SEARCH RESULTS
 
Showing 1-10 of 16 records
 
Expand article

Web Site: Security and Trust

The Article has images
2007-01-18 07:10:00 by RaviC in Musings on Information Security
...https can be trusted. This is not true. Not all the sites that use https can be trusted. Nothing can stop fraudsters from setting up a https web site. Though https offers security it does not offer trust. Trust is a choice that the user has to make consciously. Here are some tips that help you to decide whether you can trust a web site by...
 
Tags: web site, https, https web site, trust, offer trust, web site belongs, https url, https offers security, ensure
 
 
 
 
Expand article

Storm Worm Hosting Pharmaceutical Scams

The Article has images
2008-05-30 14:50:06 by Dancho Danchev in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...Https is a technique used to safeguard private information which is sent via Internet. To prove the site's legitimacy, the SSL encryption uses a PKI (Public Key Infrastructure) - public/private key, to encrypt IDs, documents, or messages to securely transmit the information in the World Wide Web. In order to show that our transmission is...
 
Tags: storm worm, storm, storm worm malware, malware, ssl encryption, ssl, lock, key lock, key
 
 
 
 
Expand article

Changing the SSL cipher order in Internet Explorer 7 on Windows Vista

2007-11-07 05:37:47 by Steve Riley in Steve Riley on Security
 
...HTTPS connection to a web server, it offers a list of cipher supported cipher suites. The server then selects the first one from the list that it can match. The default order that IE follows is this TLS RSA WITH AES 128 CBC SHA TLS RSA WITH AES 256 CBC SHA TLS RSA WITH RC4 128 SHA TLS RSA WITH 3DES EDE CBC SHA TLS ECDHE ECDSA WITH AES 128 CBC...
 
Tags: sha, null sha, cbc sha p384, cbc sha, cbc sha p521, shorter bit lengths, bit lengths, cbc sha p256, 256-bit aes
 
 
 
 
Expand article

OWASP Day/Week - September 6th

2007-08-28 20:45:00 by Security Retentive in Security Retentive
 
Get in on the fun OWASP Day : Day of Worldwide OWASP 1 day conferences on the topic "Privacy in the 21st Century" : Thursday 6th Sep 2007 https://www.owasp.org/index.php/OWASP Day I'll be at the San Jose meeting, it should be interesting https://www.owasp.org/index.php/San Jose
 
Tags: owasp day, day, owasp, phpowasp day, worldwide owasp, day conferences, thursday 6th sep, https, 21st century
 
 
 
 
Expand article

Confidential information sent to PinPay.net and SoftCard.biz is exposed

The Article has images
2008-05-08 13:26:03 by Evan Francen in The Breach Blog
...HTTPS URL but it appears that they do not have a security certificate tied to their site The fact that Mr. Long used a hotmail address to pitch the company made me wonder too, given that at Merchant911 we try to instill in our members that a free email address from a customer is a fraud alert If a company official cant use his companys...
 
Tags: information, drivers license card, license card, card, free card, social security card, sensitive information, sensitive personal information, encrypt sensitive information
 
 
 
 
Expand article

TRICARE breach affects 4,700 households

The Article has images
2007-12-20 12:15:59 by Evan Francen in The Breach Blog
...https to access the application Was it a combination of factors? I will assume it was a combination of factors On the one hand, I commend EDS for disclosing the breach to TRICARE, but on the other hand I am concerned about how long this problem may have gone un-noticed. Web applications acquiring, processing, accessing, storing or...
 
Tags: tricare, information, personal information, code review, by-line code review, information security, tricare beneficiaries, beneficiaries, breach
 
 
 
 
Expand article

Maryland Department of Assessments & Taxation web exposure

The Article has images
2008-01-05 14:02:15 by Evan Francen in The Breach Blog
...https) for the data in transit to the State of Maryland's web site that was collecting sensitive information Althought, I agree with the officials that claim the risk of exposure to resident's personal information is low, it was such an easily avoidable risk. The amount of risk would have risen with the amount of time that the vulnerability...
 
Tags: maryland, sensitive personal information, personal information, secure server hadhas, server, web application server, application, information, information security
 
 
 
 
Expand article

Quick and dirty Information Card implementation without SSL

2007-11-29 09:49:00 by Keith Brown in Security Briefs
 
...https is non-trivial for the average person. Nor does it make much sense to require certificates for personal web sites with no actual monetary or hacker value. I would even say that without proper security analysis, vetting of software and rigorous operating procedures, SSL isnt even likey to offer much protection against common attacks. We...
 
Tags: ssl, personal web sites, proper security analysis, digital framework, low-risk applications, security tokens, personal blogs, actual monetary, web server
 
 
 
 
Expand article

House committee issues report and finds fault with TSA web site

The Article has images
2008-01-15 09:35:53 by Evan Francen in The Breach Blog
...https protocol identifier. As a result, every time travelers visited the site to check on the status of their applications, the control numbers they entered to access their files were vulnerable to theft. Once they obtained these numbers, attackers would have access to travelers personal information The Submission Page Was Not Encrypted One...
 
Tags: tsa, website, website contract, traveler redress website, tsa moved quickly, security breach, information security breach, security vulnerabilities, multiple security vulnerabilities
 
 
 
 
Expand article

The cost of a code signing certificate