SEARCH RESULTS
 
Showing 1-10 of 97 records
 
Expand article

Online Finance Flaw: TIAA-CREF XSS & Potential CSRF

The Article has images
2008-12-03 09:42:00 by Russ McRee in HolisticInfoSec.org
...numerous financial products and services. The TIAA-CREF site is ranked 26,148 on Alexa.com at the time of this writing I'll first direct you to the TIAA-CREF Security page, where they discuss the expected elements like identity theft, spoofing, tips, and my favorite, phishing Here's where the trouble begins. Obviously, most phishing occurs...
 
Tags: tiaa-cref, site, cross-site, tiaa-cref site, tiaa-cref security flaw, flaw, tiaa-cref security page, security page, cross site
 
 
 
 
Expand article

Oklahoma County Social Security numbers online

The Article has images
2008-03-13 09:46:09 by Evan Francen in The Breach Blog
...numerous documents filed of record in the county and are easily found by anyone with computerized research experience Social Security numbers of numerous prominent Oklahoma County residents were found with ease and in no case did we find a document where the Social Security number had been redacted, or blacked out, as is required under...
 
Tags: county, county commissioner, county clerks, oklahoma county residents, residents, oklahoma county, social security, court documents, county clerk
 
 
 
 
Expand article

Security Catalyst Forums

2008-04-29 06:17:00 by Allen Baranov, CISSP in Security Thoughts
 
...numerous blogs that I read and the numerous blogs that they all link to One place that has certainly been a terrific place to meet smart people interested in Information Security and to harvest some of their ideas are the Security Catalyst Forums . Registration is free and gets you access to some really amazing people Each week someone...
 
Tags: security catalyst forums, catalyst, information security, information, smart people, people, security catalyst initiatives, numerous blogs, infosec anymore
 
 
 
 
Expand article

Directly connect to your corpnet with IPsec and IPv6

2008-06-25 20:55:59 by Steve Riley in Steve Riley on Security
 
...numerous on-campus customer meetings. It's time to bring the knowledge to the masses I described an idea of using IPv6, IPsec, NAP, and group policy to build a pretty slick replacement for clunky VPN gateways. Turns out we've been piloting this very idea on our internal corpnet. Like a good little bunny I got myself enrolled in the thing and...
 
Tags: directly, corpnet, sql server directly, data, data center, ipv6, trust, end-to-end trust vision, users store data
 
 
 
 
Expand article

Laptop stolen in Royal Bolton Hospital break-in

The Article has images
2007-12-19 15:24:44 by Evan Francen in The Breach Blog
...numerous awards on their site , I wonder if one exists for information security. The fact that this is not the first time a computer containing sensitive information was stolen from the Royal Bolton Hospital makes this breach that much more frustrating Past Breaches October, 2006 - Computers stolen from the Royal Bolton Hospital September,...
 
Tags: confidential personal information, personal information, royal bolton hospital, hospital, sensitive personal information, bolton, information, information security, share patient information
 
 
 
 
Expand article

Oak Ridge National Laboratory visitor information exposed

The Article has images
2007-12-11 13:45:21 by Evan Francen in The Breach Blog
...numerous laboratories and other institutions across the country." - Laboratory Director Thom Mason on December 3rd When the employees opened the attachment or accessed an embedded link, the hacker planted a program on the employees' computers that enabled the hacker to copy and retrieve information. The original e-mail and first potential...
 
Tags: information, personal information, security, store social security, retrieve information, regular information security, security systems, cyber-security issues, security breach
 
 
 
 
Expand article

Phish and Foul

2007-07-20 00:00:00 by Ari Juels in Speaking of Security, the RSA Blog and Podcast
 
...numerous. Most prevalent are various types of red flags
 
Tags: sites, criminal sites, information, enter password information, online con game, e-mail, e-mail messages, security community, term suggests
 
 
 
 
Expand article

phpBB hacks: password security, anti robot login and a full board security system

2007-12-06 14:11:12 by Editor in Help Net Security - Articles
 
phpBB uses its own authorisation/session handling, database abstraction layer and template systems, so there are numerous guides on how to use them to create your own modifications for phpBB2.0 and 3
 
Tags: database abstraction layer, numerous guides, phpbb, systems, phpbb2, modifications
 
 
 
 
Expand article

Stolen laptops affect 337,000 Davidson County voters

The Article has images
2007-12-29 11:30:26 by Evan Francen in The Breach Blog
...numerous changes that could be suggested. It all starts with policy The Election Commission says it does not anticipate that the theft will cause any problems in the upcoming Tennessee presidential primary Commentary This is an example of typical reactionary information security. "Immediate changes" are made after the significant loss of...
 
Tags: voters, davidson county voters, davidson county, tennessee voters, information technology department, information, voters monitor, sensitive personal information, confidential information
 
 
 
 
Expand article

Playing With Homemade Explosives

2007-08-07 17:30:00 by Eric Marvets in The Security Samurai
 
...numerous benefits, such as teaching me how to construct proper firebreaks, that gravel roads dont burn but they do throw significant amounts of shrapnel, and why the military loves foxholes The first time I got an explosion occurred by accident. I was very disappointed after another failed experiment. As I sat there next to an empty gas can...
 
Tags: gas,