SEARCH RESULTS
 
Showing 1-10 of 11 records
 
Expand article

Anton Security Tip of the Day #15: Fear and Loathing in Event 560 (and 562 and 567)

The Article has images
2008-05-08 13:37:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -
...Accesses : READ CONTROL SYNCHRONIZE ReadData (or ListDirectory WriteData (or AddFile AppendData (or AddSubdirectory or CreatePipeInstance ReadEA WriteEA ReadAttributes WriteAttributes WTH is that? Well, we know that the user 'Anton' has successfully read? wrote? changed attributes? did something? with a file named "C:0TestBedsimple text...
 
Tags: text file, 0testbedsimple text file, audit file access, file access, simple text file, event, access, file, anton security tip
 
 
 
 
Expand article

Auditing open source software

2007-10-08 16:13:00 by Panayiotis Mavrommatis in Google Online Security Blog
 
...accesses and buffer overflows. However, the general theme is using an integer from an untrusted source without adequately sanity checking it. Integer abuse issues are still very common in code, particular code which is decoding untrusted binary data or protocols. We recommend being careful using any such code until it has been vetted for...
 
Tags: image, malicious image file, libtiff image, values, jpeg image, tiff header values, source, evil tiff file, evil
 
 
 
 
Expand article

PrincipalPermissionAttribute and Static ctor Leads to DoS

2007-12-03 09:03:00 by Keith Brown in Security Briefs
 
...accesses the protected class first, so things work as you'd expect Inside static constructor Alice OK Bob failed due to a SecurityException Here's the output when I switch the order and have the normal user try to use the class first. The type is locked down and after that, even privileged users can't access it Bob failed due to a...
 
Tags: class sensitive, sensitive, class, class level, static constructor, inside static constructor, class program, static constructor leads, static void
 
 
 
 
Expand article

DHS notified the Greenville County School District of compromise

The Article has images
2008-01-07 09:08:03 by Evan Francen in The Breach Blog
...accesses a .gov website to manage benefits information Victim Reaction As a former employee, what amazes me is that the news just broke, and the district offices are closed! There is no one for me to contact about whether my records may have been stolen as well. If it wasn't for this site, I wouldn't know about their recommended steps." -...
 
Tags: computer, benefits department computer, benefits department, benefits department accesses, department, school district, school district employees, employees, homeland security
 
 
 
 
Expand article

Unauthorized access to University of Georgia server affects 4,250

The Article has images
2008-01-09 15:32:57 by Evan Francen in The Breach Blog
Technorati Tag: Security Breach Date Reported 1/9/07 Organization University of Georgia Contractor/Consultant/Branch None Victims Current graduate students living in family housing AND former students and applicants Number Affected 4,250 Types of Data Names, addresses and Social Security numbers Breach Description Sometime between...
 
Tags: university, server, georgia server, university students, georgia, overseas hacker, hacker, access, server off-line
 
 
 
 
Expand article

Stolen laptop contained unencrypted Fallon Community Health Plan information

The Article has images
2008-01-25 11:54:27 by Evan Francen in The Breach Blog
...accesses confidential information and stores it on mobile media without proper protection is inexcusable. I am perplexed. Doing business with a vendor that won't (or can't) provide evidence supporting how they will protect confidential information is taking unnecessary risk Past Breaches Unknown
 
Tags: information, sensitive personal information, fallon, protect confidential information, accesses confidential information, fallon senior plan, senior plan, confidential information, unknown vendor
 
 
 
 
Expand article

Student hacks Broward Schools and accesses personal information

The Article has images
2008-03-24 13:22:48 by Evan Francen in The Breach Blog
Technorati Tag: Security Breach Date Reported 3/23/08 Organization Broward County Public Schools Contractor/Consultant/Branch None Victims District employees and students Number Affected 38,000 Types of Data Social Security numbers, addresses, birth dates, names and other personal information Breach Description A high school senior...
 
Tags: information, personal information, students, information technology team, school students, school, information security, pinnacle gradebook, pinnacle
 
 
 
 
Expand article

Software Security Metrics and Commentary on "Metrics Framework" Paper

2007-09-17 20:41:00 by Security Retentive in Security Retentive
 
...accesses URLs against the authentication definition and make sure everything is covered appropriately Cross-Site-Scripting From a design perspective there are two things that matter for XSS vulnerability Input Filtering Output Filtering The best metrics therefore for measuring XSS vulnerability is a combination of the InputValidation Metric...
 
Tags: metrics, software security metrics, metrics framework, metrics miss, design-time metric, design, upstream sdl metrics, application, web application security
 
 
 
 
Expand article

Sexing up the logs

2008-04-03 04:00:00 by Stuart King in Stuart King's Security and Risk Management Blog
 
...accesses an account during office hours and a weekend from London is now accessing the account in the middle of the night from Elbonia then there's another anomoly for you to investigate. Suspicious behaviour or just on holiday? A review of the logs will likely reveal additional activity that lets you determine which it is. There's much more...
 
Tags: logs, logs enables, security event logs, security, review logs, perform security functions, log, log output, information security events