SEARCH RESULTS
 
Showing 1-10 of 70 records
 
Expand article

John Strand - "Advanced Hacking Techniques and Defenses" (and demos of evilgrade/passing the hash/msfpayload) from Louisville Infosec 2008

2008-10-11 16:08:29 by Editor in Irongeek's Security Site
 
...Defenses" (and demos of evilgrade/passing the hash/msfpayload) from Louisville Infosec 2008 John Strand gave this presentation for the Kentuckiana ISSA at the Louisville Infosec 2008 conference. He gives a fascinating talk about why "security in depth" is dead, and lives again. John then goes on to demo Evilgrade, using msfpayload and...
 
Tags: john strand, john, louisville infosec, msfpayload, demo evilgrade, defenses, samba client, demos, sam hashes
 
 
 
 
Expand article

"Crawling" Toward SDL

2008-03-06 22:13:00 by sdl in The Security Development Lifecycle
 
...defenses I discuss below were first made available in that version. Lets look at some of the tools you can use to get crawling toward SDL today Detailed awareness of your architecture and its attack surface Threat Modeling Even if you are past the design phase, assign someone to do a retrospective model (perhaps as part of a pre-release...
 
Tags: sdl, security, perform security analysis, application security, application, applications security, security issues, issues, non-microsoft sdl engagements
 
 
 
 
Expand article

Recent Symantec and IBM vulnerabilities, giblets, banned APIs and the SDL

2008-01-04 23:37:00 by sdl in The Security Development Lifecycle
 
...defenses (such as the Microsoft Link /SAFESEH flag) - both of which are SDL requirements. I also assume that the code is not linked with No-Execute (/NXCOMPAT), which is also an SDL requirement. Summary Bugs are interesting, you can learn a lot from your own bugs, but also from the bugs in other products. From an SDL perspective, there is...
 
Tags: linker sdl requirements, sdl requirements, ibm, sdl, requirements, symantec, bugs affect ibm, bugs, sdl refers
 
 
 
 
Expand article

Colorado Division of Motor Vehicles cited in audit report

The Article has images
2008-07-11 09:18:07 by Evan Francen in The Breach Blog
...defenses Evan] This is putting the cart before the horse. After reading some of the audit results it is clear to me that there is no information security strategy, no effective information security management, and no formal information security program. These administrative issues need to be addressed well before "technological defenses"...
 
Tags: information, personal information, information security, information security breaches, sensitive information, information security strategy, information security program, security, cyber security
 
 
 
 
Expand article

Security is not all about Security Updates

2007-12-17 12:58:00 by sdl in The Security Development Lifecycle
 
...defenses. Which means you can never hope for zero security vulnerabilities. We have seen many of these forward-looking defenses in action in Windows Vista, IIS6, SQL Server 2005 and Office 2007 Look carefully at the list of products I just mentioned, they are all products that had a full release after the implementation of security process...
 
Tags: security, end-user security documentation, security response, fix security bugs, response, security fix, implementation vulnerabilities, vulnerabilities, security feature development
 
 
 
 
Expand article

Network threats develop 'antibiotic' resistance

2008-02-12 00:00:00 by Andreas M. Antonopoulos in Network World on Security
 
...defenses against malware, in many ways simulating the functions of biological immunity systems. I find that biological sciences and especially evolution provide some great insights into the behavior of malware, malware creators and malware defenses over longer periods of time. I also see a lot of parallels between the evolution of malware and...
 
Tags: malware, malware creators, malware defenses, evolution science, evolution, evolution provide, stealthy p2p networks, biological immunity systems, scientific field
 
 
 
 
Expand article

Data-centric security: How far do you de-perimeter your perimeter?

2007-12-18 14:30:00 by Michael Concordia in Data Protection, Management and Leakage
 
...defenses But, if you lock things down to the point where people cant do business, that obviously defeats the purpose; business rules and processes must enter into the equation as well, allowing people to collaborate, share documentsin short, to do business. And this is where data-centric security has already begun playing a more important...
 
Tags: data, data-centric security, data-centric models, business, business rules, defenses, hard perimeter defenses, opteron battle, people
 
 
 
 
Expand article

Students breach Williamsville Central School District security

The Article has images
2008-04-15 15:12:32 by Evan Francen in The Breach Blog
...defenses of a classroom computer at Williamsville North and went trolling for information Evan] I can only imagine what the "security defenses" entailed. A student (or "hacker") can do a lot of damage if they are granted physical access to a computer. Obviously the students need to access classroom computers. Having said this, doesn't it then...
 
Tags: district, students, school, suburban school district, school students, secure personal information, personal information, school district, information
 
 
 
 
Expand article

Designing Processors to Support Hacking

2008-04-24 13:52:33 by schneier in Schneier on Security
 
...defenses. More complex designs that attack the software are unexplored, as are the countermeasures an attacker may take to bypass proposed defenses We present the design and implementation of Illinois Malicious Processors (IMPs). There is a substantial design space in malicious circuitry; we show that an attacker, rather than designing one...
 
Tags: additional, additional hardware, hardware, exible hardware, design hardware, design, counterfeit computer hardware, attacks, support attacks