SEARCH RESULTS
 
Showing 1-10 of 99 records
 
Expand article

Walking with the SDL Part 2

2008-07-21 16:56:00 by sdl in The Security Development Lifecycle
 
...explain why solving security problems is in their best interests and create an environment where they know voicing security concerns is encouraged Training has been one of the earliest and most important elements of the SDL at Microsoft. From our experience, we learned that the most effective approach is to divide your training into two...
 
Tags: define security requirements, security requirements, requirements, security, security development lifecycle, development lifecycle, security pulse, perform security analysis, principles
 
 
 
 
Expand article

What Does SHA1 is Broken Mean?

2007-12-12 07:35:00 by Eric Marvets in The Security Samurai
 
...explain why it was appropriate to use SHA1. But for those of you looking to understand the why behind the example, Ill take a few minutes to explain it What exactly is SHA1 SHA1 is a hashing algorithm, also known as a one way function. A one way function is where given any value of x, it is easy to find f(x), but given f(x) it is...
 
Tags: sha1, choose sha1, sha1 protects, hash data, data, sha1 drops, hash function, hash, function
 
 
 
 
Expand article

Encryption Presentation - .NET Developers Group - NYC Microsoft Offices - June 21st

2007-04-02 06:46:00 by Eric Marvets in The Security Samurai
 
...explain what they do and often developers think their data is more secure than it actually is During the presentation, well quickly cover some high level encryption basics (asymmetric, symmetric, and one way hashes), but will spend most of our time dealing with symmetric encryption; namely how and why you configure a symmetric algorithm to...
 
Tags: encryption, presentation, level encryption basics, similar presentation, net developers, developers, symmetric, symmetric algorithm, symmetric encryption
 
 
 
 
Expand article

More on Security vs Risk

The Article has images
2007-12-21 11:57:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -
So, I was reading some survey and came across this bizarre, mind-boggling (maybe even 'mind-numbing?') picture How can security be THAT disconnected from risk? Can somebody explain this to me? (Please don't explain by stating "crappy survey methodology" - I can pull this one myself, thank you very much Mr Hoff, can you help here About me:...
 
Tags: survey, crappy survey methodology, security, explain, risk, org, bizarre, pull, hoff
 
 
 
 
Expand article

Don't Try This At Home

2007-11-05 21:52:28 by sdl in The Security Development Lifecycle
 
...explain what I mean by mitigations because apparently theres some confusion. We have folks here at Microsoft who call things like the /GS compiler flags "mitigations." When I talk about mitigations in a threat modeling context, I mean things that prevent an attack from working. For example, encryption mitigates information disclosure threats....
 
Tags: mitigations, custom mitigations, security mitigations, innovative mitigations, software projects, software, expert, design, design principles
 
 
 
 
Expand article

The Austin Project

2008-01-21 22:45:39 by RSnake in ha.ckers.org web application security lab
 
...explain some of the esoteric nuances to watch out for and I suddenly realized I had never talked about it before on the site, and I probably never would have because I ultimately consider a lot of that stuff to be the basics (even though apparently not a lot of people know about it). I usually try to skirt around the basics as to avoid...
 
Tags: people, competent people, project, helps people focus, austin project, austin project web-page, security, web application security, site
 
 
 
 
Expand article

C, I .... Hey!!! Where is my 'A'???

2008-02-03 15:28:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -
 
...explained too Mr Hoff Strikes Back" discussion is here So some random points while I still have time (the Brits still sell Internet by the minute, darn it Security team usually does not own the 'A' - IT does. If you think "IT availability" equals "DoS defense", your view is painfully narrow It sucks that some folks chose 'A' over 'C-I-A',...
 
Tags: security, security folks, security team, discussion, initial discussion, c-i-a, c-i-a risks, cesg gchq tomorrow, colleague michael farnum
 
 
 
 
Expand article

Excel Spreadsheet on the web exposes Army officers and civilians

The Article has images
2008-04-13 20:23:28 by Evan Francen in The Breach Blog
...explain that The Army's Acquisition Support Center has temporarily shut down its website to scrub the information from the spreadsheet We regret that this error occurred. We have temporarily taken the web site down to make the necessary corrections. We will bring the website back online once the corrections have been verified," an Army...
 
Tags: web, personal information remains, personal information, army, usaascs web site, information, spreadsheet, usaasc response, usaasc
 
 
 
 
Expand article

How to Sell Security

2008-05-26 05:57:29 by schneier in Schneier on Security
 
...explain how people make trade-offs that involve risk. Before this work, economists had a model of "economic man," a rational being who makes trade-offs based on some logical calculation. Kahneman and Tversky showed that real people are far more subtle and ornery Here's an experiment that illustrates Prospect Theory. Take a roomful of subjects...
 
Tags: security, loss, risky loss, risky larger loss, gain, risky larger gain, security purchase, directly, security directly
 
 
 
 
Expand article

Logging, Correlation and IT Search: An Analogy

The Article has images
2008-06-06 17:00:00 by JJ in Security Uncorked
...explain the value of IT logging, event correlation and IT search functions to non-technical folk. Unfortunately, I think the data being used was unfamiliar and made it difficult to get the point across of what we can do with these tools and why we like them. Everyone was caught up in the whole what does that src mean and what IP address is...
 
Tags: kids, src kids computer, src, src livingroom tv, house, in-house, house gateways, src front door, kid1