SEARCH RESULTS
 
Showing 1-10 of 64 records
 
Expand article

Tallying Twitters Application Security Best Practice Violations

2009-01-07 06:24:31 by Chris Eng in Zero in a bit
 
...encourage you to Be tricky Brute-force protections . Clearly theres no account lockout mechanism, unless of course happiness was at the top of the word list. While there is no perfect solution to brute force attacks, it would appear Twitter didnt even try Segregation of administrative functionality . I wont underestimate the amount of effort...
 
Tags: twitter, twitter account, twitter blog entry, twitter admins, twitter users, popular twitter service, twitter passwords, security, application security
 
 
 
 
Expand article

TrueCrypt's Deniable File System

2008-07-18 06:56:02 by schneier in Schneier on Security
 
...encourage the users not to blindly trust the deniability of such systems. Rather, we encourage further research evaluating the deniability of such systems, as well as research on new yet light-weight methods for improving deniability. So we cannot break the deniability feature in TrueCrypt 6.0. But, honestly, I wouldn't trust it. There have...
 
Tags: truecrypt, deniable file system, file system, truecrypt version, system, truecrypt dfs, deniable, truecrypt disk-encryption software, systems
 
 
 
 
Expand article

Walking with the SDL Part 2

2008-07-21 16:56:00 by sdl in The Security Development Lifecycle
 
...encourage you to use the Comments section at the bottom of each post to ask questions, give us feedback, or request other topics for us to cover Some quick definitions before we dive in. Ive been using the imagery of learning to crawl, walk and run as a way to provide some basic starting points that would move your organization toward...
 
Tags: define security requirements, security requirements, requirements, security, security development lifecycle, development lifecycle, security pulse, perform security analysis, principles
 
 
 
 
Expand article

Information security in bad economy

2008-10-26 19:37:40 by RaviC in Musings on Information Security
 
...Encourage employees to take free webinars offered by various security vendors and encourage them to share the summary across the team. This will put your employees in touch with latest happenings in security at the same time there is some learning that is imparted despite zero training budget Since there are very few projects in action, this...
 
Tags: information security, information security risks, risks, security, information security professionals, security manager, information security topic, security architecture, time
 
 
 
 
Expand article

Risk Management Lessons from the Mortgage Meltdown

2007-12-14 16:54:17 by Chris McClean in Security & Risk Management
 
...encourage greater risk and compliance responsibility, and in some cases, cooperation around industry standards and best practices
 
Tags: risk, risk exposure, risk management decisions, intelligent risk, risk-savvy media, risk management professionals, goldman sachs, goldman sachs performance, risk management information
 
 
 
 
Expand article

Ask the Auditor: Who is Responsible for Information Security?

2007-12-29 06:24:50 by Editor in Security Links
 
...encourage the right results. Directors must set the right tone at the top, communicating to executive management the business imperative of effective information security management 3) The internal audit function provides strategic, operational, and tactical value to an organizations operations. For example, internal auditing Tells the board...
 
Tags: information, information security, information policy, information security risks, information assurance, information security governance, information security managers, information security management, assign information security
 
 
 
 
Expand article

Myth vs. reality: Wireless SSIDs

2007-10-16 07:08:58 by Steve Riley in Steve Riley on Security
 
...encourage you to move to WPA2 as soon as possible. For those of you at home running XP and have kept it updated, or if you're running Vista, then, you simply need to enable WPA2 . We've got some additional guidance for home/small offices and for enterprise networks with certificate services or without . If you have hardware that's more than...
 
Tags: simple ssid discovery, network, ssid, wireless network, networks, enterprise networks, wireless networks, mac, secure networks
 
 
 
 
Expand article

No More Comments

2007-07-27 18:09:00 by Eric Marvets in The Security Samurai
 
...encourage you to send me comments via the contact form. I will now edit posts to include any comments I receive. If you need to send me a link, do not format it as HTML and leave off the http:// (those message will get blocked). I will format it correctly when it's posted Thanks Eric Marvets
 
Tags: comments, valid comments pales, comments feature, spam, spam messages, captcha function, edit posts, format, contact form
 
 
 
 
Expand article

Microsoft Security Intelligence Report - 1st Half 2007

The Article has images
2007-10-23 16:35:43 by jrjones in Jeff Jones Security Blog
...encourage you to look the whole report. However, here are a few of the things I would call out to you The number of disclosures of new software vulnerabilities across the industry continues to be in the thousands, with more than 3,400 new vulnerabilities disclosed in 1H07. But this number actually represents a decrease from 2H06, the first...
 
Tags: total vulnerabilities, vulnerabilities, report, severity vulnerabilities continue, software vulnerabilities, malicious software, sir results, software, results
 
 
 
 
Expand article

Could a Caveman Do It? The Surprising Potential of Simple Attacks

2008-01-07 09:15:52 by Editor in IEEE Security and Privacy
 
In an attempt to encourage engineers and security analysts to look at systems from the strangest perspectives, the author offers two examples why this is important: the first comes from the journalistic media the second comes from his group's research in protocol security for wireless ad hoc networking
 
Tags: author offers,