SEARCH RESULTS
 
Showing 1-10 of 105 records
 
Expand article

Software Security Metrics and Commentary on "Metrics Framework" Paper

2007-09-17 20:41:00 by Security Retentive in Security Retentive
 
...handle these common chores. I'd want to make sure that I have a proper authentication and session management scheme/framework that is resistant to all of the threats I think are important. The important metric is coverage of all application entry points against this framework. When implemented at the infrastructure level using a package such...
 
Tags: metrics, software security metrics, metrics framework, metrics miss, design-time metric, design, upstream sdl metrics, application, web application security
 
 
 
 
Expand article

J.C. Penney customers affected by lost GE Money backup tape

The Article has images
2008-01-18 10:24:59 by Evan Francen in The Breach Blog
...handles credit card operations for Penney and many other retailers, said Thursday night that the missing information includes Social Security numbers for about 150,000 people The information was on a backup computer tape that was discovered missing last October. It was being stored at a warehouse run by Iron Mountain Inc., a data storage...
 
Tags: penney, penney customers, tape, backup tape, money, sensitive personal information, personal information, penney card immediately, information security practices
 
 
 
 
Expand article

Fun TLR Log Management Questions

2008-03-14 12:04:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -
 
...handle 2-3 Terabytes of log data per minute A2: No. Easy, huh? :-) See this for a specific example. Well, let me take this back: theoretically , you can always use a vendor that can handle a lot of data (like LogLogic ) AND that has an ability to run a distributed operation across many appliances. The catch? You will need a lot of the...
 
Tags: log, log ownership issues, log services, log messagessecond, log management, log management solution, management, log sources, incident response team
 
 
 
 
Expand article

NAC - virtually impossible?

2008-03-18 08:48:40 by HASH0x8b66dc0 in StillSecure, After All These Years
 
...handle this? Tim Greene's column today is on exactly that topic Tim rightfully points out that virtualization for inline NAC vendors poses a significant hurdle. I would take it even one step further. NAC on virtualized endpoints on any NAC appliance is a problem. Tim has it right when he says Routing traffic from a virtual machine, out of...
 
Tags: nac, nac appliance, nac solution, server, virtualization, virtualization poses, virtual machine, virtual machine vendors, physical server
 
 
 
 
Expand article

The Checklist

2008-02-07 20:14:00 by Security Retentive in Security Retentive
 
...handle a ridiculously complex topic - intensive care Like Brian, I was struck by how closely the article can parallel some of the problems we face in trying to develop secure software. I agree with the basic premise of Brian's statement, that a checklist can help in the software development world just like it can in the ICU. I've had great...
 
Tags: secure, develop secure software, software, software development organizations, health, health care delivery, security, checklist, software development world
 
 
 
 
Expand article

Cornerstone Fitness for Women information found in discarded file cabinet

The Article has images
2008-05-05 14:01:48 by Evan Francen in The Breach Blog
...handle personal information," Hinojosa said. "Businesses (are required) to shred all information they no longer need Evan] Oh yes, very true Victim Reaction I mean, I don't even know how to explain how I feel, because I am so in shock," said one woman after we read her social security number Denise Grant told NEWSCHANNEL 5, "You never...
 
Tags: information, secure personal information, sensitive information, handle personal information, personal, credit card information, cornerstone fitness, cornerstone tells newschannel, newschannel
 
 
 
 
Expand article

Answering Reader Questions

The Article has images
2008-05-17 02:46:00 by Richard Bejtlich in TaoSecurity
...handle divert sockets Sorry, I have not tried this recently Are you handling AV issues? I wanted to know if you had tied that into your IR plan and any lessons learned you might be able to share. Right now our AV is handled by the systems team but when they get an alert "IF" they look at it they typically re-run a scan or maybe some spyware...
 
Tags: network, network ops, security, information security, network security, systems team, team, security services, company nsm
 
 
 
 
Expand article

Notes from IEEE Web 2.0 Security and Privacy Workshop (W2SP2008)

2008-05-27 22:45:00 by Security Retentive in Security Retentive
 
...handle most web applications and sites that host them For example http://cs.stanford.edu/~abarth http://cs.stanford.edu/~cjackson both have the same origin from the browsers point of view, but don't necessarily have the same security policy per use intent. Because the web browser can't really distinguish between them, we don't have a clean...
 
Tags: browser, browser security models, browser project, browser security model, security models, browser security, security, web, security challenges
 
 
 
 
Expand article

Corrupted Heap Termination Redux

2008-06-07 04:00:00 by sdl in The Security Development Lifecycle
 
...handle, it could simply be an invalid heap or a handle to a different heap Corruption of free block list. A bit of a catch-all, including: writing after free, overrunning a previous and managing to step over the list entry But there is one huge and critically important caveat to using the defense: it only works if you use the Windows heap...
 
Tags: heap, free block list, block, handle, bogus heap handle, invalid, invalid heap, custom heap, block header
 
 
 
 
Expand article