systems and Methodologies · 4: Overly Updated.pdf.zip · 5: Great Document on Security Models · 6: Intro1.zip · 7: Domain 3.zip · 8: Cram Study Guide for Domain 1 - Access control Systems and Methodologies · 9: Domain 7.zip · 10: Domain 5.zip Who's OnlineThere are currently, 55 guest(s) and 5 member(s) that are online. You are Anonymous user. You can register for free by clicking here |  |
Brad Smith (aka TheNurse) donation page
|
|
(Read More... | Score: 0)
Be worried of the Insider Threat -- It is one of your weak link
Posted by boss on Thursday, 26 May 2011 @ 09:53:54 EDT (1115 reads)
Topic CISSP OSG INFO
As seen on the Bank InfoSecurity Web site at: http://www.bankinfosecurity.com/p_print.php?t=a&id=3673
"As we communicated to impacted customers, this situation involved a now former associate who provided customer information to people outside the bank, who then used the information to commit fraud against our customers," says BofA spokeswoman Colleen Haggerty. "Keeping customer information secure and confidential is one of our most important responsibilities, and Bank of America sincerely apologizes for this incident, and regrets any inconvenience it may cause our customers. We work hard to prevent fraud, and our customers who experience fraud on their accounts related to this incident will be reimbursed if they report it promptly to us."
Privacy expert and attorney Kirk Nahra calls the BofA incident "a big, scary story," and says account-management checks should have picked up on the fraud before more than $10 million was drained from customer accounts. "Money was missing, so there should have been some trigger just identifying that there was a problem," he says. "It's just weird that the problem wasn't picked up on sooner."
Protecting PII: A Widespread Concern
Julie McNelley, an Aite analyst, says the BofA breach underscores concerns consumers should have about sharing their personal information with any company, not just a financial institution. "It's a huge issue for all types of consumer information that is stored, and it's being heavily targeted by all kinds of breaches," McNelley says. "Organized crime either had an employee planted or reached out to an employee and got them in on the hack. We're seeing this more and more."
Despite growing concerns about internal threats, McNelley says banking institutions and other organizations can implement strategies to detect employee fraud. In some cases, they can even predict high probabilities for employee fraud.
McNelley's must-haves include:
- Background checks. "When it comes to screening employees during the hiring process, a layered approach is necessary," McNelley says. Background checks are the norm, and public records could provide tell-tale signs about a certain candidate's propensity to commit fraud. Especially, if a bank employee committed fraud while working for another institution, banking networks will often include background information about these employees' previous work histories.
- Prosecution. Be sure to press charges against employees who commit fraud. Many banking institutions are reluctant to prosecute because of bad publicity, but doing so establishes a public paper trail for other institutions to follow.
- Behavior Monitoring. Implement and engage in behavior tracking. "When you have a teller who is accessing five times more accounts than any other teller in your bank, that could be a red flag that something is going on," McNelley says.
BofA Cleans the Mess
Going forward, BofA says it's working internally and with its customers to clean up the mess. "We take personal data protection very seriously," Haggerty says. "This includes safeguards ranging from background checks during the hiring process, monitoring employee access to customer personal data, and very clear policies that prohibit the improper use of customer data. In the event of a privacy compromise or fraud, we have in place aggressive account monitoring and refund policies for unauthorized transactions after an incident occurs to protect our customers. Customers impacted by this specific incident will also receive two years of free credit report monitoring."
As for the length of time it took BofA to notify affected customers about the breach, McNelley says she sees no red flags going up. "BofA was probably trying to figure out how far-reaching the fraud was and was working with law enforcement, so they had to keep some of it contained until they knew what they were dealing with."
Nahra, on the other hand, says he finds the delay somewhat perplexing. "I'm a little surprised, given at how sophisticated some of the big institutions are at picking up on fraud and irregularities," he says. "I don't know how this person did it. If he downloaded a lot of information to a thumb drive, you can track some of that. On the access points, you always want to look at how you can control access to information in the first place."
But access control, Nahra allows, is a touchy issue for banks and other entities, since it's difficult for corporations to limit employee access, especially to customer information that enhances the relationship and allows employees to better know and serve customers.
"We have a tension between privacy and security everywhere," Nahra says. "If I set up my bank website and make it incredibly hard to break in to, that means it makes it incredibly hard for the consumer to use. You've always got this tradeoff."
"(Read More... | Score: 0)
Business Continuity Management Guidelines from BCI
Posted by boss on Tuesday, 29 March 2011 @ 09:00:09 EDT (1551 reads)
Topic CISSP OSG INFO
Please use the links below to access each of the six knowledge areas of the Good Practice Guidelines (2008-2).
- Complete GPG – Download complete Good Practice Guidelines
- Chapter one – BCM Policy & Program Management
- Chapter two – Understanding the Organization
- Chapter three – Determining Business Continuity Strategy
- Chapter four – Developing & Implementing a BCM Response
- Chapter five – Exercising, Maintaining & Reviewing BCM Arrangements
- Chapter six – Embedding BCM in the Organization’s Culture
A summary version "The Pocket Sized Good Practice Guidelines" is available here
Various language versions of "The Pocket Sized Good Practice Guidelines" are available using the links below:
An Italian language version of the GPG 2005 is available here
The Business Continuity Institute (BCI) - the world’s eminent BCM, was established to enable individual members to obtain guidance and support from fellow business continuity practitioners. The BCI currently has more than 5,200 members in more than 90 countries. Professional membership of the BCI provides internationally recognized status as this valued certification demonstrates the members’ competence to carry out business continuity management (BCM) to a consistent high standard. “Promoting the art and science of business continuity management worldwide” For information on our education and certification please visit: http://www.thebcicertificate.org
Regards,
Zack J. Wood
Channel Manager
The Business Continuity Institute
1964 Gallows Road, Suite 330
Vienna, Virginia 22182
USA
email : zack.wood@thebci.org
tel: +1 (703) 637-4368
Skype ID: zack.wood-itpg
(Read More... | Score: 0)
I need your help with Wikipedia
Posted by boss on Sunday, 09 January 2011 @ 16:22:53 EST (2057 reads)
Topic CISSP OSG INFO
Good day to all,
I am writing to ask you a favor. Over the past year I have submitted the URL for the CCCure web site multiple times to Wikipedia and there is a moderator who has his own personal, financial, or other motives who always removes the link to my website.
Here is what I need you to do:
Regularly visit the following URL Below:
http://en.wikipedia.org/wiki/Certified_Information_Systems_Security_Professional#External_links
Ensure that the CCCure Website is listed in the list.
If it is not, please click on Edit and add it. All you have to do is add the line below the links for External Links
LOOK FOR:
==External links==
*{{Official website|http://www.isc2.org (ISC)²}}
*{{Dmoz|Computers/Education/Certification/CISSP|CISSP}}
HERE IS THE LINE TO ADD:
*[http://www.cccure.org/ The CCCure Open Study Guides]
AFTER THE CHANGES ARE DONE IT WILL LOOK LIKE THIS:
==External links==
*{{Official website|http://www.isc2.org (ISC)²}}
*{{Dmoz|Computers/Education/Certification/CISSP|CISSP}}
*[http://www.cccure.org/ The CCCure Open Study Guides]
After making your changes do not forget to click on the SAVE CHANGES button located a bit lower on the page to save the changes you have made. The site will ask you to type a security code and then the page will be updated.
Thanks a whole lot
Clement
(Read More... | Score: 1)
Workers Abusing Social Sites On Corporate Networks
Posted by boss on Tuesday, 26 October 2010 @ 09:37:44 EDT (1102 reads)
Topic CISSP OSG INFO
Workers Abusing Social Sites On Corporate Networks
Employees' use of Facebook, Gmail, Hotmail and BitTorrent is posing security risks, according to study by Palo Alto Networks.
By Mathew J. Schwartz, InformationWeek
Oct. 25, 2010
URL: http://www.informationweek.com/story/showArticle.jhtml?articleID=227900728
More than 70% of the traffic on corporate networks today comes from the Internet, and a sizable portion of it stems from employees’ use of Gmail, Hotmail, Facebook and BitTorrent for personal reasons.
That finding comes from a study released by next-generation firewall vendor Palo Alto Networks, based on firewall data captured in 723 organizations worldwide: 275 in North America, 207 in the Asia-Pacific region and 241 in Europe.
"This is based on real traffic in enterprise networks at a global level," said Franklyn Jones, director of EMEA marketing for Palo Alto. Compared with results from similar studies, he said, "It seems as though users are taking control of the corporate network," in the types of applications they're using, accompanying security risks introduced and bandwidth consumed.
To provide more precise details, Palo Alto divided the personal applications it found into three categories: socializing, saying (email and IM) and sharing. Altogether, these applications account for about 25% of the traffic seen on corporate networks.
In terms of socializing, the most popular networking platforms (in terms of the percentage of businesses in which their use was seen) were Facebook (95%), Twitter (93%), LinkedIn (85%), MySpace (79%) and Facebook applications (76%).
While all social networking platforms have risks -- as well as potential rewards -- Palo Alto said that the prevalence of Facebook applications was cause for concern. "The more that enterprises download Facebook applications, the more likely they are to be attacked," said Jones. Relatively speaking, Facebook and its applications are bandwidth hogs, consuming 500% more bandwidth than the other 47 social networking applications seen combined, without even factoring in Facebook mail and chat traffic.
For email and IM, 81% of the applications found have the potential to allow inbound threats into the network, while 59% create the potential for data leakage.
The most popular email client was Gmail, found in 93% of enterprises, followed by Hotmail in 90%. In addition, 76% of businesses use the IM consolidation platform Meebo.
For applications aimed at sharing information -- beyond email, IM and social networks -- the Palo Alto study found that 83% of all related bandwidth can be traced to P2P applications. That's consistent for most countries, except Germany, where P2P use in the workplace is relatively low, and Spain, where use of Megaupload, a browser-based file-sharing tool, is high. "I don't know what's going on in Spain, but there is some serious, serious file transferring going on," said Jones.
The bottom line is that when it comes to personal applications on corporate networks, they're not going away. "The challenge then is how IT should respond," he said
"(Read More... | Score: 0)
Electronic Theft Costs Businesses More Than Physical Theft
Posted by boss on Monday, 25 October 2010 @ 09:26:18 EDT (897 reads)
Topic CISSP OSG INFO
Phishing is the top information theft threat to U.S. companies, according to a Kroll survey that found physical property fall behind information thievery for the first time in its four-year history. Companies in North American face relatively low levels of fraud, except in one area: information theft or attack. Indeed, related fraud over the past year rose from 22% to 32%, compared to a global average of 27% reporting that they'd suffered information theft. Those findings come from a new global fraud report commissioned by Kroll and conducted by the Economist Intelligence Unit. More than 800 senior executives worldwide were polled. The survey also found that the top techniques used for information theft against U.S. companies were phishing (26%) and technology or tools (19%). In addition, said Kroll, "26% of those surveyed cited the complexity of IT infrastructure as the leading cause of increased fraud exposure." According to Kroll, 2010 marked the first time the annual survey -- now in its fourth year -- found more companies had suffered information theft than theft of physical property. Of the 10 industries surveyed, Kroll said that the companies most at risk from information theft or attacks operated in the financial services, professional services or natural resources sectors.
By Mathew J. Schwartz, InformationWeek
Oct. 19, 2010
URL: http://www.informationweek.com/story/showArticle.jhtml?articleID=227900228
Companies in North American face relatively low levels of fraud, except in one area: information theft or attack. Indeed, related fraud over the past year rose from 22% to 32%, compared to a global average of 27% reporting that they'd suffered information theft.
Those findings come from a new global fraud report commissioned by Kroll and conducted by the Economist Intelligence Unit. More than 800 senior executives worldwide were polled.
The survey also found that the top techniques used for information theft against U.S. companies were phishing (26%) and technology or tools (19%). In addition, said Kroll, "26% of those surveyed cited the complexity of IT infrastructure as the leading cause of increased fraud exposure."
According to Kroll, 2010 marked the first time the annual survey -- now in its fourth year -- found more companies had suffered information theft than theft of physical property. Of the 10 industries surveyed, Kroll said that the companies most at risk from information theft or attacks operated in the financial services, professional services or natural resources sectors.
Unfortunately, executives and corporate boards in numerous industries don't appear to be taking appropriate measures. In a year in which even Google has been hacked, only one-third of respondents to the Kroll survey thought their organization was moderately or highly vulnerable to information theft. Notably, overall investment in information security by businesses declined from 2009 to 2010.
In addition, companies also think they're relatively immune to fraud, and report low levels of exposure to corruption (7%) and market collusion (4%). Yet, only 42% of U.S. survey respondents correctly identified the fact that the U.S. Foreign Corrupt Practices Act (FCPA) applies to their company, while 44% didn't know, and 14% believed they were exempt.
Kroll said that businesses must take a more proactive security and anti-fraud stance to help offset the overall rise in fraud, including information theft. "North American companies currently enjoy a relatively benign fraud environment. They will need to address growing risks, especially in information security, to keep things that way."
"(Read More... | Score: 0)
I am in need of good question writers
Posted by boss on Friday, 03 September 2010 @ 23:31:11 EDT (1154 reads)
Topic CISSP OSG INFO
Good day to all,
I am in dire need of good question writer who can produce some of the new scenario based questions that have been showing up on the CISSP exam. It is the new type that present a large scenario (a paragraph or a few) and then ask you a few questions related to that scenario.
I would also need help from people who are CEH to develop questions for that certification as well. Those are the same style as we have in the quiz engine right now.
If you are interested I would like you to contact me at:
Clement [dot]Dupuis[at]Gmail[dot]com
As you know me, I prefer quality over quantity. Even if you can commit only to writing a few question it is fine. I prefer a few that really tests skills and knowledge than a whole bunch of bad ones.
Please send me an email and tell me if you are willing to write question for the CEH or the CISSP Scenario based questions and how much you would like to be paid per question.
Thanks in advance
Clement
(Read More... | Score: 0)
SecureNinja/CCCure TIPS and TRICKS to pass the exam
Posted by boss on Friday, 14 May 2010 @ 09:52:20 EDT (11708 reads)
Topic CISSP OSG INFO
Greetings from Clement,
Welcome to the SecureNinja.com and CCCure TIps and Tricks for the CISSP® exam.
The tips and tricks below have been collected by myself and also borrowed from some of my friends and colleagues at Secure Ninja. I am very fortunate to work side by side with some of the greatest and most experience CISSP instructors in the world such as Larry Greenblatt and Ross Leo. Ross has taught the CISSP class for multiple years at ISC2 and many other training providers, he is also know as the person who first came out with the term CIA triad. Larry is the author of the CyberKungFu and also very involved in the security community. He is leading the Cyber Sparring CEH class at Secure Ninja. Larry has been living the CISSP® experience for the past decade. The three of us cumulate almost 100 years of IT and Security experience, together we have taught multiple hundreds of CISSP® classes and we will bring this unique baggage to you in our classroom. We know the Common Body of Knowledge better than anyone else. Such amount of experience is something you cannot get or buy anywhere else. We pride ourselves on the quality of our staff and our ability to deliver complex content in an easy to follow format.
In order to pass you exam, you have to be reading and preparing from the moment you have read this message. This message is to ensure your success.
BELOW YOU HAVE IMPORTANT TIPS AND TRICKS REGARDING THE CISSP EXAM -- PLEASE READ AND FOLLOW THOSE INSTRUCTIONS
STEP 1: BECOME A MEMBER OF CCCURE.ORG
Get familiar with the www.cccure.org web site at http://www.cccure.org
To get started create an account at:
http://www.cccure.org/modules.php?name=Your_Account&op=new_user
As you will see the site offers VERY active forums, web links, downloads, tutorials, quizzes, and tons of information related to becoming a CISSP.
STEP 2: WATCH OUR FLASH BASED PRESENTATION ON HOW TO BECOME A CISSP®
If you have not done so, listen to the CISSP® Exam overview at:
http://www.cccure.org/modules.php?name=Web_Links&l_op=viewlink&cid=167
See comments from previous students who have watched the presentation:
Wow, this is great. I wouldn't change a thing. I just wish I'd have seen this earlier than my 2.5 weeks before the exam. :-( Anyway, well done and thank you. It looks like you put a lot of work into this, and it is greatly appreciated.`
Viewing this Flash presentation is an absolute must for anyone considering pursuing the CISSP. Thanks Clement...
WOW! This site has been a wealth of information! I started self-study with Shon Harris' "ALL IN ONE" CISSP Exam Guide and after a few months I became discouraged. CCCure.org and most importantly Clement's flash tutorial for the introduction and overview of the CISSP® exam has been a big encouragement. There was so much information with better outline and emphasis from the flash tutorial that I've revised my entire study plan and definitely concentrated my focus on key areas. Clement, thanks a bunch!
STEP 3: QUIZ, QUIZ, and more QUIZZES
A link to our QUIZ engine can be found on the main menu bar of the www.cccure.org website or you can visit:
http://www.cccure.org/modules.php?name=Web_Links&l_op=viewlink&cid=168
A FREE account gives you access to a few hundreds of questions but not all of the questions. If you wish to get access to all of the questions you must register with a PAID account. Our fees for a paid account is only $39.99 for six months of access, this is a fraction of the price you will pay on any other quiz. We have the largest amount and the most relevant set of questions for the CISSP exam that you will find anywhere.
Ensure you take quizzes from the CCCure quiz engine as you complete the reading of each of the domains within the study book that you have bought. The more quizzes you take the better you will do on the exam.
Within the quiz setting do use PRO level questions and closely related. Take at least 50 questions tests, and take multiple tests on each of the domains. You should aim for a CONSISTENT score of 80% or above to feel good about passing the real exam. As you will see the Common Body of Knowledge (CBK) is VERY wide (20 miles wide, one inch deep) and it will require a serious investment in time to reach this mark for all of the domains.
The quiz will help you two ways: First by identifying things you DON'T know and finding your weak domains. Second it will help you memorize topics of the CBK.
I strongly recommend that you search the web or your study book for any questions that you have missed, this is how you will improve your knowledge and remember the key topics. Every time you miss a question the quiz engine will remember that questions and you can later on drill down on topics you had the most difficulties. The quiz engine gives you the option to attempt those questions again and this will ensure you can answer them correctly.
SECURENINJA.COM STUDENT'S BENEFIT: All of Secure Ninja students will get a PAID Quiz Account giving them full access to the quiz as well as access to a unique set of Scenario Based questions reserved only for SecureNinja students. The real exam now contains more and more Scenario Based Questions and it is imperative that you become familiar with them.
STEP 4: BECOME A BOOK RAT
If you have not bought a good study book yet, today is the time to do it. Do not procrastinate, get your study book right now.
There are many books available, some are better than others, you can see a short list of recommended books at:
http://www.cccure.org/modules.php?name=News&new_topic=76
Many people who have many years of experience prefer short and concise books such as the CISSP for Dummies. Do not get thrown off by the title, it is a VERY good book.
STEP 5: SUBSCRIBE TO OUR CISSP STUDENT INFO MAILING LIST
This mailing list is a series of auto responders that will send you about one message a day for about 10 days.
The messages contain tips and trick to pass your exam, frequently asked questions, and general information about how to become a CISSP.
You can subscribe at: http://www.cccure.info/subscription.html
STEP 6: SUBSCRIBE TO OUR TWO WAY DISCUSSION LIST
This mailing list is a two way discussion list where you can post messages and get help from others who are studying for the CISSP exam. The mailing list is moderated by our SecureNinja instructor Clement Dupuis and it is very well maintained. Clement will quickly filter any message that are not CISSP related.
Subscribe at: http://www.cccure.org/modules.php?name=News&file=article&sid=431
STEP 7: VISIT THE CCCURE.ORG FORUMS FOR THE CISSP
The CCCure forums are one of the most dynamic community when it comes to getting answers to your questions quickly or finding more information about the CBK. There are dozens of CISSP's in good standing who spend hours per day helping others. The forums have a search engine as well and it is very likely that your question might have been asked already and the answer is waiting for you.
The forums are really worth a visit, you will find the forums at:
http://www.cccure.org/modules.php?name=Forums&file=index&c=2
STEP 8: VISIT THE CCCURE WEB STORE FOR SUPPLEMENTARY RESOURCES
Our webstore has grat resources that can assist you in passing the exam on the first try.
Some people learn best with Video Turorials, some prefer MP3 files, others prefer reading. The website has resources for all learning abilities.
Visit the CISSP Section at: https://www.cccure.com/cart/categories/CISSP/
LAST BUT NOT LEAST: WHAT ARE THE MAIN CAUSES OF EXAM FAILURE
Over the years we have identified some of the main reason WHY people fail their exam. You have a list of the most common reasons below:
1. They do not do any study seriously prior to taking their exam or attending a class
2. They spend time answering emails or texting on their cell phone or other devices instead of being attentive or listening to the instructor
3. They spend time outside the class talking on their cell phone or attending conference calls
4. They are doing remote administration or job related activities through a remote connection
5. They underestimate the difficulty of the exam
6. They study while watching the game or doing other activities
7. They attend the cheapest training they can find. You get what you pay for.
8. They attend training with an instructor who has not delivered the class dozen of times.
9. They spend 5 hours a day in traffic instead of staying at an hotel or friend close to the training center.
To ensure your success, you should not partake in any of the above activities which are detrimental to your learning experience and often time to others learning experience if you are in a class setting. Do dedicate the WHOLE week to doing strictly and only your CISSP exam.
IMPORTANT:
Tel your boss, peers, spouse, and anyone close to you that you will be extremely busy for the whole week and you are not ignoring them. Explain to them that this is an important step in your career and in some case a requirement to find or keep a position or job as well. Make sure your company or supervisor understands that you ARE NOT available for any of the normal company activities. Your study week will require concentration throughout the day and working hard at night as well. THIS IS YOUR NUMBER ONE PRIORITY and you must take it VERY SERIOUSLY.
Best regards
Clement
Clement Dupuis, CD
clement@insyte.com
clement.dupuis@cccure.com
Chief Learning Officer (CLO) @ SecureNinja.Com
Site Owner, Founder, and Maintainer of the CCCure Family of portals
CISSP, GCFW, GCIA, Security+, CEH, ECSA, LPT, CCSA, CCSE, MBNS, MBIS, MBHS, + dozen of others
(Read More... | Score: 5)
SpywareAnalytics a forum for home user security
Posted by boss on Thursday, 18 March 2010 @ 11:34:18 EDT (1302 reads)
Topic CISSP OSG INFO
SpywareAnalytics.com is a home user forum portal to help you fight with malware.
We have a specialized team of analysts, engineers and other researchers, who are focused in helping you round the clock to resolve your issues by helping you to:
* fix your systems
* detect & remove malware
* analyze & research on malware
* Update & Patch process
* Installation questions
and much more...
Check out http://www.SpywareAnalytics.com when you get a chance. Thank you for your time!
Kind Regards,
EF
(Read More... | Score: 0)
Twitter announce a new service to protect their users
Posted by boss on Monday, 15 March 2010 @ 11:20:43 EDT (1349 reads)
Topic CISSP OSG INFO
Twitter to detect, intercept and prevent bad links
Twitter[1] has announced[2] that it is launching a new service to protect its users against phishing and other attacks by attempting to detect, intercept and prevent "bad links" before a user clicks on them. The popular microblogging company says that, from now on, it will be routing all links submitted to Twitter through a new service, allowing the company to block bad links even after they've already been sent out in an email notification.
According to Del Harvey[3], Director of Twitter's Trust and Safety team, as these type of attacks often occur in email notifications and Direct Messages, this is where the company will focus their "initial efforts". Harvey says that, for the most part, users will not even notice the feature as it will be working behind the scenes. Users may, however, notice that links have been shortened to "twt.tl[4]" links in Direct Messages and email notifications.
See also:
- Twitter resets user passwords[5], a report from The H.
- Cracking attack on Twitter[6], a report from The H.
- Shutting Twitter backdoors[7], a report from The H.
URL of this Article:
http://www.h-online.com/security/news/item/Twitter-to-detect-intercept-and-prevent-bad-links-950750.html
Links in this Article:
[1] http://twitter.com/
[2] http://blog.twitter.com/2010/03/trust-and-safety.html
[3] http://twitter.com/delbius
[4] http://twt.tl
[5] http://www.h-online.com/news/item/Twitter-resets-user-passwords-921235.html
[6] http://www.h-online.com/news/item/Cracking-attack-on-Twitter-889425.html
[7] http://www.h-online.com/news/item/Shutting-Twitter-backdoors-850717.html
(Read More... | Score: 0)
The Rugged Software Manifesto
Posted by boss on Wednesday, 10 February 2010 @ 08:43:31 EST (1259 reads)
Topic CISSP OSG INFO
The three authors of the manifesto are Josh Corman, an analyst with The 451 Group; David Rice, formerly with the National Security Agency and author of Geekonomics, a book about the real cost of insecure software; and Jeff Williams, the chairman of OWASP, an organization focused on Web application security. The trio announced the project at the SANS Institure AppSec Conferenc in San Francisco Monday.
The Rugged Software Manifesto
- I am rugged... and more importantly, my code is rugged.
- I recognize that software has become a foundation of our modern world.
- I recognize the awesome responsibility that comes with this foundational role.
- I recognize that my code will be used in ways I cannot anticipate, in ways it was not designed, and for longer than it was ever intended.
- I recognize that my code will be attacked by talented and persistent adversaries who threaten our physical, economic, and national security.
- I recognize these things - and I choose to be rugged.
- I am rugged because I refuse to be a source of vulnerability or weakness.
- I am rugged because I assure my code will support its mission.
- I am rugged because my code can face these challenges and persist in spite of them.
- I am rugged, not because it is easy, but because it is necessary... and I am up for the challenge.
Official Announcement Document - 
If you want Rugged Software, join us and help define the principles, and technologies that will help others become Rugged too. Our first project is to define how people and organizations can know if they are Rugged.
Visit their website at: http://www.ruggedsoftware.org/
"(Read More... | Score: 0)
New logo for the CCCure Family of Portals
Posted by boss on Friday, 29 January 2010 @ 23:15:05 EST (1241 reads)
Topic CISSP OSG INFO
Today I am happy to present our new logo:
Our new logo represent very well the mission of CCCure and it's family of portals.
It shows that our mission is Education, Information System Security, helping people worldwide.
Every month we have people from more than 125 countries that are making use of our portals. That's over 100,000 unique visitors overall. We are proud today to show our new identity, the next time you see it you will know it is not a clone, a rogue, or a fake. It is the real thing.
Thanks to all who supported us over the past ten years.
Best regards
Clement, Nathalie, and Alain
Site Owners and Maintainers
"
(Read More... | Score: 0)
CPE = CONTINUOUS PAYMENT EXPECTED
Posted by boss on Thursday, 21 January 2010 @ 20:45:21 EST (2343 reads)
Topic CISSP OSG INFO
NOTE FROM CLEMENT:
CompTIA has joined the rank of certification body who will require CPE's to keep our A+, Network+, and Security+ certification current as well as imposing an expiry date or renewal cycle every 3 years like other certification body are doing.
If the whole CPE things was done properly it would be great. However in most case this is use as a way of making more money by offering seminars and other cheesy training to make CPE's. When will people get serious about providing skills and knowledge as a priority.
See the announcement below from CompTIA:
CompTIA Certification Renewal Policy
CompTIA A+, CompTIA Network+ or CompTIA Security+ certifications are now valid for three years from the date the candidate is certified. The change brings the CompTIA certifications in line with the practice of other major providers of certifications for IT professionals, such as Cisco, Microsoft and Oracle.
The renewal policy also is required for these three certifications to maintain their accreditation and compliance with internationally accepted standards for assessing personnel certification programs (ANSI/ISO/IEC 17024). CompTIA A+, CompTIA Network+ and CompTIA Security+ certifications earned the ISO 17024 accreditation from the International Organization for Standardization (ISO) in 2008. ISO requires that individuals have a way to renew the currency of their certification on a regular basis. In CompTIA’s case, renewal will occur every three years.
The new certification renewal policy is applicable to all individuals who hold CompTIA A+, CompTIA Network+ or CompTIA Security+ certifications, regardless of the date they were certified. Other CompTIA certifications are not affected at this time.
Beginning January 1, 2010, a “Valid Through” date appears on all certificates and certificate holder ID cards for individuals who earn CompTIA A+, CompTIA Network+ or CompTIA Security+. The date is three years from the date of certification.
Certification renewal will ensure that individuals have the most up-to-date skills and knowledge to deal with the fast-changing IT environment.
In conjunction, CompTIA is introducing a continuing education program for individuals with multiple ways to earn continuing education credits to maintain their active certifications.
Among activities that will qualify for continuing education credits are passing a “bridge” exam or the most current exam for their CompTIA certification; teaching, lecturing or presenting on relevant industry topics; participating in non-degree courses or computer-based training; attending relevant industry conferences and events; participating in a CompTIA exam development workshop; publishing articles, whitepapers, blogs or books on relevant topics; obtaining other industry certifications; or completing industry-related college courses from degree-granting institutions.
Enrollment in the certification renewal program is expected to be available in mid-2010.
(Read More... | Score: 4.5)
Info for students that lost money due to Vigilar Intense School closing doors
Posted by boss on Thursday, 14 January 2010 @ 18:26:37 EST (1853 reads)
Topic CISSP OSG INFO
Hi Everyone,
Today is an exceptionally great day for your clients and students that paid Intense School pre-paid fees for classes.
I have contacted SCHEV (State Council of Higher Education for Virginia) in VA - the licensing board in the State of VA and they said students can get a portion of their money refunded.
Linda Woodley is the SCHEV Director and has confirmed Intense School class fees may be refunded to the students. Below is Linda Woodley's contact information to send/email about refunding class fees.
Intense School told SCHEV no student was going to lose class fees from Intense School closing. She has been advised differently.
Your all welcome to contact Linda and I hope this helps.
Pls let me know how Security University can assist you. You have my contact info below.
'good luck with working with Linda as she really knows her stuff. ttys SJS:)
Linda H. Woodley, M.Ed.
Director, Private & Out-of-State Postsecondary Education
State Council of Higher Education for Virginia
James Monroe Building
101 N. 14th Street, 9th Floor
Richmond, VA 23219
Office phone: 804-371-2938
Fax phone: 804-786-2027 or 804-225-2604
E-mail: lindawoodley@schev.edu
Website: www.schev.edu
This information was provided by Sondra at Security University. Sondra has been a sponsor of CCCure for a long time and this is where you can get CISSP classes delivered by Clement Dupuis the owner of the CCCure Family of Portals. See Sondra's contact info below. Give her a call to book a seat on one of the many top notch qualified security classes or the world's best CISSP class.
--
Qualified Training for Qualified Results!
Sondra J. Schneider
Founder & CEO, Security University
109 Weed Ave
Stamford CT 06902
work 203.357.7744
cell 203.249.8364
www.securityuniversity.net
(Read More... | Score: 0)
Recommended Training
Login here
Recommended
CCCure Partners
BRAZIL
Logical IT
São Paulo
Rio de Janeiro
Belo Horizonte
Fortaleza
Brasilia
USA
CANADA
CISSP Montreal
CISSP Ottawa
CISSP Toronto
CISSP Quebec City
CISSP Vancouver
CISSP Winnipeg
MIDDLE EAST
CISSP Dubai
CISSP Abu Dhabi
CISSP Qatar
CISSP Kuwait
CISSP Oman
EUROPEAN UNION
CISSP Dublin, Ireland
CISSP London, UK
ESPION
AFRICA
Lagos, Nigeria
CISSP and Security Training
Digital Encode
----------------------------
Cameroon
Security Training
CISSP, CEH, Security+
GETSEC
Most Active Members
Total points: 15336
· 2: webplu9
Total points: 15228
· 3: Lopezco
Total points: 8514
· 4: cissp_newbie
Total points: 7593
· 5: cdupuis
Total points: 7381
· 6: mikeyoung_fla
Total points: 5526
· 7: Vladimir
Total points: 4611
· 8: damoose
Total points: 3374
· 9: MMM
Total points: 2969
· 10: educk
Total points: 2553
Today's Big Story
Random Headlines
Past Articles
Older Articles
The comments are property of their posters, all the rest © 2007 by CCCure.Org, and the site maintainers Clement Dupuis and Nathalie Lambert. Reuse is strictly prohibited without written permission of CCCure.Org or it's maintainers.
This web site is not associated directly or indirectly with ISC2, the SANS Institute, ISACA, or other certification authority. The GCFW, CISSP, SSCP, ISSEP, ISSMP, CISA, and CISM are all the property of their respecful owners. The content of this site is provided to you freely due to the generosity of our sponsors.
- EDPACS
- Hackin9
- Information Security Magazine
- Information System Management Magazine
- The official journal of ISC2
- InfoSecurity Magazine UK Version
- InfoSecurity Magazine US Version
- Journal of Digital Forensics
- Journal of OC and Electronic Commerce
- ISC2 Certifications
- CISSP
- CISSP CBT By Shon Harris
- CISSP Total Learning Package
- CISSP Documents
- CISSP FAQ
- CISSP in the news
- CISSP Quizzes
- CISSP Study Books
- Official ISC2 Book Errata
- CISSP Study Forums
- CISSP Study Guides
- CISSP Study Group HOWTO
- CISSP Study Links
- CISSP Study Mailing List
- CISSP Study Tips
- CISSP Training
- CISSP Tutorials
- CCCure
- SearchSecurity Shon Harris Tutorials
- DOMAIN 1 - SECURITY MANAGEMENT PRACTICES
- DOMAIN 2 - ACCESS CONTROL
- DOMAIN 3 - CRYPTOGRAPHY
- DOMAIN 4 - SECURITY MODELS AND ARCHITECTURE
- DOMAIN 5 - TELECOMMUNICATIONS AND NETWORKING
- DOMAIN 6 - APPLICATIONS AND SYSTEMS DEVELOPMENT
- DOMAIN 7 - BUSINESS CONTINUITY
- DOMAIN 8 - LAWS, INVESTIGATIONS AND ETHICS
- DOMAIN 9 - PHYSICAL SECURITY
- DOMAIN 10 - OPERATIONS SECURITY
- Veridon
- SearchSecurity CISSP Webcasts
- ISC2 Official Webstore
- How to get CPE's
- LinkedIn for CISSP
- SSCP
- ISC2 CAP
- ISC2 ISSEP
- ISC2 Information
- CISSP
- ISACA
- SANS GIAC
- GCFW Certification
- Onsite Training
- Online Classes
- 8570 Training
- GI Bill
- GSA Schedule
- CNSS Training
- CISSP Classes
- CompTIA Security+
- Security+ & SSCP Bootcamp
- Q/EH - Qualified Ethical Hacker
- Q/FE - Qualified Forensic Expert
- Q/ND - Qualified Network Defender
- Q/SA - Qualified Security Analyst and Pen Testing
- Q/SSE - Qualified Security Expert
- Q/WAD - Qualifed Wireless Analyst and Defender
- Certified ISO 27001 Implementation Course
- ISM Lead Auditor Certification Class
- CWNA - Certified Wireless Network Admin
- CWSP - Certified Wireless Security Expert
- CWNA & CWSP Bootcamp
- CND Training
- Intro Classes
- Specialty Training
- Special Discount Page
- CISSP Tutorials
- CCCure
- SearchSecurity Shon Harris Tutorials
- DOMAIN 1 - SECURITY MANAGEMENT PRACTICES
- DOMAIN 2 - ACCESS CONTROL
- DOMAIN 3 - CRYPTOGRAPHY
- DOMAIN 4 - SECURITY MODELS AND ARCHITECTURE
- DOMAIN 5 - TELECOMMUNICATIONS AND NETWORKING
- DOMAIN 6 - APPLICATIONS AND SYSTEMS DEVELOPMENT
- DOMAIN 7 - BUSINESS CONTINUITY
- DOMAIN 8 - LAWS, INVESTIGATIONS AND ETHICS
- DOMAIN 9 - PHYSICAL SECURITY
- DOMAIN 10 - OPERATIONS SECURITY
- Veridon
- CISSP Quizzes
- CISA Quizzes
- Contributed Quizzes
- CISSP
- Coming Soon
- CISSP
- CGEIT Certification by ISACA
- CISA Certification by ISACA
- CISM Certification by ISACA
- CAP Certification by ISC2
- CISSP Certification by ISC2
- CSSLP certification by ISC2
- ISSMP Certification by ISC2
- ISSEP Certification by ISC2
- SSCP Certification by ISC2
- HIPAA Certification
- ITIL Certification
- SANS GIAC GCFW
- Enterprise Risk Management
- Jobs & Career
- PCI DSS
- Real Life Security Issues
- Sarbanes-Oxley
- VOIP
Page Generation: 0.57 Seconds