SEARCH RESULTS
 
Showing 1-10 of 373 records
 
Expand article

Application Due Care

2008-02-18 08:55:12 by RaviC in Musings on Information Security
 
Often I hear phrases such as "if the application is truly built secure inside-out, then there is no need for other security layers". Truly secure application is a far fetched statement 1. What is the application made of? - Complexity 2. How was the application built? - Methodology 3. Where does the application run? - Environment 1. Complexity -...
 
Tags: application, application due care, development methodology, methodology, application runs, application exist, application security, development, secure application
 
 
 
 
Expand article

Summarizing August's Threatscape

The Article has images
2008-09-10 06:57:32 by Dancho Danchev in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...due to the easily obtainable templates for the sites, several malware campaigns targeting popular social networking sites, Russian's organized cyberattack against Georgia with evidence on who's behind it pointing to "everyone" and a few botnets dedicated to the attack making the whole process easy to outsource and turn responsibility into an...
 
Tags: malware, facebook malware campaigns, usefulness pinch malware, banker malware kits, malware campaigns, botnet, diy botnet kit, distribute malware, banker malware
 
 
 
 
Expand article

The ID Divide

2008-06-04 06:34:45 by schneier in Schneier on Security
 
...due diligence" process comes into play when considering and implementing identification systems. Due diligence in the financial world of mergers and acquisitions and other important corporate transactions is conducted before a company makes a major investment. Proponents of, say, a merger (or in our case, a new identification program) can err...
 
Tags: identification technologies, identification, identification programs, identification systems, due diligence, due diligence insights, process, due diligence process, identification program
 
 
 
 
Expand article

PrincipalPermissionAttribute and Static ctor Leads to DoS

2007-12-03 09:03:00 by Keith Brown in Security Briefs
 
...due to a {1 Thread.CurrentPrincipal.Identity.Name x.GetType().Name static void becomeNormalUser Thread.CurrentPrincipal = new GenericPrincipal new GenericIdentity("Bob"), null static void becomeSuperUser string[] roles = { "SuperUser Thread.CurrentPrincipal = new GenericPrincipal new GenericIdentity("Alice"), roles Here's the output of...
 
Tags: class sensitive, sensitive, class, class level, static constructor, inside static constructor, class program, static constructor leads, static void
 
 
 
 
Expand article

Dissecting a Managed Spamming Service

The Article has images
2008-07-30 05:32:44 by Dancho Danchev in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...due to AOL. What they're actually trying to say is due to AOL's use of Domain Keys Identified Mail (DKIM). As far as localization of the spam to the email owner's native languag e is concerned, this segmentation concept has been take place for over an year now This service, like the majority of others rely entirely on malware infected hosts,...
 
Tags: spam, spam message, spam discounts, spam database, spam databases, spam email, email, emails based, email servers
 
 
 
 
Expand article

All Your iFrame Are Point to Us

The Article has images
2008-02-11 13:57:00 by Panayiotis Mavrommatis in Google Online Security Blog
...due to poor web server security, we analyzed the version numbers reported by web servers on which we found malicious pages. Specifically, we looked at the Apache and the PHP versions exported as part of a server's response. We found that over 38% of both Apache and PHP versions were outdated increasing the risk of remote content injection to...
 
Tags: malware distribution sites, malware distribution, malware, anti-malware team, malware payload, chinese web servers, servers, regular web sites, web sites
 
 
 
 
Expand article

A Continental nightmare

2008-06-13 03:35:05 by HASH0x8c0ef34 in StillSecure, After All These Years
 
...due to my low status I was far down the list and would not make the flight. My luggage would though. OK, so I will hang at the airport and work a few hours. Just before the plane takes off they call my name and tell me to wait at the end of the jetway. They are checking the plane and if there is a seat I can take it. I get the last seat on...
 
Tags: denver airport, denver, denver houston flight, flight, lauderdale flight, continental, houston, continental airlines, luggage
 
 
 
 
Expand article

A Continental nightmare

2008-06-13 04:34:55 by ashimmy in StillSecure, After All These Years
 
...due to my low status I was far down the list and would not make the flight. My luggage would though. OK, so I will hang at the airport and work a few hours. Just before the plane takes off they call my name and tell me to wait at the end of the jetway. They are checking the plane and if there is a seat I can take it. I get the last seat on...
 
Tags: denver airport, denver, denver houston flight, flight, lauderdale flight, continental, houston, continental airlines, luggage
 
 
 
 
Expand article

Colorado Division of Motor Vehicles cited in audit report

The Article has images
2008-07-11 09:18:07 by Evan Francen in The Breach Blog
...due to flaws in the way driver's-license information is handled, lawmakers learned Tuesday at an interim transportation committee hearing Reference URL The Denver Post Report of The State Auditor, Driver's License and Identification (ID) Card Security Report Credit Jessica Fender, The Denver Post - Brought to the attention of The Breach...
 
Tags: information, personal information, information security, information security breaches, sensitive information, information security strategy, information security program, security, cyber security
 
 
 
 
Expand article

A Diverse Portfolio of Fake Security Software - Part Four

The Article has images