SEARCH RESULTS
 
Showing 1-10 of 203 records
 
Expand article

Lessons learned from the massive SQL injection attacks against legacy Microsoft ASP apps

The Article has images
2008-07-08 14:32:33 by Chenxi Wang in Security & Risk Management
...form input, it is opening itself up to code injection attacks including SQL injection. Today, the security industry is doing a decent job of communicating the importance of input validation. But you'll still find many legacy Web applications that have these flaws. And this is exactly what happened here: the attackers (well, they are...
 
Tags: asp, attacks, web applications, legacy web applications, input validation, user input validation, microsoft asp applications, user input, code injection attacks
 
 
 
 
Expand article

Confidential information sent to PinPay.net and SoftCard.biz is exposed

The Article has images
2008-05-08 13:26:03 by Evan Francen in The Breach Blog
...formation Reference URL Merchant 911 Blog Report Credit Tom Mahoney, the Founder and Director of Merchant 911 Response From the online source cited above and my own cursory investigation Back in January, I had short email dialog with a Kip Long, who claimed to be one of the principles of a company called Softcard out of Huntington Beach,...
 
Tags: information, drivers license card, license card, card, free card, social security card, sensitive information, sensitive personal information, encrypt sensitive information
 
 
 
 
Expand article

Getting vulnerabilities in the application fixed

2007-10-27 13:20:07 by RaviC in Musings on Information Security
 
...form. The risk acceptance form could be as simple as a word document with a list of high severity/threat vulnerabilities and a narrative that states that signatories of the form acknowledge the existence of vulnerabilities (that you communicated) and have accepted the risk (posed by the vulnerabilities) for a time period specified in the...
 
Tags: vulnerabilities, software development manager, vulnerabilities based, risk acceptance form, risk, severitythreat vulnerabilities, form, form acknowledge, application
 
 
 
 
Expand article

Another Wisconsin mailing exposes Social Security numbers

The Article has images
2008-01-15 13:32:24 by Evan Francen in The Breach Blog
...Form 1099-G Reference URL Wisconsin Department of Revenue News Release The Associated Press Story at greenbaygazette.com Report Credit Wisconsin Department of Revenue Response From the online sources cited above The Department of Administration (DOA) and Department of Revenue (DOR) learned on January 9, 2008, that during a mailing, a...
 
Tags: security, taxpayers, taxpayers social security, social security, wisconsin, credit bureau, credit, breach description, breach
 
 
 
 
Expand article

Security Between Virtual Machines?

The Article has images
2008-06-22 15:30:57 by John Peterson in Security In The Virtual World
...Form Field Validation properly. A Form field is something you fill out on a web page like a form that asks for the user name and password. User names and passwords to log into the web site are stored on whats called a Database Server. Hmmm... So this means the web server needs to talk to the database server right? Yes! Keep this in the back...
 
Tags: web, web page, web site sends, server, file server, database backend server, web front, vulnerable web site, database server
 
 
 
 
Expand article

Russia's FSB vs Cybercrime

The Article has images
2007-12-20 15:44:16 by HASH0x89b8758 in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...formation, it was announced that it had been established who was the author of the notorious Pinch Trojan - two Russian virus writers called Ermishkin and Farkhutdinov. The investigation will soon be completed and taken to court. The arrest of the Pinch authors is on a level with the arrests of other well known virus writers such as the...
 
Tags: pinch, pinch authors, diy malware pinch, authors, malware authors, malware, notorious pinch trojan, source malware, pinch-ing
 
 
 
 
Expand article

35,000 T. Rowe price plan participants alerted

The Article has images
2008-01-29 12:51:35 by Evan Francen in The Breach Blog
...formation belonging to participants in several hundred T. Rowe Price retirement plans. CBIZ is a vendor for T. Rowe Price that was helping the company to prepare IRS Form 5500's Reference URL Investment News online story Report Credit Investment News Response From the online source cited above T. Rowe Price Retirement Plan Services...
 
Tags: sensitive personal information, personal information, information, confidential information, rowe price, insurance, identity theft insurance, cbiz benefits, cbiz
 
 
 
 
Expand article

Difference Between of Adware, Spyware and Anti-virus

2007-04-18 04:24:00 by jack in adware and spyware
 
...formation that it had gathered to the spyware author. The agent will then use this information for advertising and marketing purposes. They even sell the information to advertisers and other parties Adware, on the other hand, are more legitimate form of freeware. Similar to spyware, adwares are advertising materials which are packaged into a...
 
Tags: virus, spyware, computer virus share, adware, anti-virus, computer, spyware author, computer system, system
 
 
 
 
Expand article

Security Incident Strikes and You are on the Hot Seat..

The Article has images
2007-07-27 07:00:39 by RaviC in Musings on Information Security
...form; this will help to cover your rear during security incidents. Make sure to get a business risk acceptance form signed by the business owner. An example is a business owner signs a business risk acceptance form if there is no budget to mitigate the vulnerability Scenario 2: The vulnerability that resulted in the incident was an unknown....
 
Tags: incident, security incident, incident playbook, incident management plan, earthquake incident, sound incident, security incidents, nasty security incidents, plan