SEARCH RESULTS
 
Showing 1-10 of 136 records
 
Expand article

The Phorm Webwise System

2008-04-04 16:53:06 by Richard Clayton in Light Blue Touchpaper
 
...determine what interests you The idea is that advertisers can be more picky in who they serve adverts to youll get travel ads if youve been looking to go to Pamplona for the running of the bulls, car adverts if youve been checking out the prices of Fords (the intent is that Phorms method of distilling down the ten most common words on the...
 
Tags: phorm, system, phorm assumes, phorm argue, phorm system, extensive technical details, technical details, system anonymises, details
 
 
 
 
Expand article

Is Microsofts SDL Working?

2008-05-16 11:05:09 by Burton Group in Security and Risk Management Strategies Blog
 
...determine whether the SDL is working? Microsoft suggests that this is a simple exercise simply compare the number of public vulnerabilities disclosed for products prior to SDL with similar products developed after SDL. The most recent case was comparing Windows XP SP2 to Vista vulnerabilities in the first year. The count is down and Microsoft...
 
Tags: sdl, sdl efforts, sdl effectiveness, microsoft, microsoft surely, specific microsoft platform, effectiveness, effectiveness level, microsoft suggests
 
 
 
 
Expand article

Is Microsoft???s SDL Working?

2008-05-16 11:05:09 by Burton Group in Security and Risk Management Strategies Blog
 
...determine whether the SDL is working? Microsoft suggests that this is a simple exercise ??? simply compare the number of public vulnerabilities disclosed for products prior to SDL with similar products developed after SDL. The most recent case was comparing Windows XP SP2 to Vista vulnerabilities in the first year. The count is down and...
 
Tags: sdl, microsoft, sdl efforts, sdl effectiveness, microsoft surely, specific microsoft platform, microsoft suggests, effectiveness, effectiveness level
 
 
 
 
Expand article

An Open Letter to NIST About SP 800-30

The Article has images
2008-06-09 23:57:20 by rybolov in The Guerilla CISO
...Determine boundary Determine criticality Conduct a gap assessment against a catalog of controls (SP 800-53/800-53A Attach a priority to mitigation Perform risk avoidance because compliance models are yes/no frameworks Document Profit At Your Own Risk Photo by Mykl Roventine The reason that I am writing this is to let you know that I have...
 
Tags: risk management, risk management guide, risk management framework, risk assessment process, people, models, competent people, risk assessment, compliance models
 
 
 
 
Expand article

Recent Symantec and IBM vulnerabilities, giblets, banned APIs and the SDL

2008-01-04 23:37:00 by sdl in The Security Development Lifecycle
 
...determine the offending code, and sample exploit code. .WPD File Parser Vulnerability The WPD bug is due to an integer overflow it is possible to cause more than 2400 bytes to be copied from the WordPerfect file into the stack buffer. This overwrites the saved EIP and SEH, and can be exploited for arbitrary code execution Could the SDL have...
 
Tags: linker sdl requirements, sdl requirements, ibm, sdl, requirements, symantec, bugs affect ibm, bugs, sdl refers
 
 
 
 
Expand article

Stolen laptop contained unencrypted Fallon Community Health Plan information

The Article has images
2008-01-25 11:54:27 by Evan Francen in The Breach Blog
...determine the vendor from the 4 or 5 news reports I have read. If you know for certain, please comment members with Fallon Senior Plan and Summit ElderCare coverage I deeply regret that this incident occurred,'' said President and Chief Executive Officer Eric H. Schultz. "I sincerely apologize for the inconvenience and trouble this theft...
 
Tags: information, sensitive personal information, fallon, protect confidential information, accesses confidential information, fallon senior plan, senior plan, confidential information, unknown vendor
 
 
 
 
Expand article

Insecure folder on NSK Americas' internal network

The Article has images
2008-02-11 11:11:51 by Evan Francen in The Breach Blog
...determine if the information was inappropriately accessed or downloaded to personal computers Based on our investigation, security for this particular folder was likely compromised due to an IT administrative error when information was migrated to a new server in June 2006 Based on our corporate IT infrastructure, only 360 people out our...
 
Tags: nsk americas, nsk, nsk employees, non-nsk employees, sensitive personal information, personal information, breach description, breach, secure personal information
 
 
 
 
Expand article

Three intrusions go undetected at Antioch University

The Article has images
2008-03-31 16:23:10 by Evan Francen in The Breach Blog
...determined that an unauthorized intruder breached one of Antioch's computer systems on three different occasions: June 9, 2007, June 10, 2007, and October 11, 2007 Evan] Oh my! This is a tough pill to swallow. Obviously no intrusion detection or effective monitoring of this server. The protection of confidential information requires more...
 
Tags: antioch university, university, antioch university takes, antioch, antioch university faqs, information, personal information, incident, sensitive information
 
 
 
 
Expand article

Breach affects "ever student enrolled at Joliet West High School"

The Article has images
2008-04-10 11:06:34 by Evan Francen in The Breach Blog
...determined none of the data was used or disseminated," Hayes said Evan] Really? How would the school's investigation determine this? Admittedly I have never forensically examined an iPod before, but I wonder how you could determine that the information was not transferred or disseminated elsewhere. Mr. Janacek must have been pretty proud of...
 
Tags: school, access personal information, personal information, joliet, joliet west, police, joliet police, information, school report card
 
 
 
 
Expand article

Measuring Vulnerability

The Article has images
2008-04-14 14:31:38 by JonesJ in RiskAnalys.is