SEARCH RESULTS
 
Showing 1-10 of 29 records
 
Expand article

Spaf on Academic Security Research (... Silliness)

2007-12-20 13:07:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -
 
...Hell yeah!!! More people want to invent NIDS, honeypots and secure OS than I care to see. Why? WHY? W-H-Y? There are so many worthwhile security problems that will benefit from a rigorous academic approach, but people still pick their research topics off the dirt pile ... Take security economics, for example Possibly related posts Once More...
 
Tags: security, worthwhile security, efforts representative, efforts, security economics, people, rigorous academic approach, academic research, dirt pile
 
 
 
 
Expand article

Links for 2008-02-06 [del.icio.us]

2008-02-07 00:00:00 by Editor in Anton Chuvakin Blog -
 
Ben Casnocha: The Blog: Some of the Best Speaking Advice Ever Study Hacks Blog Archive The Art of Speaking: "There is a special circle in hell for those who use laser pointers," this and other advice from a master speaker
 
Tags: laser pointers, special circle, master speaker, advice, art, casnocha, blog, hell
 
 
 
 
Expand article

SDL and Web 2.0

2008-02-28 22:26:00 by sdl in The Security Development Lifecycle
 
...hell never even know he was a victim. The Samy worm which infected MySpace in late 2005 exploited a persistent XSS vulnerability to silently spread through its victims profile pages. Within less than a day after its release, Samy had spread to over one million MySpace users, forcing MySpace to completely shut down its site while they...
 
Tags: web, site, chriss web site, mashups, web mashups, site cookies, persistent cross-site, cookies, benefit anyones web
 
 
 
 
Expand article

SNMP - Its not Secure Network Management Protocol

2008-03-04 08:12:43 by HASH0x8b500e0 in StillSecure, After All These Years
 
...hell bent on using SNMP to have his switches enforce access policies. I explained to him that since he had switches from at least 3 different vendors and different models of switches from each of those vendors, the idea of scripting each of those switches and than updating each of them every time there was a change was a lot of work. He...
 
Tags: snmp, snmp stands, snmp vulnerabilities, snmp capable equipment, snmp stood, simple snmp scan, potential nac customer, customer, leaky snmp
 
 
 
 
Expand article

OMG, Security ROI Comes Back - And It is Mad As Hell :-)

2008-03-11 00:58:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -
 
OK, not really mad :-) In fact, pretty intelligent :-) But a new salvo has been fired in a "great security ROI war." Counter-salvos have been fired as well The salvo is the paper called The Fallacy of Information Security ROI by Jon Pols ("ISSA Journal", February 2008) where Jon argues against the ROI for security (since there is no money...
 
Tags: security, roi, security roi war, pro-roi counter-point, roi proponents, information security roi, roi war, issa journal, return
 
 
 
 
Expand article

SNMP - Its not Secure Network Management Protocol

2008-03-04 09:12:43 by ashimmy in StillSecure, After All These Years
 
...hell bent on using SNMP to have his switches enforce access policies. I explained to him that since he had switches from at least 3 different vendors and different models of switches from each of those vendors, the idea of scripting each of those switches and than updating each of them every time there was a change was a lot of work. He...
 
Tags: snmp, snmp stands, snmp vulnerabilities, snmp capable equipment, snmp stood, simple snmp scan, potential nac customer, customer, leaky snmp
 
 
 
 
Expand article

Productivity vs Security

2008-02-05 11:13:00 by Allen Baranov, CISSP in Security Thoughts
 
...hell. He now has to dial in every day for a few minutes where in the past he didn't. He has to type in passwords every time he needs to use his PC. What a shlep But... if you think about the savings in terms of productivity compared to driving to work and getting the information, printing it out and then filing it away at the end of the day...
 
Tags: security, productivity, information, sync information, time information, security controls, information security, security theory, increase productivity
 
 
 
 
Expand article

Congrats to Coral8 and Marc Adler at Citigroup

2008-04-07 06:17:37 by Greg Reemler in The Complex Event Processing Blog
 
...Hell Did We Get Here? , Marc Adler does his normal (and now expected)fantastic job of cutting past the CEP marketing hype and getting to the meat of the issues, from an actual users perspective. Marc is spot on in his evaluation of the various so-called CEP vendors. I highly recommend you read Marcs post above The bottom line,today,is that...
 
Tags: coral8, marc, marc adler, current cep hype, cep, coral8 hascaught, marc keenly, cep vendors, customer service model
 
 
 
 
Expand article

My RSA trip is off to a terrible start

2008-04-07 04:22:02 by HASH0x8b890c0 in StillSecure, After All These Years
 
...hell of a conference and trip. Can't tell you how happy I am to have come out here already. The good news is that it can only get better, not sure how it can get worse. More tomorrow
 
Tags: plane, flight home, flight, san fran, minutes, luggage, 1am pacific time, pacific, trip