SEARCH RESULTS
 
Showing 1-10 of 156 records
 
Expand article

Cisco CSO, Antivirus is Completely Wasted Money

The Article has images
2008-05-23 02:12:12 by Dave Lewis in Liquidmatrix Security Digest
...completely wasted money, Stewart told delegates He said infections have become so common that most companies have learned to live with them So, he thinks that antivirus is a waste of time and that companies should concentrate on whitelisting. So when the rubber meets the road you wanna guess whos going to be managing that kind of headache?...
 
Tags: antivirus, money, users data, users, antivirus software, protect users, stewart, hard time, savage windows vista
 
 
 
 
Expand article

Wireless: Using Light APs Across a WAN

2008-05-22 17:45:54 by JJ in Security Uncorked
 
...completely light AP solution, or is it semi-light . These are my terms and each manufacturer has their own verbiage theyll use, but the concepts are the same In a completely light AP product, the controller has the brains, and the APs are dumb. For all practical purposes here, the APs are just radio antennas. They know nothing, and every...
 
Tags: light, semi-light solution, semi-light, wan, solution, local, process local traffic, aps, completely light
 
 
 
 
Expand article

Is an incorrectly implemented security program better than a non-existent one ?

The Article has images
2008-09-03 16:02:00 by Random InfoSec Guy in Security Coin
...completely aware that they have more issues to remediate and and have honest intentions to fix that too, once the pilot and PoC is well established and in place. But then things change. Leaders change. Managers change. People's roles change. What doesn't, is the documentation regarding the project. But documents usually tend to highlight what...
 
Tags: security, security program, program, security controls, change, leaders change, programs, security programs, roles change
 
 
 
 
Expand article

Information flow tracing and software testing

2007-09-17 09:32:00 by Niels Provos in Google Online Security Blog
 
...completely random input ineffective. However, the newer, more complicated fuzz testers require a considerable initial investment in the form of complete input format specifications or the selection of a large corpus of initial input samples At WOOT'07 ,I presented a paper on Flayer , a tool we developed internally to augment our security...
 
Tags: input, flayer marks, initial input samples, flayer, fuzz, fuzz testers require, checks, dynamic analysis framework, sanity checks
 
 
 
 
Expand article

Google Changes Privacy Policy

2007-03-15 08:31:00 by Eric Marvets in The Security Samurai
 
...completely strip the logs of the IP and cookie, then it will never truly be anonymous, but I think they will change it to the point that the data could never be used in a court of law Its not perfect, but its better than nothing. They werent facing any possible government sanctions for eroding users privacy; in fact the exact opposite is...
 
Tags: privacy, google, privacy concerns, policy, google chat, financial data, data, google desktop, users privacy
 
 
 
 
Expand article

The Austin Project

2008-01-21 22:45:39 by RSnake in ha.ckers.org web application security lab
 
...completely missed the point of what I had talked about, but some dramatic and ultimately incorrect assumptions were drawn due to complete lack of technical understanding on this readers part. Im not going to out this person, because I dont think its productive. But it was pretty upsetting to me, because I do want people like this person to be...
 
Tags: people, competent people, project, helps people focus, austin project, austin project web-page, security, web application security, site
 
 
 
 
Expand article

TSA's Ideal Laptop Bag

2008-03-07 10:42:34 by schneier in Schneier on Security
 
...completely, and lie horizontally on the X-ray belt, such that one side with hold only the laptop A bag that would open completely, leaving the laptop standing vertically, supported by clips A bag that would pull apart in separate compartments, with one compartment containing only the laptop Doesn't sound like a particularly useful laptop bag
 
Tags: laptop bag, bag, laptop, bag designers, laptop bags, tsa, inches, inches wide, x-ray image
 
 
 
 
Expand article

Say When - Trusting Log Timestamps

2008-03-23 04:05:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -
 
...completely false timestamp in logs (BTW, today is Jan 1, 1970!) When might that happen? Typically when a logging system own clock is reset or not set correctly. This timestamp clearly should NOT be trusted Second, we can say that its always 5PM somewhere: in other words, what time zone are your logs in? EST? PDT? GMT? UTC? Or any of more than...
 
Tags: logs, windows event logs, syslog files, syslog, define logs, syslog-ng, system logs, syslog daemon, time
 
 
 
 
Expand article

PCI Co and ASVs

2008-03-21 23:53:00 by Random InfoSec Guy in Security Coin
 
...completely unethical. And ASVs should understand security. Seriously. I was completely aghast when I noticed Anurag's and Jermiah Grossman's blog entries about ScanAlert saying YOU DON'T HAVE TO FIX XSS ISSUES TO BE PCI COMPLIANT. Symantec and ScanAlert really need Security 101 XSS vulnerabilities do present a serious risk. However, to date...
 
Tags: xss, xss flaws, xss vulnerabilities, pci, site, cross-site, pci ssc, site-specific, xss attacks
 
 
 
 
Expand article

Responsible-ish Disclosure

2008-05-08 20:50:57 by Chris Eng in Zero in a bit
 
...completely generic, just a textbook example of what it looks like when you forget to check a return value after calling operator new. Sure, Core gives you the exact offsets into the executable, but so what? If I have the binary, then its not going to be too hard to find the vulnerability anyway. Its not like Core is giving away a...