SEARCH RESULTS
 
Showing 1-10 of 133 records
 
Expand article

Boston Court's Meddling With 'Full Disclosure' Is Unwelcome

2008-08-21 04:00:00 by Bruce Schneier in Wired Security
 
...disclosure," asking whether researchers should be permitted to disclose details of a fare-card vulnerability that allows people to ride the subway for free The "Oyster card" used on the London Tube was at issue in the Dutch case, and a similar fare card used on the Boston "T" was the center of the U.S. case. The Dutch court got it right, and...
 
Tags: computer security improves, security improves, computer security, security, mit security researchers, security devices, security holes, disclosure, security properly
 
 
 
 
Expand article

Some Comments on PayPal's Security Vulnerability Disclosure Policy

2007-11-27 18:07:00 by Security Retentive in Security Retentive
 
...disclosure and remove disincentives (threat of legal liability Make clear our expectations in these areas, since this is a new and evolving area of security vulnerability disclosure with more than a little legal uncertainty Through our policy - set a standard we hope others can follow. We carefully constructed the language in the policy with...
 
Tags: disclosure, encourage responsible disclosure, responsible disclosure, security, security vulnerability disclosure, policy, security vulnerability, disclosure policies, disclosure statement
 
 
 
 
Expand article

What If All Vulnerabilities Had This Disclosure Timeline?

2008-02-07 02:08:33 by Chris Wysopal in Zero in a bit
 
...disclosure (no details) with online demonstration Feb 6, 2008: Vulnerability still not patched Its not your typical disclosure time line. In recent years we have become accustomed to a disclosure time line that goes something like this Typical Timeline Dec 16, 2007: Vendor notified of vulnerability and given exploit code Feb 6, 2008: Public...
 
Tags: vulnerability finders, vulnerability, vulnerability exists, heap overflow vulnerability, gleg realplayer vulnerability, gleg customer, customer, gleg, exploit code
 
 
 
 
Expand article

5 Lessons on Public Disclosure From Elliot Spitzer

2008-03-12 17:26:54 by Bill in Grumpy Security Guy
 
...disclosure of his err vulnerability Here are 5 lessons you can use if you ever find yourself involved in a public disclosure of a vulnerability on your web site or a disclosure of a massive breach 1. Understand that you have been caught Spitzer quickly understood that the cards where stacked against him and decided denials and platitudes...
 
Tags: public disclosure, disclosure, response, pretty quick response, cross site, fight cross site, time, law enforcement, incident response team
 
 
 
 
Expand article

Responsible-ish Disclosure

2008-05-08 20:50:57 by Chris Eng in Zero in a bit
 
...disclosure irresponsible. But look at the code its completely generic, just a textbook example of what it looks like when you forget to check a return value after calling operator new. Sure, Core gives you the exact offsets into the executable, but so what? If I have the binary, then its not going to be too hard to find the vulnerability...
 
Tags: text, esi, 00405c1b mov esi, ecx, 00405c31 push esi, 00405c3e mov ecx, recent dos vulnerability, vulnerability, 00405c21 test esi
 
 
 
 
Expand article

New Hurdles for Vulnerability Disclosure

2008-05-22 06:22:47 by Editor in IEEE Security and Privacy
 
...disclosure is an important part of information security. In recent years, vulnerabilities in specific Web sites and SCADA implementations have created new hurdles for vulnerability disclosure. These aspects of information security have different risks and benefits to the involved stakeholders, which has prevented the establishment of an ideal...
 
Tags: vulnerability disclosure, information security, specific web sites, ideal environment, hurdles, scada implementations, establishment, stakeholders, benefits
 
 
 
 
Expand article

Security agency calls for EU laws on breach disclosure

2008-05-30 00:00:00 by HASH0x8b04518 in Network World on Security
 
A European Union-wide advisory body this week called for security breach disclosure regulations tougher than those in the U.S. as a step toward raising awareness of the seriousness of security threats
 
Tags: security threats, seriousness, awareness, step, week
 
 
 
 
Expand article

On Logs and Breach Disclosure Laws

2008-07-03 13:40:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -
 
...disclosure laws " at ComputerWorld. I personally find the premise that logs help with breach notification mandates to be a perfect no-brainer, but it looks like some people consider it to be deep insight And, let's leave it at that: deep insight it is Key point for the impatient bunch: "... logs are essential for compliance with...
 
Tags: logs, deep insight, laws, save massive amounts, fun paper, impatient bunch, breach notification, perfect no-brainer, law
 
 
 
 
Expand article

Blue Box #80: VoIPShield vulnerabilities, what is ethical disclosure?, SIP trunking, VoIP security news, new nomadism, and much more...

The Article has audio podcast
2008-07-15 16:22:35 by HASH0x8b3bcb4 in Blue Box: The VoIP Security Podcast
 
...disclosure?, SIP trunking, VoIP security news, new nomadism, and much more Welcome to Blue Box: The VoIP Security Podcast #80, a 44-minute podcast from Dan York and Jonathan Zar covering VoIP security news, comments and opinions Download the show here (MP3, 20MB) or subscribe to the RSS feed to download the show automatically NOTE: This show...
 
Tags: voip, voip security news, voip news australia, voip news, voip security, voip security podcast, voipsa blog site, voipsa, voipshield vulnerabilities