SEARCH RESULTS
 
Showing 1-10 of 48 records
 
Expand article

The Bitrix open redirect vulnerability: a lesson in the absurd

2008-07-22 23:00:00 by Russ McRee in HolisticInfoSec.org
 
...EXACT SAME VULNERABLE REDIRECT SCRIPT http://en.securitylab.ru/bitrix/redirect.php?event3=352513 goto=http://holisticinfosec.org/content/view/62/45 To this day, neither the vendor's site, nor Security Lab's site have been mitigated A malicious attacker could send a "security advisory" in a phishing email, supposedly from Security Lab, and...
 
Tags: vulnerability, redirect, redirect vulnerability, cve vulnerability advisory, redirect vulnerabilities, bitrix site manager, site, issue, secure issue
 
 
 
 
Expand article

Making Risk Measures Agree with Accounting 100%

2006-12-26 05:27:00 by Jomni in Risk Management Quant
 
...exact because of the uncertainty of risk. Because of the future-centric nature of risk measurement, generalizations and simplifications in the models are made and may not necessarily result into exact market values, etc. In risk measurement, benchmark results are acceptable as long as they are reasonable (where you can see the degree of...
 
Tags: risk, risk software, software, risk measurement, values, exact market values, exact, exact cent, cent
 
 
 
 
Expand article

Microsoft SDL Process in detail

2008-04-09 19:13:00 by sdl in The Security Development Lifecycle
 
...exact duplication of the SDL for a number of reasons but its pretty darn close. Given that caveat, allow me to illustrate a few points about this guidance First, we have gone through and removed Microsoft specific jargon, references to internal resources on our intranet, and things that would likely make zero sense to an audience outside of...
 
Tags: sdl, microsoft sdl, sdl process, microsoft, sdl guidance, guidance, secure, secure software development, development
 
 
 
 
Expand article

Cell Phone Spying

2008-05-09 06:27:12 by schneier in Schneier on Security
 
...exact whereabouts, any time as long as theyve got their phone on them All you have to do is log on to the web site and enter the target phone number. The site sends a single text message to the phone that requires one response for confirmation. Once the response is sent, you are locked in to their location and can track them step-by-step. The...
 
Tags: phone, cell phone, target phone, cell phone towers, service, service promises, location, exact location, single text message
 
 
 
 
Expand article

SQL Injection Defense Tools

2008-06-24 16:43:00 by sdl in The Security Development Lifecycle
 
...exact line of source code where the error occurs However, sometimes you dont have access to the complete source code of your application; for example, you might use third-party libraries or services in your code. This is where Scrawlr comes in. Scrawlr is a black-box analysis tool that doesnt require access to source code. You just give...
 
Tags: source code, complete source code, tools, source, source-code analysis tools, defense, sql injection defense, detection tools, sql injection
 
 
 
 
Expand article

Employee fraud hits Baptist Health in Arkansas

The Article has images
2008-07-11 00:00:20 by Evan Francen in The Breach Blog
...exact appearance of the images on a computer screen - that showed victims personal information Evan] This seems like confirmation that "may have been breached" is not all that accurate Also found were four Wal-Mart gift cards and $ 1,490 in cash Police found a small bag of marijuana on Flowers, according to the reports. In a search...
 
Tags: confidential personal information, personal information, baptist health system, health system, fraud, victims personal information, employee fraud, baptist health, employee
 
 
 
 
Expand article

10 things you should be doing to protect your company against email risks

2007-11-02 23:30:15 by Administrator in Email security & compliance blog
 
...exact terms what is allowed and what is not 9: Archive emails ; Many industries now face regulations that require them to archive emails for a number of years, including the health care, legal and financial industry. Fail to archive your emails and your company might face substantial fines. In addition, you need to be able to quickly search...
 
Tags: policy, email policy violations, email-policy, email policy rules, rules, email policy, risks, email risks, email
 
 
 
 
Expand article

Phishing Using FasterFox Prefetching

2008-01-03 16:18:15 by RSnake in ha.ckers.org web application security lab
 
...exact reason I never used to use Opera. Sure you can turn it off, but pre-fetching has always been a dangerous thing to me. It can speed things up because it pre-fetches and caches the results, but if it pre-fetches and triggers something, like auto-deletion of your account, or automatically adds something to a shopping cart or anything else,...
 
Tags: fasterfox, firefox prefetches, trick fasterfox-users, http-auth dialog pops, link, http-auth dialog immediately, firefox, email, people
 
 
 
 
Expand article

Lloyds TSB warning may panic some customers

The Article has images
2008-01-05 00:47:26 by Evan Francen in The Breach Blog
...exact number, the type of Trojan or how it discovered the information Evan] Lloyds TSB sends the letter, then won't provide any useful information. If Lloyds TSB had evidence about some "difficult to detect" virus on my computer that was stealing my information, I would certainly like to know what it was Lloyds TSB said, "We received...
 
Tags: lloyds, lloyds tsb customers, customers, lloyds tsb, lloyds tsb passwords, internet login details, internet, information, information security professionals
 
 
 
 
Expand article

Bogus Microsoft sweepstakes emails

2007-08-19 22:35:48 by Steve Riley in Steve Riley on Security
 
Over the past month I've received at least three enquiries from people asking about the legitimacy of emails claiming the recipients have won large amounts of money in a Microsoft sweepstakes or lottery -- often 500,000 British pounds. This is an easy question to answer: they're fake Recently, someone forwarded me the email. Let's examine some...
 
Tags: microsoft sweepstakes, sweepstakes, microsoft, email, email insists, domain, american domain, subject line, emails