SEARCH RESULTS
 
Showing 1-10 of 68 records
 
Expand article

Insecure Online Updates Toolkit For DNS Cache Poisoning Exploited In The Wild

2008-07-29 16:52:35 by CyberInsecure in CyberInsecure.com
 
...insecure update mechanisms. The toolkit, called Evilgrade, works in conjunction with man-in-the-middle techniques (DNS, ARP and DHCP spoofing) to exploit a wide range of applications, according to a post on the Metasploit blog. The first version
 
Tags: wide range, dns, popular products, toolkit, insecure, metasploit blog, security researchers, attacks, post
 
 
 
 
Expand article

SDL and the OWASP Top Ten

2008-05-01 15:46:00 by sdl in The Security Development Lifecycle
 
...Insecure Direct Object Reference 5. Cross Site Request Forgery 6. Information Leakage and Improper Error Handling 7. Broken Authentication and Session Management 8. Insecure Cryptographic Storage 9. Insecure Communications 10. Failure to Restrict URL Access Looking at this list, we address Cross-Site Scripting issues in the SDL very...
 
Tags: security, web application security, top, security standpoint, list, previous list, agile development teams, development teams, security researcher
 
 
 
 
Expand article

Poor security quality in software. Someone is watching over me.

The Article has images
2008-07-30 14:51:49 by Chris Wysopal in Zero in a bit
...insecure software. He offers this advice relating to his iPhone, Just because a piece of software was distributed through Apples App Store, dont assume that it is vulnerability free. I think that sums up the problem pretty well. Customers assume the software they are getting is vulnerability free until it is proved otherwise If its...
 
Tags: software, approach insecure software, insecure software, repeatable software security, secure online environment, environment, secure, secure software, software assurance
 
 
 
 
Expand article

Poor Security Quality In Software; Someone Is Watching Over Me

The Article has images
2008-07-30 14:51:49 by Chris Wysopal in Zero in a bit
...insecure software. He offers this advice relating to his iPhone, Just because a piece of software was distributed through Apples App Store, dont assume that it is vulnerability free. I think that sums up the problem pretty well. Customers assume the software they are getting is vulnerability free until it is proved otherwise If its...
 
Tags: software, approach insecure software, insecure software, repeatable software security, secure online environment, environment, secure, secure software, software assurance
 
 
 
 
Expand article

House committee issues report and finds fault with TSA web site

The Article has images
2008-01-15 09:35:53 by Evan Francen in The Breach Blog
...insecure website, including at least 247 travelers who submitted large amounts of personal information through an insecure webpage TSA did not provide sufficient oversight of the website and the contractor The internal TSA investigation found that there were problems with the planning, development, and operation of the website and that the...
 
Tags: tsa, website, website contract, traveler redress website, tsa moved quickly, security breach, information security breach, security vulnerabilities, multiple security vulnerabilities
 
 
 
 
Expand article

Confidential information sent to PinPay.net and SoftCard.biz is exposed

The Article has images
2008-05-08 13:26:03 by Evan Francen in The Breach Blog
...insecure sign-up form - was requesting Identity Card Numbers and issue dates Evan] The sign-up forms at SoftCard.biz and PinPay.net are not secure. Neither are their respected login pages Identity cards are selectable from a drop down menu and include such ID information as Passport, Drivers license, SSN, and Credit Card The form also...
 
Tags: information, drivers license card, license card, card, free card, social security card, sensitive information, sensitive personal information, encrypt sensitive information
 
 
 
 
Expand article

Impersonating StopBadware.org to Serve Fake Security Warnings

The Article has images
2008-07-21 03:30:51 by Dancho Danchev in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...Insecure Browsing: Navigation blocked. Due to insecure Internet browsing your PC can easily get infected with viruses, worms and trojans without your knowledge, and that can lead to system slowdown, freezes and crashes. Also insecure Internet activity can result in revealing your personal information. To get full advanced real-time protection...
 
Tags: fake security, fake security software, insecure internet activity, internet activity, insecure internet, insecure, lead, fake video codecs, portfolio
 
 
 
 
Expand article

Security Matters: Lesson From the DNS Bug: Patching Isn't Enough

2008-07-23 19:00:00 by Bruce Schneier in Wired Security
 
...insecure The real lesson is that the patch treadmill doesn't work, and it hasn't for years. This cycle of finding security holes and rushing to patch them before the bad guys exploit those vulnerabilities is expensive, inefficient and incomplete. We need to design security into our systems right from the beginning. We need assurance . We need...
 
Tags: security, security engineer, security engineer brings, security holes, smart design choice, design, security engineers, kaminsky, dan kaminsky
 
 
 
 
Expand article

The DNS Vulnerability

2008-07-29 06:01:52 by schneier in Schneier on Security
 
...insecure The real lesson is that the patch treadmill doesn't work, and it hasn't for years. This cycle of finding security holes and rushing to patch them before the bad guys exploit those vulnerabilities is expensive, inefficient and incomplete. We need to design security into our systems right from the beginning. We need assurance . We need...
 
Tags: vulnerability, kaminsky, dan kaminsky, details, critical internet vulnerability, bank account details, discover kaminsky, patch, release details