SEARCH RESULTS
 
Showing 1-10 of 65 records
 
Expand article

Common Criteria and answering the question 'Is it Safe'

2007-12-20 16:57:00 by sdl in The Security Development Lifecycle
 
...fundamental level, when someone in either the private sector or from a government agency considers purchasing or using a software product, one of the questions that may come up is Is it Safe? (Apologies for the lame and over-used Marathon Man movie reference ) . I choose this imprecise reference to safe since most people dont think deeply...
 
Tags: criteria, fails, common criteria fails, common criteria, common criteria arguably, common, arguably, arguably deficient, security
 
 
 
 
Expand article

More trustworthy election systems via SDL?

2008-02-04 23:34:00 by sdl in The Security Development Lifecycle
 
...fundamental design requirement of the SDL, could help uncover such design issues and illustrate the need for mitigations Now, lets turn to the Source Code Review of the Hart InterCivic Voting System . Ill try to keep my commentary balanced by selecting two examples here as well From the executive summary Unsecured network interfaces Voters...
 
Tags: machine security concerns, security concerns, election systems, election, security, security researchers, election systems margin, margin, election management system
 
 
 
 
Expand article

SDL and "End to End Trust"

2008-04-17 00:15:00 by sdl in The Security Development Lifecycle
 
...fundamental requirement necessary for speech recognition. Yet, its also insufficient to realize the broader vision Some of you reading may be thinking But wait Eric, this is a security blog so why are you rambling on about your former roles working on speech recognition? Well, there is an analogy Im trying to draw. The point Ive been leading...
 
Tags: trust, broader, broader discussion, trust portal, technology, technology progress, broader vision, speech recognition, computer speech recognition
 
 
 
 
Expand article

More on Application Security Metrics

2008-05-08 20:05:00 by Security Retentive in Security Retentive
 
...fundamental design defects that can't be corrected without a fundamental rewrite. The number of attacks resulting from WEP probably isn't known. Even throwing out high profile cases such as TJ Maxx and Home Depot, I'm guessing the damage done is substantial So far then things aren't looking good for using implementation defects as a...
 
Tags: defects, fundamental design defects, fewer defects, architectural defects, implementation defects, security, application, security design, software developers
 
 
 
 
Expand article

Notes from IEEE Web 2.0 Security and Privacy Workshop (W2SP2008)

2008-05-27 22:45:00 by Security Retentive in Security Retentive
 
...fundamental architecture and policy around security Web-2.0 only makes things worse Apart from all of the unsolved security challenges, the biggest point that struck me from the workshop was the general belief (or I assume belief, I didn't challenge people on it) that mashups are here to stay, and that we're just going to have to back into a...
 
Tags: browser, browser security models, browser project, browser security model, security models, browser security, security, web, security challenges
 
 
 
 
Expand article

The reason behind the "We're sorry..." message

2007-07-09 11:54:00 by Niels Provos in Google Online Security Blog
 
...fundamental change from remote attack to client based download of malware formed the basis of the research presented in our first post . In retrospect, it is interesting to see how two seemingly unrelated problems are tightly connected
 
Tags: web servers, vulnerable web servers, message, google, worms, google displays, worms pdf, queries, detect anomalous queries
 
 
 
 
Expand article

Citizens Advice stolen laptop was encrypted

The Article has images
2007-12-13 13:37:02 by Evan Francen in The Breach Blog
...fundamental principle of Citizens Advice that people are able to deal with us in confidence. The theft of this laptop is highly regrettable, but given that the potential always exists for the theft of data, we have always sought to ensure that information is secured as strongly as possible through modern encryption systems.", Alcorn In...
 
Tags: laptop encryption, laptop encryption software, advice, encryption, encryption product, citizens advice, laptop, sought advice, personal data
 
 
 
 
Expand article

YWCA Retirement Fund participants exposed in stolen computer

The Article has images
2007-12-11 12:23:19 by Evan Francen in The Breach Blog
...fundamental failure of information security. We don't have the privilege of looking at the YWCA Retirement Fund's information security program (assuming one exists), so we don't know much more than what we read in the Fund's response. From reading the Fund's response, we can judge that the YWCA Retirement Fund is a poor custodian of sensitive...
 
Tags: ywca retirement fund, retirement fund, fund, computer, information security, information, sensitive information, personal identification information, active fund participants
 
 
 
 
Expand article

Microsoft Uses Sysinternals Acquisition to Create Investigation Guide!

2007-02-08 10:58:04 by Editor in Endpoint Security: Translating Policy Into Reality
 
I just bumped into this posting on Microsoft TechNet and thought I'd share it with the ITtoolbox community: Fundamental Computer Investigation Guide for Windows [Whoops Update with applicable props] Looks like Security Monkey beat me to the punch on this one. Please also take a look at the
60
16
CITERATTING
69
7
READRATTING
-->
 
Tags: applicable props, ittoolbox community, security monkey, windows whoops, microsoft technet, blogs, ittool, share, punch