SEARCH RESULTS
 
Showing 1-10 of 42 records
 
Expand article

More on the necessity of antivirus software

2007-09-25 17:53:47 by Steve Riley in Steve Riley on Security
 
...involve tradeoffs. They also (should) involve an intimate understanding of what the users will be doing with their computers. Fact is, most individuals who are not full-time security professionals often make mistakes when trying to decide whether something is legitimate -- witness the ongoing success of phishing and 419 scams. And...
 
Tags: antivirus software, computers, client computers, similar self-control, control, involve tradeoffs, previous post, personal computers, post
 
 
 
 
Expand article

New faces and predictions for the New Year...

2008-01-22 22:11:00 by sdl in The Security Development Lifecycle
 
...involve an exploit, but will involve some other sort of operational security failure, such as lost or stolen hardware or inadvertent sharing of data To be precise, 75% of the breaches listed in the attrition.org DLDOS will be categorized as something other than "hack Bryan Sullivan My prediction for 2008: I predict that in 2008 we will see at...
 
Tags: sdl team, team, sdl, sdl blog crew, cve, cve vulnerabilities, microsoft, single prediction, microsoft products
 
 
 
 
Expand article

Canadian Standards Association Learning Centre compromised

The Article has images
2008-02-10 19:14:30 by Evan Francen in The Breach Blog
...involve credit card information than I am with ones that involve Social Security numbers. It's relatively easy to get a new credit card number if you have reason to believe that yours has been compromised and any fraud typically affects a single account. Social Security number compromise is not so limited There was reason to believe that the...
 
Tags: breach description, breach, credit card, credit card issuer, security breach, encryption, secret key encryption, credit card company, security
 
 
 
 
Expand article

Facebook backs down on Beacon program

The Article has images
2007-12-11 11:09:46 by Jen Albornoz Mulligan in Security & Risk Management
...involve, see how the US government has set up a privacy impact assessment program Please click on the graph below to see an enlarged version
 
Tags: privacy, privacy impact assessments, program, facebook, beacon program, privacy insensitive developments, business projects, projects, privacy news
 
 
 
 
Expand article

Auditing open source software

2007-10-08 16:13:00 by Panayiotis Mavrommatis in Google Online Security Blog
 
...involve a user having to run a whole evil applet. The key parts of code which demonstrate the bug are as follows TagOffset = SpGetUInt32 (&Ptr if (ProfileSize < TagOffset return SpStatBadProfileDir TagSize = SpGetUInt32 (&Ptr if (ProfileSize < TagOffset + TagSize return SpStatBadProfileDir Ptr = (KpInt32 t *) malloc ((unsigned...
 
Tags: image, malicious image file, libtiff image, values, jpeg image, tiff header values, source, evil tiff file, evil
 
 
 
 
Expand article

Article: Analytics Brief: Securing The New Data Center

The Article has images
2008-01-07 05:28:32 by Editor in Security Links
...involve a technology purchase!) are out there to help mitigate them. Shipley maintains a healthy skepticism of security software vendors. He cant help but wonder if some of the vendors out there are simply looking at all the virtualization going on and saying, Hey, how do I sell security to all these VMware shops? I think part of the burden...
 
Tags: virtual environment, environment, virtual appliances range, virtual appliances, security, tools, security tools, develop security, security holes
 
 
 
 
Expand article

Protect your data: everything else is just plumbing

The Article has images
2007-07-02 20:46:32 by Steve Riley in Steve Riley on Security
...involves a lot of work on the part of someone else. Alice has to beg, cajole, and bribe the network admin to create a file share, create two security groups, add Bob to one and Phil to the other, and create access control entries on the shares access control list. Thats a lot of work for someone who really doesnt care about Alices problems....
 
Tags: data security, comrms data security, data, security, confidential information, information, information security, temporary data, data vanishes
 
 
 
 
Expand article

Getting into the Flow With Threat Modeling

The Article has images
2007-10-11 23:25:00 by sdl in The Security Development Lifecycle
...involved with what theyre doing. Seeing this a few times during threat modeling sessions made it obvious when it was missing, and it was missing often. I set out to address some of the elements that seemed to make threat modeling harder. The Wikipedia article (currently) has a good list, so Ill focus in on a few of them Clear goals Direct and...
 
Tags: threat, people develop skills, people, challenge people, flow, sdl threat, entire threat model, threat model, guide people
 
 
 
 
Expand article

Vista SP1 Goes To Manufacturing

2008-02-04 11:18:17 by Editor in Cheap Hack
 
...involve reinstalling the drivers, which can be done through Windows Update and other mechanisms, but in the meantime when Windows Update begins offering SP1 to Vista users it will not do so to those on which it detects the problem drivers. Microsoft gave no details on who made the drivers, what devices they support, or what the specific...
 
Tags: sp1, windows vista blog, windows vista, vista sp1, microsoft download center, download center, windows, download sp1, device drivers