The Seven Deadly Sins in an Information Security Context

The seven deadly sins (a.k.a cardinal sins) is a classification of vices as part of Christian ethics, used to educate and instruct believers since early christian times. In the film Seven (1995), two detectives, a rookie and a veteran, hunt a serial killer who uses the seven deadly sins as his modus operandi. In this post, I will try to map the original seven deadly sins in the context of Information Securi...

Read More

Bureau-121

Bureau 121 (Unit 121 of the North Korean General Bureau of Reconnaissance) is the name of a secret cyberwarfare agency belonging to the military of North Korea. It is one of two such cyberwarfare units in the General Bureau of Reconnaissance, the other being No. 91 Offi...

Read More

Thank You, truly

New Year, new logo – InfoSecLeague has a brand new logo created by Truly Creatives

Read More

ENISA CERT training

ENISA has launched a new section on its website introducing the ENISA CERT training program. In the new section, you can find all the publicly available training resources and the training courses currently provided by ENI...

Read More

Cyber Warfare: The Modern Theater of Operations

A great deal of debate circles around the concept of cyberwarfare – and definitions are rarely agreed upon. While some claim that cyberwarfare is the fifth domain of warfare (after land, sea, air and space) others simply claim that the term is an attempt at sensationalism. The increasing importance of cyberspace for military operations has led to the United States Department of Defense classifying it as the Fifth Domain of Warfare. However, cyberspace...

Read More

POODLE Strikes Back

Recently surfaced a design vulnerability found in the way SSL 3.0 handles block cipher mode padding. The POODLE attack demonstrates how an attacker can exploit this vulnerability to decrypt and extract information from inside an encrypted transacti...

Read More

Diceware: Random Passphrase Generator

You hear all the time that it is crucial for your online security to build a strong password. We have previously outlined the guidelines for a "good" password but sometimes this is not enough. Applications such as e-mail and data encryption, bitcoin wallets and password managers require a grater degree of protection. Securing such applications with a long complex password might just not be enough. Hardly anyone can remember such a password and most...

Read More

Fraud, Corruption and Corporate Governance

Fraud and Corruption are like radiation. There are all around us, invisible, subtle and we usually aware of them, when irrevocable damage and sometimes total destruction arise. They use the “spider method”: Attract, Entrap, Devo...

Read More

The Site's Security Certificate is not Trusted. Proceed?

When you visit a website whose web address starts with https, your communication with the site is encrypted to help ensure your privacy. When you navigate to a site that uses SSL to transmit data, the server which hosts that website presents your browser with a certificate to verify its identity. This certificate contains information such as the address of the website, which is confirmed by a third party...

Read More

Practical Lollipop Security

Android 5 (a.k.a. Lollipop) introduced some really neat features that allow users to increase the level of security on their device. They include privacy, security and backup solutions for your device.

Read More

The Time Is Now for Information Governance. But Do You Even Know What It Is?

Information governance covers the entire spectrum of information management, but most people have a fuzzy notion of what it is. This must change, because the real value of information can't be fully realized unless it is properly govern...

Read More