SecurityRatty: tag: configurations

Weve reached the application security tipping point

2008-11-04 19:06:02 by Chris Wysopal in Zero in a bit

...configurations. Now we are in the midst of the third major shift. OS vendors such as Microsoft and Linux have scrubbed out most of the defects in the OS code. Microsoft Windows went over a year without a remote unauthenticated wormable vulnerability. Attackers have moved on to applications No longer are OS vendors and other large...

Common Criteria and answering the question 'Is it Safe'

2007-12-20 16:57:00 by sdl in The Security Development Lifecycle

...configurations Lets talk about each of these in the context of Common Criteria For classes of products where protection profiles (PP) have been defined, CC arguably does a reasonable job is addressing design vulnerabilities . A protection profile outlines customers interests and needs in terms of security features/functionality. Smart cards...

Tags: criteria, fails, common criteria fails, common criteria, common criteria arguably, common, arguably, arguably deficient, security

Who should do your security audits? Or, how do you organize the security department?

2008-02-07 22:25:32 by Steve Riley in Steve Riley on Security

...configurations. Others in the security department are uneasy with this, and prefer that someone else do the auditing. I've encountered similar tension before, and it always makes me wonder why information security folk and auditors frequently have trouble working together. As I thought more about this, I began to wonder if maybe there's a...

Tags: information, information assets, information security, alignment folk, security alignment folk, information security department, alignment, security department, security

PCI V1.2, a good start but still not enough

2008-09-03 16:56:31 by Burton Group in Security and Risk Management Strategies Blog

...configurations Virtualized environments while the PCI Security Standards Council recognizes that some organizations have moved to virtual services for consolidation and management, the DSS really doesnt provide guidelines for QSAs to evaluate and certify these environments Monitoring and audit while the PCI DSS recommends minimum timeframes...

Tags: pci, security, security assessor, security model, pci dss, dss, pci security requirements, requirements, qsa

PCI V1.2, a good start but still not enough

2008-09-03 16:56:31 by Burton Group in Security and Risk Management Strategies Blog

...configurations Virtualized environments ??? while the PCI Security Standards Council recognizes that some organizations have moved to virtual services for consolidation and management, the DSS really doesn???t provide guidelines for QSAs to evaluate and certify these environments Monitoring and audit ??? while the PCI DSS recommends minimum...

Tags: pci, security, security assessor, security model, pci dss, dss, pci security requirements, requirements, qsa

How Quickly Should Microsoft Rush Out Critical Updates?

2008-12-26 18:07:39 by Editor in Cheap Hack

...configurations that must be tested. Consider this particular bug: every supported version of Windows, every supported version of Internet Explorer on them, every language. Then a whole lot of IE application code undoubtedly needed to be tested. I've done some test automation programming and I'm sure Microsoft has put extensive resources into...

Tags: microsoft, patch, patch tuesday, multiple patches, patches, prototype patch, microsoft patches, subsequent patch, patch recently

Larry Sutos Paper Drama

2008-01-02 14:53:30 by RSnake in ha.ckers.org web application security lab

...configurations, or the types of sites, or whatever you like - again, Im not interested in that part at all. What I am interested in is the concept - which is that if you cannot locate the page the exploit resides on, it doesnt matter how good your exploitation engine is . Heres what you should get out of that post, and nothing more: crawling...

Tags: paper, larry sutos paper, scanners, commercial scanners, test environment, environment, test, time, people

Sunbelt + Dell = Ninja Blade

2008-01-15 11:14:38 by Editor in Cheap Hack

...configurations that Sunbelt rates with user capacity of 500 up to 5000. The low-end unit starts at $1,995. Ninja Blade, like Ninja, uses multiple anti-spam engines to block unwanted e-mail. BitDefender anti-virus scrubs e-mail of malware, and flexible attachment filtering allows administrators to stop or allow files as they see fit. Exchange...

Tags: ninja, ninja blade, sunbelt, server, server system, products, network security products, network, exchange server

Cisco veteran launches net management start-up

2008-01-31 00:00:00 by Denise Dubie in Network World on Security

Pari Networks introduces its network change and configuration management product that the company says helps network and security managers assess and remediate configurations across devices to secure networks and ensure compliance

Tags: configuration management product, pari networks introduces, security managers assess, helps network, ensure compliance, network change, secure networks, devices, configurations

Your name:
Your email:
Describe a problem:
AntiSPAM Validation:

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo