SEARCH RESULTS
 
Showing 1-10 of 27 records
 
Expand article

Simple oversight at TNS Infratest exposes participant information

The Article has images
2008-07-09 23:37:10 by Evan Francen in The Breach Blog
...Chaos Computer Club (CCC), Die Datenschleuder, reports that market research firm TNS Infratest/Emnid has lost 41,000 private data records of their survey participants Reference URL Chaos Computer Club e.V The Inquirer Report Credit Chaos Computer Club e.V Response From the online sources cited above TOP MARKET RESEARCH firm TNS...
 
Tags: information, records, master data records, sensitive information, sensitive, information leaks, personal information, data, bank account information
 
 
 
 
Expand article

NY STAR: An accident waiting to happen

2006-03-02 22:37:31 by Liudvikas Bukys in Liudvikas Bukys
 
...chaos ensued in assessors offices all over the state.) Extra tax exemptions for senior citizens are means-tested, and require homeowners to submit their SSN or a copy of their income tax returns to the local assessor In New York City, they want SSNs from everybody. Just because its authorized by law (in the NYC Administrative Code ) doesnt...
 
Tags: information, store information, income information, personal information, personal financial information, public, public record agency, public information, assessors
 
 
 
 
Expand article

Security is not all about Security Updates

2007-12-17 12:58:00 by sdl in The Security Development Lifecycle
 
...chaos, and it's not good for customers. A question I like to ask software developers outside of Microsoft is, "what are you doing to reduce the chance an engineer will add a new security bug to the system?" The answer to this question must be holistic and include Education Secure design and attack surface reduction Threat modeling Secure...
 
Tags: security, end-user security documentation, security response, fix security bugs, response, security fix, implementation vulnerabilities, vulnerabilities, security feature development
 
 
 
 
Expand article

Making Threat Modeling Work Better

The Article has images
2007-10-17 00:23:53 by sdl in The Security Development Lifecycle
...Chaos So how does this relate to the brainstorming meeting? Its a dramatic increase in the need for structure. Where experts may think they do better threat modeling with scotch in hand, , it certainly doesnt lead to beginners having a flow experience. So we need a structure, and we need to provide it We encourage people to get started by...
 
Tags: threat, process, process helps ensure, developers threat model, database design process, security, trust boundaries, threat model, security experts
 
 
 
 
Expand article

Relay attacks on card payment: vulnerabilities and defences

2008-01-09 00:01:52 by Steven J. Murdoch in Light Blue Touchpaper
 
...Chaos Communication Congress ( 24C3 ), I presented some work Ive been doing with Saar Drimer : implementing a smart card relay attack and demonstrating that it can be prevented by distance bounding protocols. My talk ( abstract ) was filmed and the video can be found below. For more information, we produced a webpage and the details can be...
 
Tags: dns, security, cellphone jammer dns, security michael steil, talks, henryk pltz describe, chaos communication congress, annie machon describes, arbitrary tcp streams
 
 
 
 
Expand article

Links for 2008-01-25 [del.icio.us]

2008-01-26 00:00:00 by Editor in Anton Chuvakin Blog -
 
...Chaos | ZDNet.com Intel ROSI Paper: Sets Practical Guidelines and Proper Expectations : bloginfosec.com Security Thoughts: Prediction 2 for 2008 - Stealth "Hackers Rational Survivability: Pushing Reset On the IT vs. SCADA Security Debate Schneier on Security: Hacking Power Networks Vmyths on SCADA - SANS director confirms the CIA confirmed...
 
Tags: security, payment card security, scada, scada security, sets practical guidelines, sans director confirms, intel rosi paper, silent rampage wipes, apple hack news
 
 
 
 
Expand article

When it comes to security, chaos may be your friend

2008-01-29 00:00:00 by Andreas M. Antonopoulos in Network World on Security
 
Viruses and other malware are getting better at evading antimalware systems despite the sophisticated behavioral-analysis systems that are used to detect them. This week a rogue trader in France was able to hide a growing loss until it reached $7 billion and was impossible to hide. What do these two events have in common? Both exploit the...
 
Tags: antimalware systems, systems, hide, rogue trader, evade detection, week, malware, exploit, billion
 
 
 
 
Expand article

Links for 2008-01-29 [del.icio.us]

2008-01-30 00:00:00 by Editor in Anton Chuvakin Blog -
 
Andy, ITGuy: The lunatic is in my head This morning I read this story on FoxNews.com about an inside job where an employee of AT Systems (an armored money delivery service) stole 8.5 million dollars. He was able to pull it off by being smart and observant SANS Technology Institute: Dr. Anton Chuvakin, Chief Logging Evangelist with LogLogic Dr....
 
Tags: security laboratory, security, security versus privacy, privacy, anton chuvakin, money delivery service, sans technology institute, fundamental dichotomy, political rhetoric
 
 
 
 
Expand article

Wrapping up Threat Modeling

2008-02-14 22:51:35 by sdl in The Security Development Lifecycle
 
...chaos, and how to use self-checks and rules of thumb to give people confidence theyre on the right trail. Weve talked a very little bit about how to customize the process for your own needs, and where that customization can be dangerous All of this has come out of looking at our threat modeling activity as a human activity, and asking how we...
 
Tags: threat, threat modelers, threat models, threat model, design, design specification, specification, set, challenges set people
 
 
 
 
Expand article

Fears that Bhutto assassination will further destabilize Pakistan and the region

The Article has images
2007-12-29 17:45:00 by