SEARCH RESULTS
 
Showing 1-10 of 16 records
 
Expand article

Software Security Metrics and Commentary - Part 2

2007-10-23 20:31:00 by Security Retentive in Security Retentive
 
...Improper Error Handling I think the metric posed in the paper - counting unchecked returns is a pretty good idea. This isn't going to catch web-server layer errors unfortunately, and won't necessarily detect errors in things like app servers, db-layers, etc. We can test for these, but the best metrics might be those related to following...
 
Tags: security metrics, software security metrics, metrics, software, metrics framework, metric, upstream sdl metrics, concrete metric, paper steve bellovin
 
 
 
 
Expand article

Mashup of the Titans

2008-06-25 17:29:25 by Gunnar Peterson in 1 Raindrop
 
...improper access paths). As a result, techniques such as line-by-line inspection of software and physical examination of hardware that implements protection mechanisms are necessary. For such techniques to be successful, a small and simple design is essential Gelernter 9. The computing future is based on "cyberbodies" self-contained,...
 
Tags: protection mechanisms, protection mechanisms correctly, information security, information, implements protection mechanisms, information travels, information security people, protection, potential information path
 
 
 
 
Expand article

Auditing open source software

2007-10-08 16:13:00 by Panayiotis Mavrommatis in Google Online Security Blog
 
...Improper JPEG strip/tile size, expected %dx%d, got %dx%d Here, a TIFF file containing a JPEG image is being processed. In this case, both the TIFF header and the embedded JPEG image contain their own copies of the width and height of the image in pixels. This check above notices when these values differ, issues a warning, and continues. The...
 
Tags: image, malicious image file, libtiff image, values, jpeg image, tiff header values, source, evil tiff file, evil
 
 
 
 
Expand article

Oracle misplaces computer containing personal information

The Article has images
2007-12-13 12:07:05 by Evan Francen in The Breach Blog
...improper purpose Evan] If these people have been identified and notified, then they ARE affected, not "potentially affected We continue to work with our physical security team to search for the missing computer Evan] I assume Oracle has a pretty significantly-sized security presence Oracle is notifying potentially affected individuals Evan]...
 
Tags: personal information, oracle, information, sensitive personal information, assume oracle, oracle corporation recently, breach, hampshire breach notification, oracle public relations
 
 
 
 
Expand article

You Need An Address to Call 911

2007-08-23 09:23:00 by Eric Marvets in The Security Samurai
 
...improper left hand turn and he hit her doing close to 50 mph. He called 911, told them he had been in an accident, the road he was on, and the building he was in front of. The last thing he remembered before passing out was the operator telling him she needed an address It wasnt until another passerby called 911, that an ambulance finally...
 
Tags: tracks, train tracks, railroad tracks, rail road tracks, hotel, address, road, expensive car, imperfect information
 
 
 
 
Expand article

Rampant FBI Abuse of Power Now Paperwork Free

2007-03-20 23:53:00 by Eric Marvets in The Security Samurai
 
...improper paperwork that led us to discover the FBI improperly obtained data? How does instructing agents to limit requests to the most dire situations, to not file follow-up paperwork (grand jury subpoena or national security letter), and to ask for the data orally fix the problem Here is the new process FBI suspects you of a crime FBI...
 
Tags: fbi, paperwork, fbi suspects, improper paperwork, data, receives data, fbi improperly, file follow-up paperwork, counsel directs agents
 
 
 
 
Expand article

Select Medical Corporation charged by the Texas Attorney General

The Article has images
2008-01-11 16:20:31 by Evan Francen in The Breach Blog
...improperly and unlawfully disposing of sensitive personal information, including medical records, Attorney General Abbott said. By failing to comply with the Identity Theft Enforcement and Protection Act, the defendants not only violated the law, they exposed their customers to identity theft We are grateful to the Levelland Police...
 
Tags: clients personal information, personal information, sensitive personal information, information, sensitive medical information, customers sensitive information, texas attorney, texas, attorney
 
 
 
 
Expand article

Another MySpace XSS Through an API

2008-01-21 16:24:14 by RSnake in ha.ckers.org web application security lab
 
...improper use of the same origin policy to dictate how we as security professionals are auditing a website is the use of APIs. Hackers dont care that your browser sees them as different domains. If they can attack the API and that API has access to the same data that the main website does, but without the controls in place to lock it down,...
 
Tags: api, mobile api, myspace, xss, website, main website, mobile platform, rosario, rosario valotta
 
 
 
 
Expand article

Laptop stolen from a Kraft Foods traveling employee

The Article has images
2008-03-04 13:26:48 by Evan Francen in The Breach Blog
...improper use of personal information. It is a two-year program Evan] Two years is better than the semi-standard one, but still not a cure. Monitoring is after the fact too Only those who were potentially affected and received letters are being offered the credit monitoring program through TransUnion Evan] Something seems wrong to me with...
 
Tags: kraft, sensitive personal information, personal information, kraft tape lost, kraft policy, employee, kraft foods employee, kraft foods, information
 
 
 
 
Expand article

Software Security Metrics and Commentary on "Metrics Framework" Paper

2007-09-17 20:41:00 by Security Retentive in Security Retentive
 
...Improper Error Handling NoErrorCheckCount Design Static Analysis Insecure Storage PercentServersNoDiskEncryption Runtime Manual review Application Denial of Service Runtime Pen Testing Insecure Configuration Management Service Accounts with Weak Passwords Runtime Manual review I think unfortunately that this set of metrics misses the mark a...
 
Tags: metrics, software security metrics, metrics framework, metrics miss, design-time metric, design,