SEARCH RESULTS
 
Showing 1-10 of 1000 records
 
Expand article

Can I just comment out these lines of code?

2008-05-23 10:53:20 by Burton Group in Security and Risk Management Strategies Blog
 
Blogger: Ramon Krikken A seemingly innocent question on a mailing list - which I paraphrased for brevity - set in motion a series of events with dire consequences . The specific code, which was generating error messages in a certain software quality assurance tool , happened to be a critical part of the random number generator in a cryptographic...
 
Tags: process purportedly, process, fix specific process, software development process, commercial development process, code, low-assurance process, development, specific
 
 
 
 
Expand article

Can I just comment out these lines of code?

2008-05-23 10:53:20 by Burton Group in Security and Risk Management Strategies Blog
 
Blogger: Ramon Krikken A seemingly innocent question on a mailing list - which I paraphrased for brevity - set in motion a series of events with dire consequences . The specific code, which was generating error messages in a certain software quality assurance tool , happened to be a critical part of the random number generator in a cryptographic...
 
Tags: process purportedly, process, fix specific process, software development process, commercial development process, code, low-assurance process, development, specific
 
 
 
 
Expand article

So, CAN We Have DLP?

2008-06-20 16:59:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -
 
Can we have DLP - data leak prevention Well, can we have IDS? How about IPS? Can we really "prevent intrusions?" Can we really "control access to our networks The answer to "can we have DLP?" is actually pretty simple: if you think "DLP = box that prevents all data leaks" (and you also think that deploying IPS will "prevent intrusions"), then we...
 
Tags: dlp, cutting-edge dlp technologies, dlp technology, dlp box, leak prevention, leak, non-malicious leaks, leaks, loss
 
 
 
 
Expand article

Cross-site scripting CAN be used to hack a server

2008-08-05 22:06:00 by Russ McRee in HolisticInfoSec.org
 
Likely you remember when Joseph Pierini at McAfee Secure / Hacker Safe said XSS wasn't important because "cross-site scripting can't be used to hack a server. You may be able to do other things with it. You may be able to do things that affect the end-user or the client. But the customer data protected with the server, in the database, isn't...
 
Tags: server, server hack, hack, manager, file manager tool, file, root password, email, cpanel user
 
 
 
 
Expand article

You want the truth, you can't handle the truth!

The Article has images
2008-07-10 22:50:16 by ashimmy in StillSecure, After All These Years
I am not sure what it is with Richard Stiennon. Maybe his mom beat him with a NAC stick when he was young. Hence his Jack Nicholson looks (more like the Joker in Batman , than Col Jessep in A Few Good Men ) and his total disdain for NAC. In any event Richard never seems to miss a chance to take a pot shot at NAC. I have fired back and debated...
 
Tags: nac, nac stick, richard, richard stiennon, bad mouth nac, importantly richard, nac knock, assume richard, event richard
 
 
 
 
Expand article

Wired 802.1X and Windows XP SP3- Yes you can!

2008-07-23 13:59:30 by JJ in Security Uncorked
 
Ive gotten a lot of questions recently about using 802.1X on the wired interface with Windows XP SP3. In the past few weeks Ive also stumbled across a lot of forum posts, blogs and articles stating you cant do wired 802.1X with XP SP3 Well, sure you can! There is a little trick now, though As part of the move to the Microsoft NAP integration,...
 
Tags: wired, wzcsvc service, wzcsvc, service, wired autoconfig service, wired interface, sp3, microsoft, microsoft nap integration
 
 
 
 
Expand article

What the iPhone can and can't provide enterprise users

2008-01-28 00:00:00 by Brad Reed in Network World on Security
 
With AT&Ts announcement this week that it would begin offering iPhone data plans to enterprise customers, many CIOs and IT executives may be curious to see how the popular consumer devices can boost productivity within the workplace. But before making any investments, CIOs should have a clear understanding of what the iPhone can and cant provide...
 
Tags: iphone, iphone data plans, enterprise users, popular consumer devices, enterprise customers, cios, boost productivity, provide, atts announcement
 
 
 
 
Expand article

OpenID family grows How it can transform Identity Federation between enteprises

2008-02-07 14:06:33 by Andras Cser in Security & Risk Management
 
With Google, IBM, Microsoft, VeriSign, and Yahoo! joining the OpenID Foundation, we may actually feel that something in federated access management is going to change. It is finally not the case of a vendor proposing a new standard and adding to the cacophony of federation standards but a set of moves towards a simple technology that today can...
 
Tags: openid, openid foundation, openid camp, accept openid authentication, integration, strong authentication integration, identity federations proliferation, simple technology, technology
 
 
 
 
Expand article

Who says Politics doesn't pay and why can't I find clients with pockets this deep?

The Article has images
2008-01-21 21:10:00 by John Sexton in The Bullet Proof Blog
I have never drank the political coolaid. I have little faith in big party politics. Give me an independent politician who does not have to toe a party line and I'll show you a politician who has half a chance of being a decent advocate of the people I think one of the greatest wrongs that politicans commit is in their thinking of voters as...
 
Tags: zimmer, zimmer products, zimmer frames, million dollars, firm, firm deliver, zimmer stops, resolve kickback allegations, contracts