SecurityRatty: IEEE Security and Privacy

Hardening the Target

2008-10-08 04:42:08 by Editor in IEEE Security and Privacy

...information. Consequently, new and increasingly frequent attacks have occurred against their digital information assets. Enterprises must "harden the target" to protect against attacks against these assets

Tags: digital information assets, enterprises increasingly depend, enterprises, assets, attacks, information, increasingly frequent attacks, seek commercial opportunities, security protections

Developing and Retaining a Security Testing Mindset

2008-10-08 04:42:08 by Editor in IEEE Security and Privacy

...security testing mindset is a hard task. Moreover, as hard as it is to develop it, it's just as hard to retain it and effectively apply it during testing. The authors discuss what it takes to conduct successful software security testing, primarily by describing how to develop a security testing mindset, retain it, and effectively apply it. In...

Tags: security, mindset, security assurance, effectively apply, hard task, hard, develop, authors discuss, retain

Type II Reverse Engineering

2008-10-08 04:42:08 by Editor in IEEE Security and Privacy

...information technology (IT)and IT might soon be where counterfeiting matters most

Tags: reverse, ordinary movie piracy, matters, digital world, human temptation, information technology, compare, punchline, front

The Puzzle of Privacy

2008-10-08 04:42:08 by Editor in IEEE Security and Privacy

A number of recent news stories have made me wonder more about privacy. It's not just that the threats to privacy are increasing; rather, the problem is that the countervailing forces are becoming very much stronger. Was Scott McNealy right when he told us that we had no privacy and that we should just "get over it

Tags: privacy, recent news stories, scott mcnealy, forces, stronger, threats

Cross-Border Data Flows and Increased Enforcement

2008-10-08 04:42:07 by Editor in IEEE Security and Privacy

As information flows become more international, the regulation of those data flows is enforced more frequently at the national or local level. The challenge for companies is that consistent rules among regulators are unlikely while penalties and audits increase

Tags: data flows, information flows, audits increase, local level, consistent rules, companies, national, frequently, regulation

Identity-Based Encryption and Beyond

2008-10-08 04:42:07 by Editor in IEEE Security and Privacy

...security vendors, government agencies and academic institutions attended the event; this installment of Crypto Corner takes a closer look at all the events

Tags: encryption, potential future developments, workshop, crypto corner takes, academic institutions, public-key schemes, government agencies, web site, based cryptography

Revealing Packed Malware

2008-10-08 04:42:07 by Editor in IEEE Security and Privacy

...security function. However, modern malware can easily bypass AV scanners using packers, which can hide malicious file contents from detection. This article describes how packers work, and the three most commonly used unpacking methods. The authors describe the logic flow and behavior of Upack, a popular packer, as an example of a software packer

Tags: malware, modern malware, reactive security function, authors describe, detection, network applications, software packer, scan engines, zero-day threats

Two Years of Broken Crypto: Debian's Dress Rehearsal for a Global PKI Compromise

2008-10-08 04:42:07 by Editor in IEEE Security and Privacy

A patch to the OpenSSL package maintained by Debian GNU/Linux (an operating system composed of free and open source software that can be used as a desktop or server OS) submitted in 2006 weakened its pseudo-random number generator (PRNG), a critical component for secure key generation. Unnoticed for two years, the weak PRNG created a...

Tags: prng, secure key generation, weak prng, critical component, openssl package, debian gnulinux, onion router, consequences, source software

A Life or Death InfoSec Subversion

2008-10-08 04:42:07 by Editor in IEEE Security and Privacy

...information-based attacks on systems are extremely difficult to obtain. However, here the authors examine a real-life analoguean information attack on a highly complex security system, that of the Colombian guerrilla group FARC. This operation included a man-in-the-middle attack, targeted denial of service (DoS), and authentication...

Tags: authors examine, information security perspective, attack, communications structure, death matter, colombian guerrilla, life, colombian newspapers, extremely difficult

Data Retention and Privacy in Electronic Communications

2008-10-08 04:42:06 by Editor in IEEE Security and Privacy

The retention of communication data by network providers, often mandated by legislation, raises social and technical security concerns. A generic model combining technical, procedural, and legal controls can help secure retained data and minimize privacy threats against users

Tags: data, technical, technical security concerns, communication data, legal controls, privacy threats, network providers, raises social, retention

Your name:
Your email:
Describe a problem:
AntiSPAM Validation:

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo