SEARCH RESULTS
 
Showing 1-10 of 100 records
 
Expand article

Why Do We Accept Signatures by Fax?

2008-05-29 01:00:00 by Bruce Schneier in Wired Security
 
...accepts them Yet people do, all the time. I've signed book contracts, credit card authorizations, nondisclosure agreements and all sorts of financial documents -- all by fax. I even have a scanned file of my signature on my computer, so I can virtually cut and paste it into documents and fax them directly from my computer without ever having...
 
Tags: fax, fax communications, fax insecurity, insecurity, fax machines, fax message, treat fax signatures, fax document, document
 
 
 
 
Expand article

Orkut XSS Worm

2007-12-20 16:18:37 by RSnake in ha.ckers.org web application security lab
 
...Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Proxy-Connection: keep-alive Content-Type: application/x-www-form-urlencoded Referer:...
 
Tags: orkut, worm, post, community, orkut community, post scrapbook, xss worm, post requests, worm code
 
 
 
 
Expand article

Moto Q9 DoS and Fingerprinting

2008-01-12 18:10:21 by RSnake in ha.ckers.org web application security lab
 
...ACCEPT = application/xhtml+xml, application/vnd.wap.xhtml+xml, text/html, text/vnd.wap.wml, application/vnd.wap.wmlc, */*,text/x-hdml,image/mng,image/x-mng,video/mng,video/x-mng,image/bmp,text/html HTTP ACCEPT CHARSET = iso-8859-1, utf-8, utf-16, *;q=0.1 HTTP ACCEPT ENCODING = deflate, gzip HTTP ACCEPT LANGUAGE = en HTTP CACHE CONTROL =...
 
Tags: accept language, accept, devcap, devcap charset, devcap numsoftkeys, accept charset, devcap screenpixels, cell phone hacker, phone
 
 
 
 
Expand article

How to Sell Security

2008-05-26 05:57:29 by schneier in Schneier on Security
 
...accept small gains rather than risk them for larger ones, and to risk larger losses rather than accept smaller losses. Lions, for example, chase young or wounded wildebeests because the investment needed to kill them is lower. Mature and healthy prey would probably be more nutritious, but there's a risk of missing lunch entirely if it gets...
 
Tags: security, loss, risky loss, risky larger loss, gain, risky larger gain, security purchase, directly, security directly
 
 
 
 
Expand article

Laptop stolen from R.E. Moulton may affect 19,000

The Article has images
2008-06-15 22:15:45 by Evan Francen in The Breach Blog
...accept mistakes because we all make them. I also accept security incidents that occur despite an organization's best efforts at protection. I don't accept poor behavior that seems to go against common sense Past Breaches Unknown
 
Tags: sensitive personal information, personal information, information, information security practices, confidential information, information security, moulton, laptop, information security personnel
 
 
 
 
Expand article

Identity Framework Probable Feature List

The Article has images
2007-12-16 06:42:00 by Keith Brown in Security Briefs
...accepts information cards SignInStatus (probably similar features to ASP.NET's LoginStatus Fx helps you build relying parties InformationCard login control You can specify whether you want to accept personal or managed cards If you accept managed cards, a wizard will take a card file as input to automatically configure the control (great...
 
Tags: informationcard login control, login control, information card serializer, information, control, user authentication methods, user, custom sts, card
 
 
 
 
Expand article

Making Threat Modeling Work Better

The Article has images
2007-10-17 00:23:53 by sdl in The Security Development Lifecycle
...acceptance. We have training on mitigating threats, we have explanation of why and when to use each (and theyre presented in a preferred order Lastly, we provide advice about how to validate the threat model and its relation to reality Between these four steps and the hamster wheel which ties them together, we give people the structure in...
 
Tags: threat, process, process helps ensure, developers threat model, database design process, security, trust boundaries, threat model, security experts
 
 
 
 
Expand article

Using Remote Assistance behind a router

2008-01-14 08:24:00 by Keith Brown in Security Briefs
 
...Accept" and "Decline" links. I clicked accept, and after about 10 seconds and a second confirmation from him, I was looking at his screen. Woohoo! Then I clicked "Take Control" and after his confirmation, I was able to control his machine remotely, even though both of us were behind firewall/NAT devices Here's the two pages that were most...
 
Tags: remote assistance, remote assistance session, assistance, assume remote assistance, remote assistance faq, router, remote desktop port, remote desktop, computer
 
 
 
 
Expand article

Risk Preferences in Chimpanzees and Bonobos

2008-04-17 06:20:51 by schneier in Schneier on Security
 
...accept small gains rather than risking them for larger ones, and risk larger losses rather than accepting smaller losses. Lions chase young or wounded wildebeest because the investment needed to kill them is lower. Mature and healthy prey would probably be more nutritious, but there's a risk of missing lunch entirely if it gets away. And a...
 
Tags: risk preferences, risk, relative risk preferences, risk-prone behaviour, approach, people approach risk, people, losses, risk larger losses
 
 
 
 
Expand article

Confidential information sent to PinPay.net and SoftCard.biz is exposed

The Article has images
2008-05-08 13:26:03 by Evan Francen in The Breach Blog
...accept secure PIN-debit card payments and transactions at their online store." The PinPay and SoftCard sign-up pages and account access pages are not adequately secured with encryption, potentially exposing extremely sensitive personal information Reference URL Merchant 911 Blog Report Credit Tom Mahoney, the Founder and Director of...
 
Tags: information, drivers license card, license card, card, free card, social security card, sensitive information, sensitive personal information, encrypt sensitive information