Too much thinking
...intuition and experience of the person performing the assessment. There is often ambiguity and uncertainly around risk in information security. So, intuition counts for a lot
SEARCH RESULTS
 |  |
 |  |
 |  |
 |
Showing 1-10 of 12 records
| |
| |
| |
|
Security Matters: Lesson From the DNS Bug: Patching Isn't Enough
...intuition, but if the security engineer has good intuition, it generally works
Kaminsky's vulnerability is a perfect example of this. Years ago, cryptographer Daniel J. Bernstein looked at DNS security and decided that Source Port Randomization was a smart design choice. That's exactly the work-around being rolled out now following Kaminsky's...
| |
| |
| |
|
The DNS Vulnerability
...intuition, but if the security engineer has good intuition, it generally works
Kaminsky's vulnerability is a perfect example of this. Years ago, cryptographer Daniel J. Bernstein looked at DNS security and decided that Source Port Randomization was a smart design choice. That's exactly the work-around being rolled out now following Kaminsky's...
| |
| |
| |
|
Common Criteria and answering the question 'Is it Safe'
...intuition rather than any specific data or analysis. The Internet can be a dangerous place; a computer with vulnerable software is an easier target than one without such software
When considering what types of software vulnerabilities could occur, there are three general categories of potential vulnerabilities
1) Design vulnerabilities...
| |
| |
| |
|
Embedding Malicious IFRAMEs Through Stolen FTP Accounts
2008-03-03 10:14:01 by HASH0x8b0b9bc in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...intuition about what's happening at a particular moment in time, or what will be happening anytime now. And using stolen FTP accounts for embedding IFRAMEs never picked up as a tactic, compared to using the stolen FTP accounts for hosting blackhat SEO content. Scenario building intelligence, or playing the devil's advocate, it's a mindset...
| |
| |
| |
|
Risk of Knowing Too Much About Risk
...Intuition is so strong, in fact, that if you presented someone who had experienced a bus accident with factual risk analysis about the relative safety of buses over cars, it's highly possible that they'd still choose to drive their kids to school, because their brain washes them in those dreadful images and reminds them that they control a...
| |
| |
| |
|
The Feeling and Reality of Security
...intuition about security trade-offs, and we make them, large and small, dozens of times throughout the day. We can't help it: It's part of being alive
Imagine a rabbit, sitting in a field eating grass. And he sees a fox. He's going to make a security trade-off: Should he stay or should he flee? Over time, the rabbits that are good at making...
| |
| |
| |
|
The Feeling and Reality of Security
...intuition about security trade-offs, and we make them, large and small, dozens of times throughout the day. We can't help it: It's part of being alive
Imagine a rabbit, sitting in a field eating grass. And he sees a fox. He's going to make a security trade-off: Should he stay or should he flee? Over time, the rabbits that are good at making...
| |
| |
| |
|
Positive Approach to Security Requests
...intuition. Just how much risk is really involved? That doesn't mean you've now allowed the business carte blanche to trample over all the good practices that you've strived hard to put in place. It simply means that a reasoned approach where risks are explained, alternatives proposed, and quick action is taken will win you respect and keep...
| |
| |
| |
|