SEARCH RESULTS
 
Showing 1-10 of 31 records
 
Expand article

Covert channel vulnerabilities in anonymity systems

2007-12-10 10:39:42 by Steven J. Murdoch in Light Blue Touchpaper
 
...introduce novel covert and side channels which exploit thermal effects. Changes in temperature can be remotely induced through CPU load and measured by their effects on crystal clock skew. Experiments show this to be an effective attack against Tor. This side channel may also be usable for geolocation and, as a covert channel, can cross...
 
Tags: covert, covert channel vulnerabilities, vulnerabilities, network covert channels, covert channels, channels, covert channel, anonymity systems, systems
 
 
 
 
Expand article

RBAC Standard Rationale: Comments on "A Critique of the ANSI Standard on Role-Based Access Control"

2008-01-07 09:15:52 by Editor in IEEE Security and Privacy
 
As the authors of the original proposal for the role-based access control (RBAC) standard and developers of the models from which it derives, the authors respond here to Ninghui Li, Ji-Won Byun, and Elisa Bertino's critique, which also appears in this issue. This is an opportune time in the revision cycle to introduce proposals for changes to...
 
Tags: standard, access control, authors respond, authors, revision cycle, critique, rbac, introduce proposals, ji-won byun
 
 
 
 
Expand article

An Overture to the 2007 CEP Blog Awards

2008-01-09 11:09:46 by Tim Bass in The Complex Event Processing Blog
 
...introduce the award categories to our readers I have given considerable thought to how to structure The CEP Blog Awards. This was not an easy task, asyou might imagine,given the confusion in the event processing marketspace. So here goes For the 2007 CEPBlog AwardsI have created threeevent processing categories. Here are the categories and a...
 
Tags: term intelligent event, term, intelligent event, event, event processingand, event stream, event streams, category ai-capable event, event processingwill
 
 
 
 
Expand article

Privacy International's 2007 Report

2008-01-10 06:01:01 by schneier in Schneier on Security
 
...introduce sweeping surveillance and information-gathering measures in the name of security and border control, an international rights group said in a report released Saturday Canada, Greece and Romania had the best privacy records of 47 countries surveyed by London-based watchdog Privacy International. Malaysia, Russia and China were ranked...
 
Tags: surveillance, endemic surveillance societies, canada, watchdog privacy international, international rights, privacy records, international privacy, european union, governments introduce
 
 
 
 
Expand article

New faces and predictions for the New Year...

2008-01-22 22:11:00 by sdl in The Security Development Lifecycle
 
...introduce two new folks who recently joined our team: Bryan Sullivan and Jeremy Dallman. Welcome! A brief introduction paragraph from each of them in included below, followed by the predictions. Hope you enjoy Bryan Sullivan : Hi everyone - my name is Bryan Sullivan and I'm new to the SDL team. I've spent the last five years as a developer...
 
Tags: sdl team, team, sdl, sdl blog crew, cve, cve vulnerabilities, microsoft, single prediction, microsoft products
 
 
 
 
Expand article

More trustworthy election systems via SDL?

2008-02-04 23:34:00 by sdl in The Security Development Lifecycle
 
...introduce or exacerbate security weaknesses. These include buffer overflows, format string vulnerabilities, and type mismatch errors A deeper reading of the cryptographic concerns (page 29 in report) notes concerns (amongst others) over the use of a flawed implementation of the SHA hash algorithm and use of the Data Encryption Standard (DES)...
 
Tags: machine security concerns, security concerns, election systems, election, security, security researchers, election systems margin, margin, election management system
 
 
 
 
Expand article

SDL and Filtering

2008-03-13 15:00:00 by sdl in The Security Development Lifecycle
 
...introduce myself since this is my first official SDL blog post. Ive been a program manager at Microsoft for almost nine years. In past roles at Microsoft I was the lead program manager for security response in the Windows Sustained Engineering group, and in my last role I was a project manager in the Microsoft Auto group that partnered with...
 
Tags: sdl, sdl requirements, product cycle, product, product team, sdl team, product type, type, code type
 
 
 
 
Expand article

Mike Rothman - The 419

The Article has images
2008-02-08 06:31:00 by Mike Rothman in Security Mike's Blog
...introduce my self to you, I am an old top banker and have worked with Scottish Investment Trust for so many as one of their fund manager. I am an international staff, presently in Scotland office Scottish Investment Company is registered in Scotland number 1651. I started work with SIT 2004 and I am responsible for the European Jurisdiction...
 
Tags: capital investment funds, capital investment, funds, capital, magellan capital funds, direct capital funds, investment, stockmarket investment, scottish investment staff
 
 
 
 
Expand article

What type of security do I need in my Virtual Network?

The Article has images
2008-02-24 14:18:29 by John Peterson in Security In The Virtual World
...introduce noise and noise introduces signal loss, which introduces poor performance or sound quality Not to mention its just really messy looking So, how does one deploy the security products one needs in the virtual environment without causing a performance challenge and how do we get the vendors to stop competing and start joining forces to...
 
Tags: security, switch, virtual switch, security switch, comprehensive security solution, comprehensive, solution, reflex, reflex security