SEARCH RESULTS
 
Showing 1-10 of 70 records
 
Expand article

Software Security Metrics and Commentary on "Metrics Framework" Paper

2007-09-17 20:41:00 by Security Retentive in Security Retentive
 
...handle these common chores. I'd want to make sure that I have a proper authentication and session management scheme/framework that is resistant to all of the threats I think are important. The important metric is coverage of all application entry points against this framework. When implemented at the infrastructure level using a package such...
 
Tags: metrics, software security metrics, metrics framework, metrics miss, design-time metric, design, upstream sdl metrics, application, web application security
 
 
 
 
Expand article

J.C. Penney customers affected by lost GE Money backup tape

The Article has images
2008-01-18 10:24:59 by Evan Francen in The Breach Blog
...handles credit card operations for Penney and many other retailers, said Thursday night that the missing information includes Social Security numbers for about 150,000 people The information was on a backup computer tape that was discovered missing last October. It was being stored at a warehouse run by Iron Mountain Inc., a data storage...
 
Tags: penney, penney customers, tape, backup tape, money, sensitive personal information, personal information, penney card immediately, information security practices
 
 
 
 
Expand article

The Daily Incite - March 13, 2008 - SourceBoston Day 1

The Article has images
2008-03-13 09:08:31 by Mike Rothman in Mike Rothman's blog
...handle the truth So what? - Andy Jaquith did his pitch talking about the demise of the AV business. Actually the title "Not Dead Yet: But Twitching..." is overly provocative. Andy's point is to get back to his thinking on how a more effective data gathering effort to pinpoint emerging attacks would help keep up with the severe acceleration of...
 
Tags: business, customers, business continuity, truth, hit hard times, andy jaquith, source boston yesterday, minute keynote, source boston
 
 
 
 
Expand article

Fun TLR Log Management Questions

2008-03-14 12:04:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -
 
...handle 2-3 Terabytes of log data per minute A2: No. Easy, huh? :-) See this for a specific example. Well, let me take this back: theoretically , you can always use a vendor that can handle a lot of data (like LogLogic ) AND that has an ability to run a distributed operation across many appliances. The catch? You will need a lot of the...
 
Tags: log, log ownership issues, log services, log messagessecond, log management, log management solution, management, log sources, incident response team
 
 
 
 
Expand article

NAC - virtually impossible?

2008-03-18 08:48:40 by HASH0x8b66dc0 in StillSecure, After All These Years
 
...handle this? Tim Greene's column today is on exactly that topic Tim rightfully points out that virtualization for inline NAC vendors poses a significant hurdle. I would take it even one step further. NAC on virtualized endpoints on any NAC appliance is a problem. Tim has it right when he says Routing traffic from a virtual machine, out of...
 
Tags: nac, nac appliance, nac solution, server, virtualization, virtualization poses, virtual machine, virtual machine vendors, physical server
 
 
 
 
Expand article

The Checklist

2008-02-07 20:14:00 by Security Retentive in Security Retentive
 
...handle a ridiculously complex topic - intensive care Like Brian, I was struck by how closely the article can parallel some of the problems we face in trying to develop secure software. I agree with the basic premise of Brian's statement, that a checklist can help in the software development world just like it can in the ICU. I've had great...
 
Tags: secure, develop secure software, software, software development organizations, health, health care delivery, security, checklist, software development world
 
 
 
 
Expand article

Cornerstone Fitness for Women information found in discarded file cabinet

The Article has images
2008-05-05 14:01:48 by Evan Francen in The Breach Blog
...handle personal information," Hinojosa said. "Businesses (are required) to shred all information they no longer need Evan] Oh yes, very true Victim Reaction I mean, I don't even know how to explain how I feel, because I am so in shock," said one woman after we read her social security number Denise Grant told NEWSCHANNEL 5, "You never...
 
Tags: information, secure personal information, sensitive information, handle personal information, personal, credit card information, cornerstone fitness, cornerstone tells newschannel, newschannel
 
 
 
 
Expand article

Sun acquires Vauu

2007-11-14 08:25:51 by Andras Cser in Security & Risk Management
 
...handle the multiplatform challenge and keeping RBACx alive non-Sun operating systems. System integrators now have one less choice for picking an independent role magagement vendor. Eurekify, BHOLD, and Omada will likely now to receive acquisition offers from other large IAM suite vendors trying to complete their provisioning role management...
 
Tags: sun, rbacx alive non-sun, rbacx, enterprise role maintenance, receive acquisition offers, iam suite vendors, role management portfolio, identity management portfolio, compliance requirements
 
 
 
 
Expand article

Auditing open source software

2007-10-08 16:13:00 by Panayiotis Mavrommatis in Google Online Security Blog
 
...handle TIFF format files. So, an evil TIFF file could compromise a lot of desktops or even servers. The key parts of the code which demonstrate one of the bugs are as follows if (sp->cinfo.d.image width != segment width sp->cinfo.d.image height != segment height TIFFWarningExt(tif->tif clientdata, module Improper JPEG strip/tile size,...
 
Tags: image, malicious image file, libtiff image, values, jpeg image, tiff header values, source, evil tiff file, evil
 
 
 
 
Expand article

Security Policy Considerations for the Junk FAX Prevention Act