SEARCH RESULTS
 
Showing 1-10 of 41 records
 
Expand article

New Year's Resolutions for choosing online retailers

2007-12-20 09:31:28 by Andras Cser in Security & Risk Management
 
...medium level of security, medium user inconvenience User has a portable device (cell phone) with software that generates OTP Vendors: ActivIdentity, Entrust, CRYPTOcard, PortWise, RSA Security, VASCO Data Security Wallet card (scratchpad, gridcard) (inexpensive, low level of security, medium user inconvenience User has a list of OTP...
 
Tags: user inconvenience, low user inconvenience, users desktop, users desktop software, software, medium user inconvenience, low, imagic software, user
 
 
 
 
Expand article

Security Consultant Hacks: Size Matters

2007-12-20 05:16:07 by Bill in Grumpy Security Guy
 
...medium and large sizes. Small shops are less than 30 consultants, medium 31-200, large 201 Small shops: Sometimes known as boutique firms or lifestyle firms (since the people that run them take jobs when they want and only when they want) can be excellent resources within their specialities. Typically these are 1-5 person shops that are...
 
Tags: security consultant, security consultant hacks, security, web application security, security consultants, consultants, grumpy security guy, medium shops, employ
 
 
 
 
Expand article

HMRC loses data cartridge that affects 6,548 pensioners

The Article has images
2007-12-31 23:30:11 by Evan Francen in The Breach Blog
...medium on which the data is held. [Evan] Security through obscurity doesn't work. This is one of the oldest security fallacies in the book. Don't count on the nature of the medium to provide adequate security We are taking this loss extremely seriously and have done everything possible to locate the data cartridge. We would like to apologise...
 
Tags: data, data cartridge, hmrc, lost hmrc cd, prime data, confidential data, hmrc breach, consult hmrc, hmrc encrypts
 
 
 
 
Expand article

Communicating about risk - part 2

The Article has images
2008-05-20 16:22:24 by JonesJ in RiskAnalys.is
...Medium, etc NOTE: Magnitude scales will vary based on the risk capacity/tolerance of the organization These can be useful, but a few challenges Ive encountered with this approach include If the risk point falls barely on one side of the line or the other, do the lines really serve a useful purpose, at least from the perspective of being able...
 
Tags: risk, managements risk tolerance, enterprise risk tolerance, risk tolerance, likelihood, risk analysis, likelihood connotes, lines, likelihood statement refer
 
 
 
 
Expand article

Hundreds of Thousands of Laptops Lost at U.S. Airports Annually

2008-07-04 08:20:38 by schneier in Schneier on Security
 
...medium-sized U.S. airports report close to 637,000 laptops lost each year, according to the Ponemon Institute survey released Monday. Laptops are most commonly lost at security checkpoints, according to the survey. Close to 10,278 laptops are reported lost every week at 36 of the largest U.S. airports, and 65 percent of those laptops are not...
 
Tags: laptops, recover lost laptops, lost laptops, lost, laptops lost, commonly lost, airports, lost laptop, percent
 
 
 
 
Expand article

Introducing Google's online security efforts

The Article has images
2007-05-21 09:43:00 by A Googler in Google Online Security Blog
...medium activity and red high activity Guidelines on safe browsing First and foremost, enable automatic updates for your operating system as well your browsers, browser plugins and other applications you are using. Automatic updates ensure that your computer receives the latest security patches as they are published. We also recommend that...
 
Tags: activity, malware activity, web servers, servers, malware, anti- malware effort, malware distribution servers, sites, web sites
 
 
 
 
Expand article

Orkut XSS Worm

2007-12-20 16:18:37 by RSnake in ha.ckers.org web application security lab
 
...medium for spreading is based on a technology that almost everyone uses and works across platform. I think the only thing stopping this from being more virulent is making it cross platform, and making the social engineering a little more seamless Here are the POST requests sent in by Lavakumar POST request sent by the worm to add the victim...
 
Tags: orkut, worm, post, community, orkut community, post scrapbook, xss worm, post requests, worm code
 
 
 
 
Expand article

Password policies. Once again.

2007-09-04 22:14:00 by Steve Riley in Steve Riley on Security
 
...medium or large organization, this can become a very high monthly maintenance cost. In nearly all instances, the call results from users locking themselves out (too many vodka tonics on the plane, maybe?), not users encountering locked out accounts because some bad guy was trying to guess passwords. Account lockouts have one more -- very bad...
 
Tags: account, enable account lockout, password, account lockouts, disable account lockout, 42-day default expiration, default, expiration, password expires
 
 
 
 
Expand article

Severity Rating Systems - Part 1

2007-11-02 21:32:42 by jrjones in Jeff Jones Security Blog
 
...Medium and Low severity ratings as determined by the National Institute of Standards (NIST) for the National Vulnerability Database (NVD) - found at http://nvd.nist.gov So, let me say that in my opinion, some of the concerns raised by Red Hat have merit and mirror some of the issues I've raised myself On the other hand, the Red Hat motivation...
 
Tags: red hat, red hat motivation, impugn vulnerability comparisons, posts, follow-up posts, national vulnerability database, low severity ratings, systems, nist
 
 
 
 
Expand article

Red Hat Enterprise Linux 4 Passes 1000 Vulnerabilities

2007-10-16 17:23:36 by jrjones in Jeff Jones Security Blog
 
...Medium severity, but still, that is a ton of work accomplished by that team, especially given that the product only shipped in February of 2005 To put that in context, (again by my calculations) Microsoft has fixed only 649 security vulnerabilities for all supported products across the company since the year 2000