SEARCH RESULTS
 
Showing 1-10 of 168 records
 
Expand article

PCI Co and ASVs

2008-03-21 23:53:00 by Random InfoSec Guy in Security Coin
 
Talking of PCI SSC - We all know VISA has been the biggest contributer to the cause so far and has donated loads of time and IP towards PCI - which has been adopted by PCI Co - but what neither VISA nor PCI Co have been able to successfully do so far - is to monitor the ASVs / QSAs to do their jobs correctly. Meaning QSAs should not be allowed...
 
Tags: xss, xss flaws, xss vulnerabilities, pci, site, cross-site, pci ssc, site-specific, xss attacks
 
 
 
 
Expand article

Security appliance spells success for The Washington Post Co.

2008-02-15 00:00:00 by HASH0x8b22bc4 in Network World on Security
 
When The Washington Post Co. went looking for a way to add additional security to its Oracle and SQL Server databases, it found that good monitoring tools were few and far between Fundamental Principles of Network Security Advertisement Protect the organization. Learn the 'Need To Know' aspects of network security. Free paper from APC
 
Tags: network security, washington post, sql server databases, additional security, free paper, fundamental principles, apc, advertisement, tools
 
 
 
 
Expand article

Snooping into a co-worker's e-mail? You could be arrested

2008-08-03 00:00:00 by HASH0x8b4b8c0 in Network World on Security
 
Ever pass by a co-worker's unattended computer and consider taking a peek at her e-mails? Or have you ever thought it would be a funny prank to figure out your cube mate's e-mail password and break into his work account to mess with him
 
Tags: funny prank, co-worker, e-mail password, cube, figure, e-mails, pass, account, peek
 
 
 
 
Expand article

How can we co-operate to tackle phishing?

2008-10-27 12:47:06 by Tyler Moore in Light Blue Touchpaper
 
Richard Clayton and I recently presented evidence of the adverse impact of take-down companies not sharing phishing feeds . Many phishing websites are missed by the take-down company which has the contract for removal; unsurprisingly, these websites are not removed very fast. Consequently, more consumers identities are stolen In the paper , we...
 
Tags: companies, take-down companies provide, hired take-down company, take-down company, take-down companies, company, feeds, entire feeds, url feeds completely
 
 
 
 
Expand article

Rock Phish-ing in December

The Article has images
2008-12-02 07:12:31 by Dancho Danchev in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
Nothing can warm up the hearth of a security researcher than a batch of currently active Rock Phish domains, fast-fluxing by using U.S based malware infected hosts as infrastructure provider. What is this assessment of currently active Rock Phish campaign aiming to achieve? In short, prove that the people that were Rock Phish-ing at the...
 
Tags: fast flux networks, fast, fast-flux spam, fast-flux, fast flux provider, mybank, fast-flux research, rock phish-ing, provider
 
 
 
 
Expand article

Phishing Tactics Evolving

The Article has images
2008-04-21 11:18:17 by HASH0x85bed5c in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
Malware authors, phishers and spammers have been actively consolidating for the past couple of years, and until they figure out to to vertically integrate and limit the participation of other pa rties in their activities, this development will continue to remain so. Malware infected hosts are not getting used as stepping stones these days, for...
 
Tags: halifax-online, halifax, mem binformslogin, user, user-142o3ds, web application vulnerabilities, mem binhalifax loginformslogin, vulnerable sites, turkish defacement
 
 
 
 
Expand article

Compromised Web Servers Serving Fake Flash Players

The Article has images
2008-08-05 14:50:04 by Dancho Danchev in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
The tactic of abusing web servers whose vulnerable web applications allow a malicious attacker to locally host a malicious campaign is nothing new. In fact, malicious attackers have been building so much confidence in this risk-forwarding process of hosting their campaigns, that they would start actively spamming the links residing within...
 
Tags: file, html file, html, comtopnews, detopnews, windows media player, player, web, real player exploit
 
 
 
 
Expand article

Davidson Companies illegal network intrusion exposes clients

The Article has images
2008-02-01 14:51:54 by Evan Francen in The Breach Blog
Technorati Tag: Security Breach Date Reported 1/30/08 Organization Davidson Companies Davidson Companies is a financial services holding company based in Montana. It includes D.A. Davidson & Co., an investment firm; Davidson Investment Advisors, a money management firm; Davidson Trust Co., a wealth management and trust company; Davidson Fixed...
 
Tags: davidson, clients, davidson companies president, davidson companies clients, sensitive personal information, davidson login page, personal information, davidson companies, davidson trust
 
 
 
 
Expand article

How to protect your company and employees from workplace violence

2008-02-25 00:03:00 by John Sexton in The Bullet Proof Blog
 
Q: We have an employee who has made a series of threats to co-workers. He boasts about having a gun. We are considering terminating his employment. What should we do A: Employers have a duty to provide a safe workplace for their employees. While you seem to have reasonable grounds to suspend or terminate this person, you must at the same time...
 
Tags: workplace, workplace violence, safe workplace, workplace violence start, violence, violence includes threats, violence incident, employees, threats