SecurityRatty: tag: easier

Limiting Process Privileges Should Be Easier

2007-11-09 10:00:00 by Security Retentive in Security Retentive

...easier for a developer/administrator to define the policy for a given process and its run environment, without having to know this much arcana about exactly how to do it Luckily, there are a few OS-supplied solutions to the problem that while not perfect and still tricky to implement, are at least a step in the right direction Solaris Sun...

Tags: process, uid, effective process sandbox, kill, prohibit kill, uid range, prohibit, privileges, target uid

Real Artists Ship

2008-09-03 11:23:08 by Gunnar Peterson in 1 Raindrop

...easier to create markets than it is to create state capacity or to prevent its deterioration. Creating markets is a lot about letting go, establishing a reasonable policy framework, and allowing the natural hustling instinct to take over. In other words, hustling is the natural state. Building state capacity, on the other hand, is quite...

Tags: tata, tata workers, tata motors, security, india, india mulls, information security, functional development, software security

Crossing Borders with Laptops and PDAs

2008-05-16 06:10:33 by schneier in Schneier on Security

...easier to just ignore everything here and hope you don't get searched. Today, the odds are in your favour. But new forensic tools are making automatic searches easier and easier, and the recent US court ruling is likely to embolden other countries. It's better to be safe than sorry This essay originally appeared in The Guardian Some other...

Tags: customs agent pokes, customs agent, british customs agents, customs agents, agent, customs, entire hard drive, hard drive, data

Assessing the Security Benefits of Cloud Computing

2008-07-21 07:00:15 by Craig Balding in Cloud Security

...easier to control and monitor. The flipside is the nightmare scenario of comprehensive data theft . However, I would rather spend my time as a security professional figuring out smart ways to protect and monitor access to data stored in one place (with the benefit of situational advantage) than trying to figure out all the places where the...

Tags: benefits, cloud, security, technical security benefits, based, virtualization based cloud, efficient security software, security software, cloud market

Ideal Tool to Solve Real Problems ... of the Near Future? - II

2008-08-04 21:30:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -

...easier in recent years; agentless collectors like Project Lasso (which, BTW, just got updated ) and grabbing files remotely via secure protocols made application log collection easier (syslog-NG with TCP transfer and buffering also helped). Next, Windows 2008 will make it MUCH easier for the whole Windows kingdom due to their use of web serv...

Tags: log discovery, log, log diversity, esoteric log sources, log security, application log explosion, application, log analysis, log volume

What Does SHA1 is Broken Mean?

2007-12-12 07:35:00 by Eric Marvets in The Security Samurai

...easier ways of attacking a password field than targeting SHA1. An offline dictionary attack against the users passwords is several orders of magnitude easier. SHA1 protects the hash against brute force attacks. It does nothing to protect a user who chooses a poor password A system is only as strong as its weakest link Eric Marvets

Tags: sha1, choose sha1, sha1 protects, hash data, data, sha1 drops, hash function, hash, function

The Trouble with Threat Modeling

2007-09-26 19:11:00 by sdl in The Security Development Lifecycle

...easier if youre an expert who understands the process. For example, asset enumeration. Lets say youre threat modeling the GDI graphics library. What are the assets that GDI owns? A security expert might be able to answer the question, but anyone else will come to a screeching halt, and be unable to judge if they can skip this step and come...

Tags: threat, threat models, threat model, reasons threat, service threat, term threat, threat effectively, playsound threat model, development process

Privacy Policies Best Practices

2008-03-28 08:19:18 by Jen Albornoz Mulligan in Security & Risk Management

...easier to understand. Take a look at a rare financial example with ING Direct . Often times this requires that your privacy practices be very conservative about sharing data When explaining the customer's options, provide a link or information on how to exercise those options in the same place. If you give the consumer a choice about how...

Tags: main privacy policy, privacy policy, policy, privacy policies, level policy, policy apply, apply, illegible privacy policies, potential customer

Seven Habits of Highly Effective Security Plans [Part 4]

2007-10-09 13:38:00 by Allen Baranov, CISSP in Security Thoughts

...easier for everyone too when they know their goal and it makes deciding on what is important and what isn't very much easier A boilerplate is a good start if you haven't got any idea where to start. The risks to most companies are the same, the technology is similar too. Most of the techniques can be applied to all different organisations....

Tags: handle information security, information, past information security, voila- policy documents, policy, information security, policy documents, habits, plan

More on Application Security Metrics

2008-05-08 20:05:00 by Security Retentive in Security Retentive

Your name:
Your email:
Describe a problem:
AntiSPAM Validation:

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo