SecurityRatty: tag: elevation

Microsoft Releases Nine Security Updates for Windows, Office

2007-08-14 13:30:25 by Editor in Cheap Hack

...Elevation of Privilege Critical: MS07-050Vulnerability in Vector Markup Language Could Allow Remote Code Execution The only critical vulnerability affecting Windows Vista is MS07-050, the VML bug. This isn't the first set of security updates for VML. Several other non-security updates were released as well, along with a new version of the...

Tags: remote code execution, windows, critical, include critical vulnerabilities, security, critical vulnerability, microsoft, windows media player, windows gadgets

The STRIDE per Element Chart

2007-10-29 23:06:46 by sdl in The Security Development Lifecycle

...elevation of privilege against an external entity, well, by definition, we cant fix it. Its external. So is there value in calling out that risk in threat modeling? Sometimes there might be Breach Disclosure Laws Sometimes organizations lose control of data thats been entrusted to them. You might find that risk as an instance of information...

Tags: element chart, chart, stride, specific, specific threats, cve data, data, stride chart, threats

Training People on Threat Modeling

2008-03-14 23:11:12 by sdl in The Security Development Lifecycle

...Elevation of Privilege) doesnt make a very memorable acronym. Memorable is important when training people. Our reviewers have raised this as an issue, and d love to get feedback from our readers. How can we ensure that the software we build has the right level of logging and audit-ability? What evocative words can we use, and can you help us...

Tags: web site, site, threat, windows, windows source code, code, people, degrade service, non-repudiation

Montego Networks spotted on radar

2008-03-28 12:40:02 by John Peterson in Security In The Virtual World

...elevation just enough to be seen on the virtualization industries radar detector. Montego Networks announcement of securing virtual network communications between VMs has everyone buzzing but what has caught most peoples attention is Montego Networks technology that enables 3 rd party security vendors to do the same thing (VM to VM). Now, Im...

Tags: montego networks, montego, montego networks technology, montego networks announcement, announcement, virtual communication, communication, party security vendors, security vendors

Microsoft rings alarm on Windows rights bug

2008-04-18 13:00:00 by Editor in Computerworld Security News

Microsoft is warning users of an "elevation of privilege" flaw in most versions of Windows, but did not say whether it would release a patch for the problem, or when it would do so if it does come up with a fix

Tags: windows, microsoft, fix, elevation, release, users, flaw, versions, privilege

More on Fallacy #4

2008-05-16 13:04:06 by Gunnar Peterson in 1 Raindrop

...Elevation of Privilege threats at the edge. I understand why Arnon left Spoofing off his list, but would like to see him add audit logging to deal with Dispute

Tags: secure service, service, rest, rest specifies, service firewall pattern, network, fallacies, secure, pretty solveable

Windows Admin Goodies From Microsoft

2008-06-02 18:03:05 by Editor in Cheap Hack

...Elevation PowerToys for Windows Vista . These expand the Windows RunAs functionality to some popular 3rd party admin tools, like KiXtart and ActivePerl . Some examples combine it with the Elevate power tool to allow you to do RunAs for programs, like the MMC, which are often resistant to RunAs. There is also a PowerToy for running a CMD shell...

Tags: sysinternals set, windows runas functionality, runas, sysinternals, microsoft, current version, files, current files, sysinternals tools

Montego Networks spotted on radar

2008-03-28 12:40:02 by John Peterson in Security In The Virtual World

...elevation just enough to be seen on the virtualization industries radar detector. Montego Network???s announcement of securing virtual network communications between VM???s has everyone buzzing but what has caught most people???s attention is Montego Network???s technology that enables 3 rd party security vendors to do the same thing (VM to...

Tags: montego, montego networks, virtual communication, communication, party security vendors, security vendors, virtual, virtual network communications, physical

Arnon Rotem-Gal-Oz on SOA Security

2008-07-14 13:40:01 by Gunnar Peterson in 1 Raindrop

...elevation of privilige and what not. A trivial thing like exposing a transaction beyond service boundaries can translate to an attacker denying services in your system simply by locking out your database. Again, this is just a simple example The other thing about Security is that you have to consider it early. patching security "later on" can...

Tags: soa, soa security, security, services, web services security, web services, security standpoint, arnon, gateway

Your name:
Your email:
Describe a problem:
AntiSPAM Validation:

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo