SEARCH RESULTS
 
Showing 1-10 of 150 records
 
Expand article

Oak Ridge National Laboratory visitor information exposed

The Article has images
2007-12-11 13:45:21 by Evan Francen in The Breach Blog
...attempt to gain access to computer networks at numerous laboratories and other institutions across the country." - Laboratory Director Thom Mason on December 3rd When the employees opened the attachment or accessed an embedded link, the hacker planted a program on the employees' computers that enabled the hacker to copy and retrieve...
 
Tags: information, personal information, security, store social security, retrieve information, regular information security, security systems, cyber-security issues, security breach
 
 
 
 
Expand article

Mashup of the Titans

2008-06-25 17:29:25 by Gunnar Peterson in 1 Raindrop
 
...attempt to reconcile theory and practice, but will point out where the two schools of thought agree. In fairness, Saltzer and Schroeder's paper was written 25 years before Gelernter's, however Saltzer and Schroeder's principles dominate the thinking about information security to this day and so its important to view them side by side with...
 
Tags: protection mechanisms, protection mechanisms correctly, information security, information, implements protection mechanisms, information travels, information security people, protection, potential information path
 
 
 
 
Expand article

Armchair Legal Analysis of Sierra v. Ritz

2008-01-17 20:25:00 by Security Retentive in Security Retentive
 
...attempted to apply it to the electr0nic world In the physical world trespass is relatively easy to understand, police, etc. There are obviously corner cases where you can trespass onto unmarked land, not realize you're trespassing, etc. There is a lot of case law for these. At the same time though, if you see a house, you know it isn't your...
 
Tags: dns zone transfers, zone transfers, trespass, prevent trespass, prevent zone transfers, computer, computer fraud, physical world trespass, lot murkier
 
 
 
 
Expand article

Let's Not Let the Security Staff Become the SocGen Scapegoat

2008-02-25 17:47:53 by Posted By: Jay Heiser, Research VP in IT Leaders - Security and Risk Management
 
...attempt to turn the security staff into the scapegoat. Believe me, the security managers were fully aware of the problem and had warned about it many times It has always been well-recognized in the financial services arena that trading staff do not follow even the simplest security procedures. Sharing of logins on the trading floor is the...
 
Tags: failure, governance failure, management, risk management, technology failure, bank management, staff, security staff, technology
 
 
 
 
Expand article

Castlecroft Medical Practice patient information at risk

The Article has images
2008-06-19 11:54:50 by Evan Francen in The Breach Blog
...attempt to minimize the situation (risk) by using the password protection argument. In my opinion (and that shared by many information security professionals), password protection is NOT an adequate preventative control to ensure the confidentiality of the information stored on a laptop computer. This holds especially true in instances where...
 
Tags: information, confidential information, confidential information disclosure, confidential information maintain, practice, castlecroft medical practice, computer, laptop computer, adolescent information
 
 
 
 
Expand article

Chinese Cyber Attacks

2008-07-14 07:08:18 by schneier in Schneier on Security
 
...attempt by the Chinese government to hack into U.S. computers -- military, government corporate -- and steal secrets. The truth is a lot more complicated. There certainly is a lot of hacking coming out of China. Any company that does security monitoring sees it all the time. These hacker groups seem not to be working for the Chinese...
 
Tags: chinese, chinese military ignores, chinese military, government, chinese government, military, hacker tools, hackers, anti-chinese forces
 
 
 
 
Expand article

Mitigating Exploitation Techniques

2008-10-03 00:07:00 by sdl in The Security Development Lifecycle
 
...attempting to drive the probability of successful exploitation to 100%, whereas mitigation techniques attempt to drive the same probability to zero. While probability gives us a nice measure for the effectiveness of a mitigation technique, it doesn't give us immediate insight into the specific problems being solved by mitigations or the...
 
Tags: techniques, mitigation technique, mitigation, mitigation techniques attempt, exploitation, mitigation techniques, exploitation techniques, successful exploitation attempt, successful
 
 
 
 
Expand article

On virtualisation

2007-05-29 16:20:00 by Niels Provos in Google Online Security Blog
 
...attempt to restrict access to I/O ports and similar interfaces, these should be used with caution in a security sensitive context Treat virtual machines as services that can be compromised Most administrators will take steps to limit the impact of a compromise of a network facing daemon, such as using chroot() or running the daemon as a low...
 
Tags: machine, virtual machine process, virtual machine software, host machine, host, software, virtual machine, low, low level access
 
 
 
 
Expand article

Thwarting a large-scale phishing attack

2007-06-11 11:35:00 by Niels Provos in Google Online Security Blog
 
...attempt to lure unsuspecting web surfers into logging into a fake website that looks like a real website, such as eBay, E-gold or an online bank. Following a successful attack, phishers can steal money out of the victims' accounts or take their identities. To protect our users against phishing, we publish a blacklist of known phishing sites....
 
Tags: myspace, myspace profiles, real myspace content, myspace account, attack, dummy myspace account, phishers move, phishers, lower-value sites
 
 
 
 
Expand article

Help us fill in the gaps!

2007-11-29 14:28:00 by Niels Provos in Google Online Security Blog