InfoSec

SCADA/ Industrial Security

  • newValidian's New Integrated Authentication Prevents Digital Hacking And Hijacking Of Critical <b>...</b>
    (OTCQB: VLDI), a leader in cyber-security technology, today announced its ... of critical installations and infrastructure as well as servers, data bases, mobile ... Validian technology enables the next generation of secure Mobile ...
    - 21 mins ago Tuesday, January 27, 2015 -
  • newSri Lanka Telecom to Offer CYREN <b>Cybersecurity</b> Solution
    Managed by CYREN's security and operations experts on a purpose-built ... its trusted CYREN GlobalView Cloud infrastructure that is relied upon by many of ... and TASE: CYRN) is a long-time innovator in cybersecurity solutions.
    - 1 hour ago Tuesday, January 27, 2015 -
  • new<b>Cybersecurity</b> savant
    But as cybersecurity quickly evolves from an IT issue into a geopolitical ... is necessary to better defend the country's infrastructure from cyberattacks.
    - 1 hour ago Tuesday, January 27, 2015 -
  • newNew government agency to oversee Singapore's <b>cybersecurity</b> operations
    SITSA itself was established in 2009 as a government agency dedicated to beefing up the country's IT security infrastructure and combat cyber ...
    - 2 hours ago Tuesday, January 27, 2015 -
  • newCommunity College Cyber Summit (3CS) Addresses the Need for <b>Cybersecurity</b> Education ASAP
    The emphasis of cybersecurity throughout the nation's critical infrastructure makes the community college's role even more relevant. The 2nd Annual ...
    - 4 hours ago Tuesday, January 27, 2015 -
  • newBeware: A national cyberterrorism attack may loom
    A cyberterror attack on vital national infrastructure such as power facilities, ... "Cybersecurity is already a tier-one national security priority and our ...
    - 5 hours ago Tuesday, January 27, 2015 -
  • new20 Of The Safest Cities In The World
    Digital security � This measures the quality of a city's cybersecurity, the ... Zurich takes the top spot for both health security and infrastructure safety.
    - 12 hours ago Monday, January 26, 2015 -
  • newCoast Guard Set to Release <b>Cyber</b> Strategy
    The Coast Guard will release a comprehensive cybersecurity strategy, ... maritime critical infrastructure from cyberattacks, according to Coast Guard ...
    - 14 hours ago Monday, January 26, 2015 -
  • newCongress Should Refocus DHS on Crucial <b>Cybersecurity</b> Reforms
    One important area where DHS needs to do more is cybersecurity. ... various sectors of critical infrastructure being penetrated by nation-state hackers.
    - 16 hours ago Monday, January 26, 2015 -
  • newS4x15 Capture the Flag
    This year at S4x15, Digital Bond set out to create an ICS Capture The Flag, or CTF. Flags were created to simulate real world situations that an attacker would encounter if he targeted an ICS. By the end of the CTF, there were over 30 teams playing.…
    - 19 hours ago Monday, January 26, 2015 -
  • newInsider's View on <b>Cybersecurity</b> in the TMT Sector
    Turetsky: One example is in the area of cybersecurity, which is clearly a ... Having led the FCC's policy area pertaining to cybersecurity � including ... It's also clear that the vast majority of the critical infrastructure in our country is ...
    - 19 hours ago Monday, January 26, 2015 -
  • newPFP <b>Cybersecurity</b> Launches to Protect SCADA Systems and Supply Chains
    26, 2015 /PRNewswire/ -- PFP Cybersecurity today announced the official ... chain as well as critical infrastructure such as industrial control systems.
    - 23 hours ago Monday, January 26, 2015 -
  • newOfficials: Fort Morgan on forefront of U.S. <b>cybersecurity</b> efforts
    Because of that attitude, the city now finds itself where it is today, with high-level cybersecurity systems in place to protect the city's power infrastructure ...
    - 1 day ago Monday, January 26, 2015 -
  • Internet Attack Could Shut Down US Gas Stations

    - 4 days ago Thursday, January 22, 2015 -
  • S4x15 OTDay Presentations Are Up
    We have posted the presentations from Tuesday’s Operations Technology Day (OTDay) of S4x15. The purpose of OTDay is to provide very practical information on how to apply mission critical IT technology and processes to OT. There were 150 people in a…
    - 7 days ago Tuesday, January 20, 2015 -
  • Attackers Planting Banking Trojans In Industrial Systems

    - 14 days ago Tuesday, January 13, 2015 -
  • 15 Reasons to be Optimistic about ICS Security in 2015
    This is the companion article to our 15 Reasons to be Pessimistic about ICS Security in 2015 that we ran on Friday. On Wednesday I’ll lay out what to look forward to in 2015 based on these two contrasting articles. Many of the items below come from…
    - 22 days ago Monday, January 5, 2015 -
  • 15 Reasons to be Pessimistic about ICS Security in 2015
    If this is too depressing, wait for Monday’s article 15 Reasons to be Optimistic about ICS Security in 2015. Almost all ICS protocols are still insecure by design with no end in sight. Access to ICS = Compromise. Most potentially influential organi…
    - 25 days ago Friday, January 2, 2015 -
  • 31C3: Too Smart Grid in da Cloud ++
    This year we want to discuss Green Energy. Our hackers' vision of Green Energy, SmartGrids and Cloud IoT technology.  Our latest research was devoted to the analysis of the architecture and implementation of the most wide spread platforms for wind a…
    - 28 days ago Tuesday, December 30, 2014 -
  • SOS! Secure Open SmartGrids!
    Dear all,After our 31C3 Too SmartGrid in da Cloud talk we get many questions about Solar and Wind plants vulnerabilities, Internet connected SmartGrid devices. Guys, sorry, but we don’t know yet.There are dozens of platforms, hundreds of vendors,…
    - 30 days ago Sunday, December 28, 2014 -
  • South Korea Nuclear Plant Hit By Hacker

    - 35 days ago Tuesday, December 23, 2014 -
  • Hack Attack Causes Massive Damage At Steel Works

    - 36 days ago Monday, December 22, 2014 -
  • Friday News and Notes
    Get your S4x15 Hotel Reservation at The Surfcomber today or tomorrow. They still have rooms for Tuesday through Friday nights at the $249 conference rate. The non-conference rate is $529. We are in the fourth and final tier of S4x15 registration. Sea…
    - 39 days ago Friday, December 19, 2014 -
  • Whose Code Is It, Anyway?
    Threatpost and a handful of other news outlets are reporting on a worm actively exploiting the Shellshock bug against unpatched NASes. As an aside I find it a bit strange that the attackers are only performing clickjacking attacks — a much more obv…
    - 41 days ago Wednesday, December 17, 2014 -
  • Chasing the White Whale: How Advanced Attacks Leverage Spear Phishing
    Update: Breaking News: ICANN targeted in a spear phishing attack Information security becomes increasingly important as the frequency of cyber attacks increases. From Target to Sony, the past 12 months have played host to the largest volume of attack…
    - 42 days ago Tuesday, December 16, 2014 -
  • Well, Honeywell
    New knowledge about Honeywell Experion Process Knowledge System. Yes, you must patch it.Yes, it's all about grep +1 SSRF.Thanks to Alexander Tlyapov, Gleb Gritsai, Kirill Nesterov, Artem Chaykin and Ilya KarpovHoneywell advisory/patch:https://www.h…
    - 42 days ago Tuesday, December 16, 2014 -
  • Friday News & Notes
    The big story of the week was from Bloomberg’s Robertson & Riley: Mysterious ’08 Turkey Pipeline Blast Opened New Cyberwar Era. While the headline isn’t correct, the sourcing is anonymous and some of the technical conclusions are wrong, this is…
    - 46 days ago Friday, December 12, 2014 -
  • Picture This: Sony Hack Won’t Be the Last
    The FBI has warned US companies of a wave of destructive cyber attacks, in light of the recent Sony hack. I commented to eSecurityPlanet and SecurityWeek: “These attacks are troublesome, but not surprising. Earlier this year we witnessed Code Space…
    - 47 days ago Thursday, December 11, 2014 -
  • ICS Village CTF Update
    We have updated the ICS Village page on the S4x15 site. The network diagram is updated so now you will see that there will be Wonderware, Open BACnet stack, and Modicon PLC on the network. The next update will include an almost full list, we will kee…
    - 48 days ago Wednesday, December 10, 2014 -
  • Aqualillies at S4x15
    The South Beach Pool Party will be at the Surfcomber Hotel on Thursday after the S4 Technical Sessions. We are pleased to announce the entertainment for the party … The Aqualillies! This synchronized swimming group will perform a few numbers in the…
    - 49 days ago Tuesday, December 9, 2014 -
  • S4x15 Advanced Training Classes
    S4x15 attendees have some choices for the Friday activity. There is the ICSage: ICS Cyber Weapons conference and now two one-day advanced training classes. We pick classes that will teach students with the right experience a new, leading edge skill i…
    - 53 days ago Friday, December 5, 2014 -
  • Siemens patches critical SCADA flaws likely exploited in recent attacks
    Siemens released security updates for several of its SCADA (supervisory control and data acquisition) products for industrial environments, in order to fix critical vulnerabilities that may have been exploited in recent attacks.One of the vulnerabi…
    - 57 days ago Monday, December 1, 2014 -
  • BootKit via SMS
    One of demo from PacSec and ZeroNights.Short FAQQ: Is it BadUSB?A: Not exactly, but kind of. Can be applied to any Android gadget. Q: Is it local or remote stuff?A: Can be done remotely (web/sms) for 4G/3G modemsQ: Any threats to ICS?A: YesQ: Huawei?…
    - 69 days ago Wednesday, November 19, 2014 -
  • Is it time to Fire your network protection vendor?
    I hereby solemnly promise that Bromium will never have a product with “fire” in its name.  By now every vendor in the  next-gen IDS / IPS / Firewall / honeypot-as-ultimate-defense-against-the-dark-arts market has a next-gen “fire”-branded p…
    - 78 days ago Monday, November 10, 2014 -
  • An Unprecedented Look At Stuxnet, The World's First Digital Weapon

    - 85 days ago Monday, November 3, 2014 -
  • Different type of SCADA...
    +Update http://blog.ptsecurity.com/2015/01/hacking-atm-with-raspberry-pi.htmlSlides and demo from Olga and Alex report on ATM hacking at Black Hat. MS08-067 strikes again. Now ATM.There are a lot of different kinds of SCADA... Click Enjoy...
    - 90 days ago Wednesday, October 29, 2014 -
  • BlackEnergy Malware Has Compromised Systems For 2 Years

    - 90 days ago Wednesday, October 29, 2014 -
  • Attack of the malicious document – what was old is new again
    Recent zero day attacks targeting Windows using malicious Office documents should be a reminder to all of us that no attack vector ever truly dies, it just lurks in the background waiting for it’s time to come again. Malicious Office documents have…
    - 97 days ago Wednesday, October 22, 2014 -
  • Many Eyes Make Credible Security
    We are proud to announce the successful results of an independent source-code review and penetration test of vSentry version 2.4 by the leading security consultancy  IOActive – acknowledged as one of the world’s leading security firms serv…
    - Tuesday, October 14, 2014 -
  • What is my encryption key?
    Update for update for WinCC <7.3. Now for Siemens SIMATIC PCS 7 <8.1.Details: https://ics-cert.us-cert.gov/advisories/ICSA-14-205-02A
    - Thursday, October 9, 2014 -
  • Why is Bromium InDemand?
    Recently LinkedIn recognized Bromium as one of the 10 most InDemand startups in the Bay Area. Thank you LinkedIn, and thank you Bay Area Tech Community! A number of folks, prospective and current co-workers, investors, customers, and friends have per…
    - Friday, October 3, 2014 -
  • Threat Intelligence firm mistakes research for nation-state attack
    [Updates to this story appear on page two.]On Tuesday, Bloomberg published a story based on honeypot scans, which was a follow-up to a previously published piece that explored the nature of attacks against industrial-control systems.Bloomberg's stori…
    - Wednesday, October 1, 2014 -
  • Rogue cell towers discovered in Washington, D.C.
    Towards the end of July, ESD America, the makers of the ultra-secure CryptoPhone, said that their engineers and customers had discovered more than a dozen rogue cell towers (also known as interceptors or IMSI catchers) around the U.S.New information…
    - Wednesday, September 17, 2014 -
  • Goldilocks and the 3 Theres
      At VMWorld VMware SVP of Security Tom Korn described the hypervisor and virtual network environment of a virtual infrastructure platform as the “Goldilocks Zone” for application security in the software defined data center.  He was right.  A…
    - Thursday, September 11, 2014 -
  • IDG Contributor Network: Tunnel vision: Train security as critical as planes and automobiles
    In recent weeks you’ve heard a lot of discussion around the cyber risks to aircraft and automobiles. After the Black Hat, DefCon and BSides conferences in Las Vegas, Nev., in July, it would seem that a great deal of necessary attention will be pai…
    - Monday, September 8, 2014 -
  • Next-Gen IDS/IPSs: Caught between a ROC and a hard place
    The market appears to have revisited its irrational exuberance about next-gen network IDS/IPSs, perhaps because every major security vendor has one (truth be told, throwing traffic at a set of cloud- or appliance-hosted sacrificial VMs isn’t rock…
    - Monday, September 8, 2014 -
  • Black Hat Survey: End Users Remain Biggest Security Headache as Compromised Endpoints Increase
    Earlier this year, Bromium published “Endpoint Protection: Attitudes and Opinions,” a statistical analysis of more than 300 information security professionals. The results revealed that endpoints are vulnerable, anti-virus is ineffective and end…
    - Wednesday, September 3, 2014 -
  • Industrial software website used in watering hole attack
    AlienVault Labs has discovered a watering hole attack that's using a framework developed for reconnaissance as the primary infection vector.The criminals responsible for the incident compromised an unnamed industrial software firm's website, suggesti…
    - Tuesday, September 2, 2014 -
  • Few bugs in Wonderware Information Server
    Vulnerabilities/fixes in Schneider Electric/Invensys Wonderware Information Server (WIS) to support tradition.The following Schneider Electric WIS versions are affected:Wonderware Information Server 4.0 SP1 Portal,Wonderware Information Server 4.5 Po…
    - Monday, September 1, 2014 -
  • Not by SCADA alone: ATM hack @BH Europe
    Alexey and Olga gonna speak @BlackHat 2014 EU on ATM security.Please be careful there!Hint
    - Monday, September 1, 2014 -
  • How a hacker could cause chaos on city streets
    Traffic is chaotic enough in major cities, but imagine how much worse it would be if a criminal hacker got control of the traffic lights.That Hollywood scenario is what researchers at the University of Michigan proved could happen given the security…
    - Friday, August 29, 2014 -
  • Workers at U.S. nuclear regulator fooled by phishers
    Nuclear Regulatory Commission employees were tricked into disclosing passwords and downloading malware in three phishing attacks that occurred over a three-year period.The incidents were described in an inspector general report obtained by the public…
    - Tuesday, August 19, 2014 -
  • The Rise and Fall of Enterprise Security
    Every day, enterprises are bombarded by rapidly multiplying and morphing advanced threats—and current network and endpoint security solutions aren’t capable of defeating these targeted attacks. This year a major IT analyst wrote: “Advanced targ…
    - Thursday, August 14, 2014 -
  • IDG Contributor Network: Buckle up: Security threats to connected cars get real
    As our connected cars move from syncing our music to driving us home, drivers, passengers, and pedestrians are starting to wonder if they should trust these high-velocity death-mobiles with their lives.  It’s a good question.Tesla, one of the lea…
    - Tuesday, August 12, 2014 -
  • NIST Wants Better SCADA Security

    - Tuesday, August 12, 2014 -
  • In praise of seamless, small-footprint, light-weight, transparent endpoint security
    In a recent blog, Rick Holland of Forrester Research takes aim at meaningless vendor epithets, such as “light-weight”, “non-invasive” and “small-footprint” used to describe their endpoint security products.  As he astutely observes, what…
    - Monday, July 28, 2014 -
  • Siemens SIMATIC WinCC 7.3: Vulnerabilities/Fixes
    New version of WinCC/new features/new advisories/new vulnerabilities. Kudos Gleb Gritsai, Dmitry Nagibin and Alexander Tlyapov .CVE-2014-4682/HTTP/sensitive data (session) leakage CVE-2014-4683/HTTP/remote privileges escalation (useful with CVE-2014-…
    - Wednesday, July 23, 2014 -
  • Microvisor + Hypervisor Makes Your VMs Secure by Design
    I often get asked whether micro-virtualization can be used with a traditional hypervisor and full-OS “fat” VMs (humor: FAT VMs are another matter). YES! There are powerful benefits in both client and server scenarios. I’ll focus on the user cen…
    - Wednesday, July 16, 2014 -
  • How do you spell “Polymorphic”?
    I guess the answer is “i r o n y”:  Last week a Bromium field employee searched for “polymorphic” on dictionary.com and was treated to a gloriously literal definition: The site dropped a banking Trojan! Although the user was unaware of th…
    - Tuesday, July 15, 2014 -
  • Detectible Dysfunction
    In 2003, security industry analyst Richard Stiennon famously declared that intrusion detection systems would be obsolete by 2005, writing at the time: “The underlying problem with IDS is that enterprises are investing in technology to detect intrus…
    - Thursday, July 10, 2014 -
  • If you had only one more security dollar…
    what would you spend it on?   Improve endpoint security, or better protect your network or your applications? This was the topic debated by three Gartner security analysts: Neil MacDonald (endpoint), Greg Young (network) and Joseph Feiman (applicati…
    - Tuesday, July 8, 2014 -
  • New Resource Page for the latest on Havex / Dragonfly / Energetic Bear Campaign
    Get the latest on the current ICS cyber threat intelligence related to the Dragonfly / Energetic Bear campaign and the use of the Havex exploit, including new vectors exploiting trusted supplier software troganization.
    - Thursday, July 3, 2014 -
  • The Dawn Of A New Era In Corporate Cyber Threats?
      Cyber criminals know where the money is and have been attacking businesses in the hopes of getting a big payout for many years. Hacking and manipulating financial systems to steal money or customer credit and banking information to sell on the bla…
    - Tuesday, July 1, 2014 -
  • Energy Firms Hacked By Dragonfly Group

    - Tuesday, July 1, 2014 -
  • SCADA/ICS Systems Under Attack In Europe Stuxnet-Style

    - Thursday, June 26, 2014 -
  • Chrome Perfected (2/2): Protect Users and Sites on the Web
    In a previous post I described how Bromium makes Chrome fast and massively secure.   vSentry will always protect the endpoint from an attack via the browser – and the attack will be automatically remediated. But the browser itself manages valua…
    - Wednesday, June 25, 2014 -
  • Open Source Security in a Post-Heart Bleed World
    Join SCADAhacker and McAfee for the next Twitter #SecChat on "Open Source Security in a Post-Heart Bleed World" Thursday, June 26 from 11am-12pm PST. Details and RSVP available here. The June #SecChat will address current issues surrounding OpenSS…
    - Wednesday, June 25, 2014 -
  • Special Discount for Upcoming ICS Advanced Cyber Security Training
    Hurry and register for the next advanced cyber security training course "Understanding, Assessing and Security Industrial Control Systems" to be held August 11-15 at Lambeau Field, Green Bay. This will be an exciting week, as the famous Green Bay P…
    - Wednesday, June 25, 2014 -
  • Kali Linux Mirrors added to SCADAhacker
    Mirrors for Kali Linux 1.0.7 have been added to the Tools page. Authenticity can be validated by comparing the appropriate SHA1 hash value with those from the Kali website (kali.org).
    - Wednesday, June 25, 2014 -
  • Videos Now Available from KIACS 2014 in Kuwait
    All of the videos from the successful Kuwait Industrial Automation Cyber Security (KIACS) 2014 Conference in Kuwait City has been added to the Event Archives on the Home page.
    - Tuesday, June 24, 2014 -
  • New Tools Coming Soon to SCADAhacker!
    In addition to updated information regarding upcoming training and related cyber events on the Home page, details have been placed on the Tools page regarding the addition of some new how-to guides.
    - Tuesday, June 24, 2014 -
  • Culture clash: How physical security is impacted by cultural norms
    Physical perimeter security can differ from facility to facility, with myriad factors playing into what exactly is implemented, including budget and the assets that are being protected.But what about geographical location and, subsequently, culture?I…
    - Monday, June 23, 2014 -
  • The Implications of “Endpoint Protection: Attitudes and Opinions”
    Bromium has just published the results of “Endpoint Protection: Attitudes and Opinions,” a survey of more than 300 information security professionals, focused on end user threats and security. The majority of the respondents believe: Existing sec…
    - Wednesday, June 18, 2014 -
  • Chrome Perfected: Fast, Massively Secure and Gloriously Private (1/2)
    Bromium or Chromium?  The right answer is both.  Chrome users have an almost religious passion for their browser, whose rapid ascent threatens to eclipse IE.  Bromium’s micro-virtualized Chrome substantially surpasses Google’s own vision, deli…
    - Thursday, June 12, 2014 -
  • Confidence 2014 slides and releases
    Nice update by @atimorin.Slides and tools:http://www.slideshare.net/AlexanderTimorin/scada-deep-inside-protocols-and-security-mechanismshttps://github.com/atimorin/scada-toolsHint from Code Monkey Hate Bug also: https://twitter.com/jadamcrain/status/…
    - Tuesday, June 10, 2014 -

IT News

  • newWaterbug Threat Group Targeted Systems in Over 100 Countries: Symantec

    Waterbug Threat Group Targeted Systems in Over 100 Countries: Symantec

    Symantec has published a new whitepaper detailing the activities of a threat group dubbed by the security firm “Waterbug.”read more
    - 58 mins ago Tuesday, January 27, 2015 -
  • newCybersecurity proves to be a necessity for owner of Durham’s Cocoa Cinnamon
    Posted by InfoSec News on Jan 27http://www.newsobserver.com/2015/01/26/4502592_cybersecurity-proves-to-be-a-necessity.htmlBy Virgina Bridgesnewsobserver.comJanuary 26, 2015I could tell that Leon Grodski de Barrera was skeptical when I told him t…
    - 3 hours ago Tuesday, January 27, 2015 -
  • newThe tooth gnashing you hear is from Flash users installing a new 0day patch
    Posted by InfoSec News on Jan 27http://arstechnica.com/security/2015/01/those-teeth-gnashings-you-hear-are-flash-users-installing-a-new-0day-patch/By Dan GoodinArs TechnicaJan 26 2015Adobe Systems is once again rolling out an emergency Flash upda…
    - 3 hours ago Tuesday, January 27, 2015 -
  • newSpreading the Disease and Selling the Cure
    Posted by InfoSec News on Jan 27http://krebsonsecurity.com/2015/01/spreading-the-disease-and-selling-the-cure/By Brian KrebsKrebs on SecurityJanuary 26, 2015When Karim Rattani isn’t manning the till at the local Subway franchise in his adopted…
    - 3 hours ago Tuesday, January 27, 2015 -
  • newStartup finds malware intrusions by keeping an eye on processor radio frequencies
    Posted by InfoSec News on Jan 27http://www.networkworld.com/article/2875517/security0/startup-finds-malware-intrusions-by-keeping-an-eye-on-processor-radio-frequencies.htmlBy Tim GreeneNetwork WorldJan 26, 2015PFP Cybersecurity, a startup with ro…
    - 3 hours ago Tuesday, January 27, 2015 -
  • newEHR audit catches snooping employee
    Posted by InfoSec News on Jan 27http://www.healthcareitnews.com/news/ehr-audit-catches-snooping-employeeBy Erin McCannManaging EditorHealthcare IT NewsJanuary 26, 2015Electronic health records not only enable faster access to real-time patient…
    - 3 hours ago Tuesday, January 27, 2015 -
  • newAbout the infosec skills shortage
    Posted by InfoSec News on Jan 27http://3vildata.tumblr.com/post/109188919632/about-the-infosec-skills-shortageBy https://twitter.com/addelindh andhttps://twitter.com/0xterohttp://3vildata.tumblr.com/Jan 26th, 2015Today I got into an argument on Tw…
    - 3 hours ago Tuesday, January 27, 2015 -
  • newDavid Cameron says hoax call did not breach security
    Posted by InfoSec News on Jan 27http://www.bbc.com/news/uk-30977267BBC News26 January 2015David Cameron has said a hoax call he received from someone claiming to be taking part in a high level conference call, did not "breach security".The prime…
    - 3 hours ago Tuesday, January 27, 2015 -
  • newStartup Uses Changes in Power Consumption to Detect Industrial Cyber Threats

    Startup Uses Changes in Power Consumption to Detect Industrial Cyber Threats

    PFP Cybersecurity Launches Physics-Based Solution to Protect SCADA Systems and Supply Chains read more
    - 4 hours ago Tuesday, January 27, 2015 -
  • newIt's Okay to Fail - Security is a Problem That Can't be Solved

    It's Okay to Fail - Security is a Problem That Can't be Solved

    It’s okay to fail. This may sound radical, but I would argue that the information security community isn’t failing enough. Or rather, we as a community are failing passively on a continual basis, rather than failing actively. The difference be…
    - 5 hours ago Tuesday, January 27, 2015 -
  • newHere’s What You Need To Know From Microsoft’s $26B Quarter

    Here’s What You Need To Know From Microsoft’s $26B Quarter

     Microsoft reported its fiscal second-quarter financial performance today, laid out its forecasts for its future performance and took questions from a number of analyst. It was a flurry of data, so let’s take a moment and dig through the big point…
    - 11 hours ago Monday, January 26, 2015 -
  • newInternet of Things Security Challenging Enterprise Networks: Survey

    Internet of Things Security Challenging Enterprise Networks: Survey

    While there have increasingly been many predictions about the impact the Internet of Things (IoT) will have on organizations in the future, it appears that the number of non-traditional devices connected to corporate networks is already challenging e…
    - 13 hours ago Monday, January 26, 2015 -
  • newNSA Releases Defensive Strategies for Fighting Malware Targeting Corporate Data

    NSA Releases Defensive Strategies for Fighting Malware Targeting Corporate Data

    The NSA's Information Assurance Directorate (IAD) issued a report this month laying out best practices for combating malware designed to steal or destroy corporate data.read more
    - 16 hours ago Monday, January 26, 2015 -
  • new'Sexy Girls' wallpaper app in Google Play store accessed account info
    The app is no longer available from the Google Play store, but prior to being removed it had been installed between 50,000 and 100,000 times.
    - 16 hours ago Monday, January 26, 2015 -
  • newTop Spy at CIA Stepping Down: Agency

    Top Spy at CIA Stepping Down: Agency

    The head of the CIA's secret intelligence operations plans to step down just as the spy agency weighs an unprecedented shake-up of the organization, officials said Monday. The chief of the spy service's clandestine arm "has announced that he soon p…
    - 16 hours ago Monday, January 26, 2015 -
  • newApple to Patch Thunderstrike, Vulnerabilities Disclosed by Google

    Apple to Patch Thunderstrike, Vulnerabilities Disclosed by Google

    The vulnerabilities disclosed last week by Google and the Thunderstrike flaw detailed in December by a researcher have been reportedly fixed by Apple in OS X Yosemite 10.10.2 beta.read more
    - 18 hours ago Monday, January 26, 2015 -
  • newEnterprises Overly Reliant on Perimeter-based Defenses: Survey

    Enterprises Overly Reliant on Perimeter-based Defenses: Survey

    Survey Examines Impact Data Breaches at Target and other Organizations Have had on IT Budgets and Security Practices. Organizations are increasing investment in IT security, but even after a string of high profile data breaches in 2014, they aren't…
    - 18 hours ago Monday, January 26, 2015 -
  • newAlbany health system notifies more than 5,000 patients of data breach
    St. Peter's Health Partners is notifying more than 5,000 patients that a manager's cell phone, which contained their personal information, was stolen.
    - 20 hours ago Monday, January 26, 2015 -
  • newSources Say IBM Planning On Laying Off 12,000 Over Next Year

    Sources Say IBM Planning On Laying Off 12,000 Over Next Year

     Rumors have been swirling — and IBM’s stock has been rising — on reports that the company is planning a huge round of layoffs of up to 26% of its workforce, or 118,000 people. TechCrunch has been digging and has found out from two separate s…
    - 20 hours ago Monday, January 26, 2015 -
  • newVulnerability in Marriott Mobile App Exposed Customer Details

    Vulnerability in Marriott Mobile App Exposed Customer Details

    Up until last week, it was easy for a malicious hacker to gain access to the reservations and personal details of Marriott customers by leveraging a vulnerability in the hotel chain’s official mobile application.read more
    - 21 hours ago Monday, January 26, 2015 -
  • newPHP 5 Updates Fix Several Vulnerabilities

    PHP 5 Updates Fix Several Vulnerabilities

    Several security vulnerabilities affecting PHP were addressed last week with the release of versions 5.6.5, 5.5.21 and 5.4.37.One of the flaws, an out-of-bounds read (CVE-2014-9427) that crashes php-cgi, was reported by Brian Carpenter.read more…
    - 22 hours ago Monday, January 26, 2015 -
  • newWikiLeaks Accuses Google of Handing Over Emails to US

    WikiLeaks Accuses Google of Handing Over Emails to US

    London - WikiLeaks on Monday accused Internet giant Google of handing over the emails and electronic data of its senior staff to the US authorities, and not notifying them for almost three years.read more
    - 23 hours ago Monday, January 26, 2015 -
  • newDating Site Topface Investigating Possible Hack

    Dating Site Topface Investigating Possible Hack

    Russia-based dating website Topface says it’s investigating reports that the details of 20 million users have been stolen by hackers.read more
    - 23 hours ago Monday, January 26, 2015 -
  • newAs Google Looks To Expand Wallet Use, WePay Integrates Instant Buy API

    As Google Looks To Expand Wallet Use, WePay Integrates Instant Buy API

     Google is reportedly eyeing up an acquisition of Softcard to expand Google Wallet services to more points of sale with retailers; but it also wants to grow its position in the wider world of mobile-based transactions to compete with the likes of P…
    - 24 hours ago Monday, January 26, 2015 -
  • newAdobe Fixes Second Flash Player Zero-Day Vulnerability

    Adobe Fixes Second Flash Player Zero-Day Vulnerability

    Adobe updated Flash Player over the weekend to fix the second zero-day vulnerability (CVE-2015-0311) reported last week. The patch was initially announced for this week, but the company released it ahead of schedule.read more
    - 1 day ago Monday, January 26, 2015 -

Youtube News - CyberSecurity

CyberSecurity Malaysia Corporate Video 2015

- 4 hours ago Tuesday, January 27, 2015 -
Cybersecurity Resolutions for the New Year
With a new year underway, small and mid-sized contractors should resolve themselves to better cybersecurity preparedness in 2015. The federal government has been busy passing laws and issuing...
- 15 hours ago Monday, January 26, 2015 -
Fadi Chehade from ICANN at the Cybersecurity Rountable in Davos 2015
Fadi Chehade from ICANN at the Cybersecurity in the New Global Context Roundtable in Davos 2015 Panel : Carlos Moreira (WISeKey), Jean-Manuel Rozan (Qwant)
- 21 hours ago Monday, January 26, 2015 -
Respon CyberSecurity Malaysia tentang insiden penggodaman
Dan untuk mengulas lanjut mengenai insiden penggodaman itu, bersama kita di talian ialah Dr. Aswami Fadillah Mohd Ariffin, Naib Presiden, Perkhidmatan Responsif CyberSecurity Malaysia. Sila...
- 22 hours ago Monday, January 26, 2015 -
Cybersecurity in the New Global Context, The Rise of Borderless Electronic Identities
ADDRESSING PRIVACY SECURITY AND TRUST IN THE POST-PASSWORD ERA. Carlos Moreira - WISeKey, Radu POPESCU-ZELETIN - FOKUS, Thomas Andersson -GINI, David Fergusson - M&A ...
- 23 hours ago Monday, January 26, 2015 -
Can U.K.'s Cybersecurity Push Save Cameron From Prank Calls?
The U.K.'s prime minister and top intelligence agency were both victims of prank phone calls that went surprisingly far Sunday. Follow Jay Strubberg: http://www.twitter.com/JayStrubberg See...
- 1 day ago Sunday, January 25, 2015 -
What Are Best CyberSecurity Practices For Your Small Business?
BVS Cyber Security Expert and CEO, Scott Schober, speaks with MSNBC's JJ Ramberg, host of Your Business about cybercrime security for your small business Berkeley's President and CEO, Scott...
- 2 days ago Sunday, January 25, 2015 -
Cybersecurity Skills Shortage a Big Concern: ISACA - TOI
Cybersecurity skills shortage a big concern: ISACA A new global survey of more than 3400 members of IT association ISACA reveals there is a global shortage of skilled cybersecurity professionals...
- 2 days ago Sunday, January 25, 2015 -
Obama Proposes New Cybersecurity Bill CISPA with a New Name!
This is a Agenda News channel,if you get latest news around the world click on subscribed button,thank you.
- 2 days ago Sunday, January 25, 2015 -
FEF Cybersecurity Flyzik Recap Jan 2015
Flyzik Group's Jim Flyzik Recaps the Cybersecurity-Federal Executive Forum Program-Jan. 2015.
- 4 days ago Friday, January 23, 2015 -
FEF Cybersecurity Vision US Cyber Command Jan 2015
US Cyber Commands MG Joseph Brendler on Future Vision in Cybersecurity-Federal Executive Forum Program-Jan. 2015.
- 4 days ago Friday, January 23, 2015 -
FEF Cybersecurity Vision Palo Alto Networks Jan 2015
Palo Alto Networks' Rick Howard on Future Vision in Cybersecurity-Federal Executive Forum Program-Jan. 201.
- 4 days ago Friday, January 23, 2015 -

Google News

Current Discussions

  • newSSL over self-implemantation of RSA?
    I currently write a client application which communicates with a PHP server.The application itself requires valid user credentials and get all of his information by doing POST requests to the PHP server. Is the first scenario safe or should I use S…
    - 22 mins ago Tuesday, January 27, 2015 -
  • newJCE Unlimited Strength Jurisdiction Policy Files 8
    What I know is that, this jar file is needed regarding some issue with the encryption key while encryption or decryption.Can some one tell what are the countries where we can't use this jar file?http://www.oracle.com/technetwork/java/javase/downl…
    - 22 mins ago Tuesday, January 27, 2015 -
  • newGmail disclosing your account name to recipients?
    My Gmail setting has forever been set to send emails with just my Gmail address as the identifier, so it should not send out my account name (first or last name)... or so I thought!Recently I got a reply from someone (to whom I had contacted for th…
    - 2 hours ago Tuesday, January 27, 2015 -
  • newExtract pre-master keys from an OpenSSL application
    Consider an application using OpenSSL which has a bug. A packet capture of the full SSL session is available, as well as a core dump and debugging symbols for the application and libraries. A RSA private key is also available, but since a DHE cipher…
    - 2 hours ago Tuesday, January 27, 2015 -
  • newCSRF-protection using authentication token in HTTP header
    I'm working on a web application which stores an authentication token in a cookie.The only CSRF-protection is referrer checking.I am considering improving this by moving the authentication token from cookies to a custom header, such as X-AuthToke…
    - 3 hours ago Tuesday, January 27, 2015 -
  • newLocal File Inclusion on a Windows Server
    Is there a way to get RCE (e.g. log poisoning, or php wrappers, etc), or something of similar dangers, from an LFI on a windows server that isn't running PHP, but rather coldfusion (cfinclude) /asp? I'm quite curious and I don't see much information…
    - 5 hours ago Tuesday, January 27, 2015 -
  • newLong character sequence in first string of HTTP GET request breaks the web service's HTTP response. Buffer overflow?
    During my current security audit test I've stumbled on something I can't possibly comprehend. The behavior exhibits signs of a buffer overflow in the target or in some intermidiate service (HTTP proxy/IDE/IPS/firewall), but I haven't been able to pro…
    - 6 hours ago Tuesday, January 27, 2015 -
  • newUsing AES in CTR for TCP/IP based network connections - need to encrypt the IVs?
    For AES based encryption on TCP/IP connections, I am guessing I have to do the following:Have the 2 parties share a common key, assuming I am doing AES-128 then a sequence of 16 bytes. Ideally the bits are securely random.Since we are running AES…
    - 7 hours ago Monday, January 26, 2015 -
  • newHow to protect against adversaries snatching booted laptops to defeat full disk encryption?
    I read an article describing how FBI agents snatched Ross Ulbricht's laptop while it was running to defeat full-disk encryption: Two plainclothes FBI agents, one male and one female, walked up behind Ulbricht and began arguing loudly. This stag…
    - 7 hours ago Monday, January 26, 2015 -
  • newIs WPA practically less secure than WPA2 only if QoS is enabled?
    I've been looking into attacks that are effective against WPA-TKIP but not WPA2-AES (both using PSK). I've found Vanhoef & Piessens's paper that builds off an attack by Beck & Tews and can be used for total decryption, but only if the router has QoS…
    - 7 hours ago Monday, January 26, 2015 -
  • newError while running jTSS in Eclipse
    I am trying to run the Trusted Computing API JSR321 in Eclipse by following the tutorial provide at Getting Started with JSR321 in Windows 7.After successfully enabling my TPM (manufacturer: STM & version: 1.2). I tried to run the code given in t…
    - 8 hours ago Monday, January 26, 2015 -
  • newSoft tokens - multiple profiles on same smartphone
    Some of our clients have started migrating to soft tokens instead of hardware ones for two-factor authentication to their network.We have apps like RSA SecurID and VIP Access on our smartphones.The problem we're starting to face is when new client…
    - 8 hours ago Monday, January 26, 2015 -
  • newHow to improve the security and privacy of Firefox
    What would be a sensible approach to enhance the security and privacy of Firefox?I did not find a question about this and I feel that some guidelines for casual web users would be handy.Currently my browser is wearing:Adblock Plus to block pesk…
    - 12 hours ago Monday, January 26, 2015 -
  • newHow to use ORM correctly to prevent SQL injection?
    I read here that using ORM (like nHibernate) does not necessarily prevent SQL injection; for example, if you keep creating dynamic queries using your ORM framework you are still vulnerable. Fine, then what is the proper use of ORM to avoid all type…
    - 12 hours ago Monday, January 26, 2015 -
  • newAre passwords comprised of key sequences on a keyboard any less secure than the same characters but jumbled up?
    Here are two passwords:5678%^&*tyuiTYUIand8^tyU75%*IuY6T&iBoth have the same number of characters and in each the characters are identical, the only difference is that the first arranges those characters in a pattern that lends itself stron…
    - 15 hours ago Monday, January 26, 2015 -
  • newOpenSSL vulnerability CVE-2015-0205
    I can't seem to make any sense out of the following vulnerability in OpenSSL:DH client certificates accepted without verification [Server] (CVE-2015-0205)=============================================================================Severity: Low…
    - 18 hours ago Monday, January 26, 2015 -
  • newSCRAM'ish technology/library for replay-safe signing with shared secret
    I have a JS File delivered over HTTPS and a randomly generated shared secret (which will expire after a while and be renewed via HTTPS) delivered via HTTPS.Both available on Side A and B of the communication.Now I need to send messages from A to B…
    - 21 hours ago Monday, January 26, 2015 -
  • newHow private is RAM from other users on a VPS?
    Can I safely assume that my RAM never can be accessed by another user on e.g. EC2 or Digital Ocean, if we suppose that I trust my provider and we don't consider possible bugs (such as Heartbleed) in my environment.
    - 22 hours ago Monday, January 26, 2015 -
  • newGenerating authentication token from PHP sessions
    I have a traditional PHP site which uses sessions. I've developed a real-time app in nodejs and wish to authenticate users here based on their PHP session. The procedure would go something like this:Client AJAX's some getAuthToken.php pageClient c…
    - 1 day ago Monday, January 26, 2015 -
  • newIf you can break this authentication system then you can break into my house
    I'll preface this by saying I know approximately 0 about cyber-secI've made a server that will allow smart phones to act as a remote control for my house (eg turn lights on/off and unlock doors). Obviously the security of this server is very import…
    - 1 day ago Monday, January 26, 2015 -
  • Some sites require that you accept cookies in order to use them. Does this mean that they can read/track my real IP?
    The site I want to use says that it stores permanent cookies on my computer to track various things, for instance if I have two accounts with them. It says "Please notethat if you set your browser to disable cookies, you may not be able to access ce…
    - 3 days ago Saturday, January 24, 2015 -
  • Security of email sent/received on iPhone via Mail app
    In regards to the default Mail app on iOS 8, setup with various mail accounts gmail, outlook etc.Are emails sent/received to/from the phone securely, if so, how?Can someone who is snooping on the phones data traffic see any email data?Thanks fo…
    - 15 days ago Monday, January 12, 2015 -
  • Keyboards using 2.4GHz with AES
    I got a Microsoft Sculpt keyboard, as it seems to be a small improvement over the much loved Ergo 4000. (What I'd give to have an Ergo 4000 with CheryMX Blues...)On various sites, they have this one snippet: Proprietary 2.4 GHz with 128 bit AES…
    - 86 days ago Sunday, November 2, 2014 -
  • CloudFlare - prompted for "attention required"
    I am getting a CloudFlare - attention required / security check prompt on most of the sites I visit through my Macbook running OS X Yosemite, these sites work perfectly on other devices (such as iPad, iPhone, Android and Windows based laptop) connect…
    - 90 days ago Wednesday, October 29, 2014 -
  • ShellShock vulnerability and Java Web Applications
    I am running a java webapplication ( Spring 3.2 based) on linux hosts.The linux hosts are vulnerable to the ShellShock vulnerability.Can someone exploit this vulnerabiity on my website ?
    - Monday, September 29, 2014 -
  • Is it safe to store public key encrypted password in the Mobile Device for authentication purposes?
    I have a Apache Cordova hybrid mobile app that needs to authenticate users, but we don't want to prompt for credentials every time the app is used.Some options came to my mind:Store the password encrypted using public key cryptography, so only th…
    - Monday, June 30, 2014 -
  • Can malware physically damage a hard drive?
    I recently responded to an incident of supposed malware infection. The symptoms were simply, "My computer freezes at random times." The response ended with replacement of the physical hard drive and re-imaging the machine. Later, I forensically ima…
    - Tuesday, May 13, 2014 -
  • What causes a powershell payload to run the first time but not the second?
    I created a windows/meterpreter/reverse_https powershell payload using the python script provided at the end of this article. In the first run, the meterpreter session opened successfully, when I closed it and tried to execute the powershell command…
    - Sunday, March 9, 2014 -
  • How can I be sure Lastpass really can't access my passwords?
    The recent, widely publicized security incident where millions of Linkedin were exposed reminded me to tighten up my password practices. I'm looking at several password managers now and I'm especially curious about Lastpass.They write on their home…
    - Friday, June 8, 2012 -
  • What are the career paths in the computer security field?
    What sorts of jobs are there, in which organizations, with what sorts of day-to-day responsibilities?What areas are good for folks coming out of school, vs what are good 2nd careers for experienced folks coming from various disciplines?
    - Thursday, May 12, 2011 -

Yahoo News

Spyware and Malware Alerts

  • newSearch Highlighter
    Search Highlighter is yet another adware program that will make browsing the web an annoying experience, to put it mildly. Unfortunately, quite a few users have their system infected with Search Highlighter due to the misleading marketing employed by…
    - 3 hours ago Tuesday, January 27, 2015 -
  • newSlimPrice
    Have you been presented with an offer to purchase a brand new laptop computer for an insanely low price? Perhaps you have recently installed SlimPrice on your system. It is an adware application that has to be removed, no questions asked. A lot of us…
    - 4 hours ago Tuesday, January 27, 2015 -
  • newGohd
    If you have encountered a browser add-on named Gohd, you should know that removing it is extremely important, as it is not an application that can be trusted entirely. This is so because in reality Gohd is nothing more than your average adware applic…
    - 4 hours ago Tuesday, January 27, 2015 -
  • newWebsearch.thesearchpage.info
    Websearch.thesearchpage.info is a search engine which you will definitely not want in the place of your regular homepage and search provider. One of the main reasons why it is so is the fact that this search engine might provide you with sponsored li…
    - 4 hours ago Tuesday, January 27, 2015 -
  • newHdview
    It does not matter which version of Hdview you install on your computer because all the versions of this application will cause you inconvenience because they will generate advertisements and place them on your screen. Hdview installs extensions to I…
    - 22 hours ago Monday, January 26, 2015 -
  • newHitTheLights
    HitTheLights is an application that will allow you to dim the lights around various videos on YouTube. The button will appear next to every video and you will be able to set the mood by clicking on it. Even though HitTheLights looks very useful, it w…
    - 22 hours ago Monday, January 26, 2015 -
  • newWebsearch.helpmefindyour.info
    No matter whether you have a state-of-the-art antispyware application installed on your computer, you still should be careful about what websites you access because you might get infected with Websearch.helpmefindyour.info. This browser hijacker shou…
    - 1 day ago Monday, January 26, 2015 -
  • newClicon
    Clicon (also known as Clicup and Clickon) is a program that promises to provide personalized offers and promotions. The program says that it will provide you with the best offers, discounts up to 70% off, and even allow you to compare the prices of d…
    - 1 day ago Monday, January 26, 2015 -
  • Skeleton Key
    Our malware researchers have analyzed a new computer infection known by the name Skeleton Key. We identify this threat as a Trojan, because it can slither into your operating system using devious scams. According to our research, the threat could use…
    - 4 days ago Friday, January 23, 2015 -
  • Price Chopper
    You might see different names for PriceChop adware because it can randomize them. Price Chopper is one of these names, so if you detect such a program on your computer, there is no doubt that you have encountered malicious software. It is known that…
    - 4 days ago Friday, January 23, 2015 -

White Papers and Webcasts

  • newAllgress Insight Risk Management Suite
    This white paper introduces a risk management suite that enables security professionals to apply business context to security and compliance management. It also empowers business stakeholders to make informed investment decisions that align with top…
    - 7 hours ago Monday, January 26, 2015 -
  • new9 Mistakes to Avoid When Migrating from VMware to the Cloud
    Here's a list of nine common mistakes even savvy IT managers make when migrating VMware to the cloud. Published by: CloudEndure Inc.
    - 7 hours ago Monday, January 26, 2015 -
  • newManaging Information & Technology Risk
    This white paper discusses this new approach to governance, risk management and compliance – one that manages IT risk as a key part of overall business operations and promotes stronger collaboration between IT and business-decision makers when it c…
    - 7 hours ago Monday, January 26, 2015 -
  • newGovernance, Risk, and Compliance for Critical Data Movement
    Join this webinar with experts from Forrester Research to learn about the key trends in GRC. Find out how to develop your lines of defense, learn how to measure your organization's GRC maturity, and get three key tips for developing a successful stra…
    - 7 hours ago Monday, January 26, 2015 -
  • newMobile Computing Strategies in Manufacturing
    This expert e-guide offers advice for manufacturing firms interested in developing a mobile computing strategy and how to find the right role for mobile business applications in manufacturing. Published by: Epicor Software Corporation
    - 7 hours ago Monday, January 26, 2015 -
  • newComplete Look at the Managed Service Provider Market
    Download this exclusive white paper now to learn how MSPs are no longer reserved only for the big companies and get a complete look at the MSP market. Published by: Webroot
    - 7 hours ago Monday, January 26, 2015 -
  • newGovernance, Risk, Compliance as a Service (GRCaaS)
    This white paper examines a cloud-based governance risk and compliance management platform that enables automated compliance reporting, comprehensive risk reporting, improved auditing capabilities and more features that strengthen risk and compliance…
    - 7 hours ago Monday, January 26, 2015 -
  • newLearn why NSS Labs Recommends NetScaler AppFirewall
    This exclusive webcast takes an in-depth look at application firewalls and includes a study of how one web application firewall (WAF) was able to toe the line and meet industry standards. Read on to learn more. Published by: Citrix
    - 7 hours ago Monday, January 26, 2015 -
  • newSharpen your device, data and document security
    This exclusive white paper dives into some of the toughest challenges with data security.  Read on to learn more. Published by: Hewlett-Packard Limited
    - 7 hours ago Monday, January 26, 2015 -
  • Computer Weekly – 27 January 2015: Why we need cyber war games
    In this week's Computer Weekly, the UK and US are starting a cyber war – all in the name of testing each other's defences. We look at why the war games are needed. We examine what IT managers can learn from the car industry to improve supplier rela…
    - 3 days ago Friday, January 23, 2015 -
  • APTs: Why the Best Defense is a Full Spectrum Offense
    This white paper provides answers to all of your questions about advanced persistent threats, from the APT lifecycle to the best ways to evaluate potential APT defense solutions. Published by: Zscaler
    - 3 days ago Friday, January 23, 2015 -
  • Rethinking the Paradigm of Advanced Threats
    Peter Sullivan explores why enterprises are failing to detect Regin-style advanced threats, and discusses how to realign people, processes and technology to reduce the risk by giving enterprises a fighting chance. Published by: SearchSecurity.com
    - 3 days ago Friday, January 23, 2015 -
  • Learn About Each Module of the Allgress Insight Risk Management Suite
    This white paper introduces a risk management suite that enables security professionals to apply business context to security and compliance management. It also empowers business stakeholders to make informed investment decisions that align with top…
    - 3 days ago Friday, January 23, 2015 -
  • La-Z-Boy Incorporated
    This case study describes how La-Z-Boy partnered with Zscaler to reduce bandwidth costs and complexity while increasing the visibility of web activity. Published by: Zscaler
    - 3 days ago Friday, January 23, 2015 -
  • Top 5 Vulnerability Management Mistakes
    Download this important webcast now to learn about the top five most common vulnerability management mistakes. Published by: Risk IO
    - 3 days ago Friday, January 23, 2015 -