SEARCH RESULTS
 
Showing 1-10 of 10 records
1
 
Expand article

Nice Attack Thru Logs!

2008-01-25 12:00:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -
 
What if those referrer URLs in your web logs are evil? ( SANS ISC entry If you review your web logs (web server, for example) and blindly click all referred URL to see who sent traffic to you site, there is a good chance that you'd be 0wned About me: http://www.chuvakin.org
 
Tags: web logs, sans isc entry, blindly click, web server, referrer urls, traffic, org, review, 0wned
 
 
 
 
Expand article

More thoughts on vulnerability

2008-04-07 13:34:01 by JonesJ in RiskAnalys.is
 
...blindly following someone elses proclamation that this is vulnerable and that isnt So, if were performing subconscious quantification and comparison when we rate the vulnerability of something, is there any reason we cant/shouldnt be more conscious about it ? Whats the downside? And is there any reason to believe conscious analysis would be...
 
Tags: capable threat agent, threat agent, capable, password, vulnerability, six-character password, vulnerable, -character password, numeric
 
 
 
 
Expand article

Oklahoma Data Leak

2008-04-18 06:16:51 by schneier in Schneier on Security
 
...blindly executed it and displayed whatever came back The result of this negligently bad coding has some rather serious consequences: the names, addresses, and social security numbers of tens of thousands of Oklahoma residents were made available to the general public for a period of at least three years. Up until yesterday, April 13 2008,...
 
Tags: knowledge, basic sql knowledge, computer science class, sql, computer, negligently bad, bad, website, input
 
 
 
 
Expand article

Hacker Free Site?...Yeah, right.

2008-05-09 19:51:00 by Russ McRee in HolisticInfoSec.org
 
...blindly lead the sheep to the wolves with some Hacker Free Site logo that means nothing in order to "increase conversions WebSafe Shield vaguely discuss their methodology here ; I just love 6 - How do you conduct your security scans We use industry-standard software and methodologies to scan, test and identify security vulnerabilities. We...
 
Tags: mcafee hacker safe, hacker safe, safe, courtesy, xss silliness courtesy, xss, websafe shield, mention xss, security vulnerabilities
 
 
 
 
Expand article

TrueCrypt's Deniable File System

2008-07-18 06:56:02 by schneier in Schneier on Security
 
...blindly trust the deniability of such systems. Rather, we encourage further research evaluating the deniability of such systems, as well as research on new yet light-weight methods for improving deniability. So we cannot break the deniability feature in TrueCrypt 6.0. But, honestly, I wouldn't trust it. There have been two news articles (and...
 
Tags: truecrypt, deniable file system, file system, truecrypt version, system, truecrypt dfs, deniable, truecrypt disk-encryption software, systems
 
 
 
 
Expand article

Yes! Now I Can Attend Nate Lawsons Talk at BlackHat!

2008-07-22 03:14:11 by Chris Eng in Zero in a bit
 
...blindly trusted to implement an appropriate fix Ultimately, vulnerability disclosure is a minefield. No matter how you choose to disclose, somebody will always disagree P.S. If you didnt figure out the title of the post by now, Nate was one of the unlucky few to draw the same timeslot at BlackHat as Dan Kaminsky
 
Tags: blackhat, vulnerability, dns vulnerability, details, technical details, dan, dan kaminsky, subsequent blackhat talk, security community
 
 
 
 
Expand article

Yes! Now I Can Attend Nate Lawsons Talk at BlackHat!

2008-07-22 03:14:11 by Chris Eng in Zero in a bit
 
...blindly trusted to implement an appropriate fix Ultimately, vulnerability disclosure is a minefield. No matter how you choose to disclose, somebody will always disagree P.S. If you didnt figure out the title of the post by now, Nate was one of the unlucky few to draw the same timeslot at BlackHat as Dan Kaminsky
 
Tags: blackhat, vulnerability, dns vulnerability, details, technical details, dan, dan kaminsky, subsequent blackhat talk, security community
 
 
 
 
Expand article

Wakeup Call for Risk Management

2008-09-19 10:11:09 by Burton Group in Security and Risk Management Strategies Blog
 
...blindly? Outsourcing and other forays into treacherous global waters may be giving away the crown jewels. Smart companies cut costs, but they do it in smart ways. Smart companies think like intelligence agencies as they parcel out work to different partners with varying levels of dependability, and they check on those partners Risk management...
 
Tags: risk management, risk management debacle, risk management failure, failure, risk management realistic, business risk management, risk management models, risk, risk management situations
 
 
 
 
Expand article

Is PCI DSS "Too Prescriptive"?

2008-09-22 15:43:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -
 
...blindly, without thinking about WHY it was put in place (to protect cardholder data, share risk/responsibility, etc). For example, it says "use a firewall" and so they deploy a shiny firewall with a simple "ALLOW ALL ALL" rule (an obvious exaggeration - but you get the point!) Or they have a firewall with a default password unchanged ... In...
 
Tags: pci, pci dss, compliance, compliance fun, pci compliance, compliance checklists, fun, security, regulatory compliance
 
 
 
 
Expand article

Mamma.com: Insider trading and XSS

The Article has images
2008-11-18 09:55:00 by Russ McRee in HolisticInfoSec.org
...blindly accepts updates via GET and POST with no sign of a formkey (canary) in sight I figured it best to stop there, and have submitted all these to Copernic (the Momma parent company I am however truly disappointed that an enterprise as ambitious and motivated as Momma/Copernic seems to have thrown the baby out with the bath water when it...
 
Tags: mamma, mark cuban, cuban, engine, engine mamma, xss vulnerability, site, insider, web site security