SEARCH RESULTS
 
Showing 1-10 of 33 records
 
Expand article

Three computers at the University of Colorado are compromised

The Article has images
2008-04-30 08:54:01 by Evan Francen in The Breach Blog
...assumptions Assumption #1 - Most malicious files are obtained through web browsing and email. There are numerous controls that can prevent (or detect early) attempted infections through this avenue of attack. Are these in place at CU Assumption #2 - The compromised computers were client computers. Generally, it is not advised to store...
 
Tags: store confidential information, information, store personal information, information security efforts, security efforts, efforts, address computer security, computers, computer security
 
 
 
 
Expand article

MDAC ActiveX Code Execution Exploit Still in the Wild

The Article has images
2007-12-05 12:08:56 by HASH0x89e6630 in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...assumption that outdated but unpatched vulnerabilities can be just as effective as zero day ones, and when the assumption proved to be true -- take Storm Worm's use of outdated vulnerabilities as the best and most effective example -- it automatically lowered the entry barriers into the world of malware , breaking through the myth that it's...
 
Tags: exploit, day, day vulnerabilities, htm, malware, malware exploitation kit, single exploit urls, vulnerabilities, storm worm apparently
 
 
 
 
Expand article

What can CISOs learn from the Societe Generale debacle

2008-02-19 09:17:17 by Khalid Kark in Security & Risk Management
 
...assumption that every user is a malicious user Policies without implementation are worse than not having policies. Im sure Societe Generale had a policy of not sharing passwords and mechanisms to encrypt or mask the passwords. So how was Mr. Kerviel able to gain access to not one but multiple passwords? Having a policy creates a liability for...
 
Tags: security, formal security strategy, societe generale, security technology, external security challenges, implement security, access, security products, access users
 
 
 
 
Expand article

The Fox and the Henhouse

2008-01-28 15:02:17 by Burton Group in Security and Risk Management Strategies Blog
 
...assumption in the security business is the assumption that there are good guys. The risk management system MUST be designed to be secure even against attacks by insiders who have developed and operated it The only way to design a system to be secure against these insider attacks is to have strong attestation, transaction tracking, dual...
 
Tags: societe generale, societe generale begins, yesterday societe generale, societe generale appears, risk management lessons, risk management, risk management personnel, plain vanilla futures, apparently
 
 
 
 
Expand article

The Fox and the Henhouse

2008-01-28 15:02:17 by Burton Group in Security and Risk Management Strategies Blog
 
...assumption in the security business is the assumption that there are good guys. The risk management system MUST be designed to be secure even against attacks by insiders who have developed and operated it The only way to design a system to be secure against these insider attacks is to have strong attestation, transaction tracking, dual...
 
Tags: societe generale, societe generale begins, jerome kerviel, kerviel, yesterday societe generale, apparently, bank apparently, bank, prevent kerviel
 
 
 
 
Expand article

Thinking out the box

2008-05-22 05:50:00 by Allen Baranov, CISSP in Security Thoughts
 
...assumption is that your data will be safe This is a bad assumption. This is Information Security's next headache. The problem with this is that like wireless and portable devices and USBs and the Internet etc etc.. cloud computing will happen. Businesses will need to do it and they will do it. We need to make it secure. Applications such as...
 
Tags: information centric security, information, information security, manage information, information security guys, security, extreme web, web, data
 
 
 
 
Expand article

Distributed Memory in Blackboard Systems

2008-07-26 07:01:30 by Tim Bass in The Complex Event Processing Blog
 
...assumption in this definition is that all knowledge sources are rulebased systems. This assumption may severely limit the performance of systems implemented using Poligon, and limits the types of problems it is suited to address In Blackboards for Complex Event Processing , Paul concludes One suspects the blackboard systems domain and...
 
Tags: systems, blackboard systems architecture, blackboard, concurrent blackboard systems, blackboard architectures, blackboard system, memory, blackboard systems domain, blackboard systems
 
 
 
 
Expand article

ARCO gas pumps targeted by fraudsters

The Article has images
2007-12-27 13:58:30 by Evan Francen in The Breach Blog
...assumption solely on where the information was used, per se. There is a thriving market in fresh stolen credit/debit card data. The compromised information could have been stolen months ago, then recently sold on one of many "carders" forums There seems to be more ARCO gas stations than other gas stations targeted," Glick said. "It's possible...
 
Tags: arco gas pumps, pumps, gas pumps, arco, gas stations, arco gas stations, card, debit card identification, creditdebit card data
 
 
 
 
Expand article

Covert channel vulnerabilities in anonymity systems

2007-12-10 10:39:42 by Steven J. Murdoch in Light Blue Touchpaper
 
...assumption of an omnipotent adversary. Rather, these attacks are feasible for an attacker with limited access to the network. The effectiveness of these techniques is demonstrated by experiments on a deployed anonymity network, Tor Finally, I introduce novel covert and side channels which exploit thermal effects. Changes in temperature can be...
 
Tags: covert, covert channel vulnerabilities, vulnerabilities, network covert channels, covert channels, channels, covert channel, anonymity systems, systems
 
 
 
 
Expand article

July 2007 - Operating System Vulnerability Scorecard

The Article has images
2007-08-16 22:47:26 by jrjones in Jeff Jones Security Blog