SEARCH RESULTS
 
Showing 1-10 of 36 records
 
Expand article

Common Criteria and answering the question 'Is it Safe'

2007-12-20 16:57:00 by sdl in The Security Development Lifecycle
 
...aka ISO 15408) is the standard internationally recognized by 24 governments (including the US, UK, Germany, Japan, and others). Its interesting to consider that while all consumers of computer software want to have both confidence and detailed information about the security of software they want to purchase (or have already purchased), Common...
 
Tags: criteria, fails, common criteria fails, common criteria, common criteria arguably, common, arguably, arguably deficient, security
 
 
 
 
Expand article

Coding Spyware and Malware for Hire

The Article has images
2008-07-22 03:52:14 by Dancho Danchev in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...aka (even those to which the password is not saved), you can also grab other in a way not only acclamation acclamation and other tasty things more 150 Assembler spam bases Analyzes user traffic and collects from all email, snifit http pop3 smtp protocols, keeps records unikallnosti locally on each boat to reduce the burden on the server as...
 
Tags: malware, malware author, malware authors, malware binaries, malware attacks, ftp, ftp user, collects, malware industry
 
 
 
 
Expand article

A Few More Words on DLP and Compliance

2008-08-15 14:51:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -
 
...aka "we know big words - bigger than you") or even "data risk management" (aka "we are confused about what we sell I decide to explore this curious phenomenon Initially, I thought that it was reverse compliance at work? People not wanting to know what content packs up and leaves their network. Then I thought that maybe DLP vendors just aren't...
 
Tags: dlp, compliance, dlp in-depth portal, procure dlp, pci dss, data, data governance, pci dss requirements, mention dlp
 
 
 
 
Expand article

Interop NY: Cloud Language: The Taxonomy of On-Demand Computing

2008-09-17 18:25:32 by Valerie Barber in ScienceLogic
 
...AKA Social Computing, Long-Tail Apps, Crowdware (2005 by OReilly Media Mashup - made popular by Google Maps, AKA Composite/Situational Apps. (2005 REST - Has a strict definition, but many dont understand it and abuse the term. (2006 by R. Fielding Cloud computing - collides with many other terms, such as SaaS, Grid, Utility, PaaS, etc. (2007...
 
Tags: cloud, cloud applications, croll cloud stack, cloud infrastructure, platforms process space, space, cloud space, cloud platforms, cloud services
 
 
 
 
Expand article

The asymmetry of data loss - data thief has an upper hand

2008-10-01 06:33:22 by RaviC in Musings on Information Security
 
...aka cost of competitive disadvantage From the data thief's perspective Net Gain= [Cost of producing the data * Data freshness factor] - Cost to steal the data + Profit of business due to data aka gain of competitive advantage From the above two equations it is very clear that this is not a zero sum game. There is a clear cost asymmetry for a...
 
Tags: data owner perspective, data owner, data, thief, owner, data freshness factor, data protection costs, discourage data thief, protect data
 
 
 
 
Expand article

Automating web application security testing

2007-07-16 11:40:00 by Panayiotis Mavrommatis in Google Online Security Blog
 
...aka XSS) is the term used to describe a class of security vulnerabilities in web applications. An attacker can inject malicious scripts to perform unauthorized actions in the context of the victim's web session. Any web application that serves documents that include data from untrusted sources could be vulnerable to XSS if the untrusted data...
 
Tags: web application, application, input, input parameters, accepts user input, xss, xss vulnerabilities, security, security team check
 
 
 
 
Expand article

A conspicuous contribution !

The Article has images
2007-12-04 17:40:46 by Richard Clayton in Light Blue Touchpaper
...aka Demon Internet ), my previous employer. Ive often given talks at meetings , or just asked awkward questions of the LINX board from the floor But I suspect that the main reason that I got the award is because of my contribution to many of LINXs Best Current Practice (BCP) documents , on everything from traceability to spam. These documents...
 
Tags: formal linx meetings, linx meetings, linx, linx council, meetings, conspicuous contribution, contribution, fiercely competitive industry, internet
 
 
 
 
Expand article

Logging Poll #3 "What Do You Do With Logs?" Analysis

The Article has images
2007-12-07 09:19:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -
...aka "slow and painful" search. In fact, the above answers might not even be given by the same people: some might be grepping logs on the individual servers, while others collect them on syslog servers and never touch them. That is why being in log management business is such a great thing: you have nearly the whole world to evangelize about...
 
Tags: logs, store raw logs, log management business, log management, analysis, poll, commercial log management, raw logs, log management tools
 
 
 
 
Expand article

More trustworthy election systems via SDL?

2008-02-04 23:34:00 by sdl in The Security Development Lifecycle
 
...aka assurance or robustness) in a future posting Summary Let me wrap by saying this, building secure software is difficult. Prior to the advent of Trustworthy Computing and the Security Development Lifecycle here at Microsoft, Id bet that many of the issues noted in these reports would have applied to earlier Microsoft products too. Some...
 
Tags: machine security concerns, security concerns, election systems, election, security, security researchers, election systems margin, margin, election management system