SecurityRatty: tag: assess

How to interpret test scan results to assess network vulnerability

2008-04-08 18:15:17 by Michael Gregg in WhatIs: Enterprise IT tips and expert advice

Once you've run some test scans with a network tool, how do you interpret the results to assess network vulnerability? Find out in this Ask the Expert response with our enterprise network security expert

Tags: assess network vulnerability, interpret, expert response, test scans, network tool, results

Summarizing June's Threatscape

2008-07-01 07:05:01 by Dancho Danchev in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge

...assess the severity of a particular banker malware campaign, the increasing use of malicious doorways next to ICANN and IANA's DNS hijacking, all speak for themselves and how diverse the threats and, of course, the abilities to maintain a decent situatiational awareness about what's going on have become 01. U.K's Crime Reduction Portal...

Tags: site, fake youtube site, web site defacements, malware, malware hosts, web site defacer, sites, vulnerable sites, malicious

How Secure is Secure?

2008-05-08 16:46:00 by sdl in The Security Development Lifecycle

...assessing the security of a given bit of software. However, for reasons Ill elaborate on below, the SDL does focus on trying to prevent the most common causes of vulnerabilities today and hence looking at the ways in which Microsoft tracks and measures individual products teams compliance with SDL requirements offers some interesting fodder...

Tags: security metrics, software security metrics, implementation vulnerabilities, potential implementation vulnerabilities, metrics, secure, software, discretionary security protection, security protection

YWCA Retirement Fund participants exposed in stolen computer

2007-12-11 12:23:19 by Evan Francen in The Breach Blog

...assess the risk to your personal identification information 1. only the computer was stolen, not the monitor, nor the mouse, not the power pack Comfyllama] I am confused. What does this have to do with the risk of unauthorized data access 2. the stolen computer was of a type that requires a power pack, not a power cord. Power packs are not...

Tags: ywca retirement fund, retirement fund, fund, computer, information security, information, sensitive information, personal identification information, active fund participants

Top Five Intriguing Ideas for Authentication in 2008

2007-12-10 00:00:00 by Sean Kline in Speaking of Security, the RSA Blog and Podcast

...assess which threats to mitigate, inventory the types of controls (including authentication) that they need and take a more holistic approach to implementing their strategy

Tags: strategy, information risk management, organizations, broader strategy, increasingly adopt frameworks, authentication, individual applications, security doilies, controls

42,000 West Penn Allegheny Health System Patients

2007-12-28 17:06:00 by Evan Francen in The Breach Blog

...assess their entire information security program Past Breaches Unknown

Tags: sensitive personal information, personal information, information, nurse, home care nurse, patients, home, information warrants, computer

S&K Menswear two-phased attack

2008-01-03 10:40:36 by Evan Francen in The Breach Blog

...assess the situation a decision was made at 3:30 p.m. the same day to disconnect the online store and disable remote access to S&K's network. Further to these actions, S&K Notified credit card issuers Purged or masked credit card data on its servers Changed all user names and passwords on the system Hired a leading provider of information...

Tags: information, personal information, information security practices, notification, information security, breach notification letter, sample customer letter, credit card, credit card data

Pushdo - Web Based Malware as Usual

2007-12-19 18:01:44 by HASH0x89b80bc in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge

...assessment , especially the explanation of the GET variables, however, such descriptive use of POST variables to a malware's C&C server have been around for the last couple of years. What has logically changed is the added layer of obfuscation and complexity to make it hard to assess what does such a URL actually mean The malware to be...

Tags: malware, web based malware, pushdo, botnet masters circa, botnet masters, nuclear malware kit, botnet, pushdo author, botnet communication platforms

A Diverse Portfolio of Fake Security Software

2007-12-07 15:16:07 by HASH0x89688e0 in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge

...assess in this post is worth discussing due to the size of its portfolio, how they've spread the scammy ecosystem on different networks, as well as the directory structure they take advantage of, one whose predictability makes it faily easy to efficiency obtain all the fake applications. This particular case is also a great example of the...

Tags: domains portfolio, domains, portfolio, sample domains portfolio, fake security software, software, onerateld, content, exe

Your name:
Your email:
Describe a problem:
AntiSPAM Validation:

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo