SEARCH RESULTS
 
Showing 1-10 of 62 records
 
Expand article

Laptop stolen from Cross Country Staffing employee

The Article has images
2008-02-12 12:27:55 by Evan Francen in The Breach Blog
Technorati Tag: Security Breach Date Reported 2/8/08 Organization Cross Country Staffing Contractor/Consultant/Branch None Victims Employees Number Affected Unknown According to the breach notification "Approximately 45 New Hampshire residents were affected by this incident Types of Data Names, Social Security numbers, and addresses ...
 
Tags: sensitive personal information, personal information, cross country, information, confidential information, employees, cross country employees, laptop, information security breach
 
 
 
 
Expand article

Cross-Device-Type Log Management vs Device-Specific Log Management

2008-06-02 14:38:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -
 
Now, I have to first admit that, in general, dealing with logs on a device-specific basis is a cruel joke . What I mean here is when you gather Windows logs in one place, Linux logs in another place, database logs in yet another place; all in different formats, all in different systems not connected to each others, all managed by different...
 
Tags: logs, pci relevant logs, log management, database logs, logs remain, gather windows logs, device-specific log management, server logs, type
 
 
 
 
Expand article

Managing Audit Thrash

2007-10-08 19:04:00 by Bryan in practical risk management
 
Ages ago, a computer science professor of mine spent several weeks of an operating systems design course talking about virtual memory management and paging strategies. One of the goals of a good paging strategy was to avoid "thrashing"... the undesirable state in which the kernel spends more time swapping pages in and out of physical memory than...
 
Tags: security audits leaves, security audits, controls information, information, controls, security, controls framework, framework, similar controls
 
 
 
 
Expand article

40,000 BlueCross BlueShield members notified of lost laptop

The Article has images
2008-03-11 15:31:27 by Evan Francen in The Breach Blog
Technorati Tag: Security Breach Date Reported 3/10/08 Organization HealthNow New York Inc Contractor/Consultant/Branch BlueCross BlueShield of Western New York Victims Healthcare members Number Affected 40,000 Types of Data Names, dates of birth, Social Security numbers, addresses, employer group names, and health insurance identifier...
 
Tags: sensitive personal information, personal information, information, confidential information, laptop, information owners, breach description, breach, security breach
 
 
 
 
Expand article

Every network has a firewall, shouldnt a virtual one have the same?

2008-02-10 15:07:45 by John Peterson in Security In The Virtual World
 
If you agree with the first part of the title to this blog, then logic would indicate that you agree with the second half of the title however the reality is that this isn't the practice that most companies are taking Why is this? I believe this is because history proves itself time and time again and in this case history has proven that we are...
 
Tags: security, low security environment, security servers, low security segments, low security machines, network, security takes, security virtual machines, machines
 
 
 
 
Expand article

Security In The Cloud: Introducing Cloud Mashups

The Article has images
2008-04-21 16:40:49 by Craig Balding in Cloud Security
Security in the cloud just got more complicated with the introduction of Cloud Mashups What Do You Get When You Cross Salesforce.com and Amazon S3 The answer we are told is Appirio Cloud Storage - a fully integrated Salesforce.com add-on that uses Amazons Simple Storage Service (S3) to store larger files. Previously, Salesforce.com users were...
 
Tags: cloud, cloud mashups, cloud storage arrangements, security, appirio cloud storage, appirio, data, data portability, crm data
 
 
 
 
Expand article

Every network has a firewall, shouldnt a virtual one have the same?

2008-02-10 15:07:45 by John Peterson in Security In The Virtual World
 
If you agree with the first part of the title to this blog, then logic would indicate that you agree with the second half of the title however the reality is that this isn't the practice that most companies are taking Why is this? I believe this is because history proves itself time and time again and in this case history has proven that we are...
 
Tags: security, low security environment, security servers, low security segments, low security machines, network, security takes, security virtual machines, machines
 
 
 
 
Expand article

Yahoos Browser-Based Authentication service

2006-09-29 20:52:58 by Liudvikas Bukys in Liudvikas Bukys
 
Yahoos release of open access to its BBAuth authentication service (see also here and here ) is a big step forward. Its just the thing for many simple applications. Its not as good as a user-controlled cross-provider identity scheme, but the emergence of a few real high-volume competing web services will help drive us there
 
Tags: cross-provider identity scheme, bbauth authentication service, real high-volume, step forward, yahoos release, simple applications, web services, emergence, access
 
 
 
 
Expand article

Orkut XSS Worm

2007-12-20 16:18:37 by RSnake in ha.ckers.org web application security lab
 
Several people sent this to me over the last few days but for those of you who hadnt seen it in the myriad of different places it showed up, Orkut was hacked using a XSS worm . Orkut is Googles version of social networking. It was big for a while, but I think everyone bailed in favor of the more open MySpace and Facebooks of the world. Its still...
 
Tags: orkut, worm, post, community, orkut community, post scrapbook, xss worm, post requests, worm code
 
 
 
 
Expand article

Covert channel vulnerabilities in anonymity systems

2007-12-10 10:39:42 by Steven J. Murdoch in Light Blue Touchpaper