SecurityRatty: tag: paths

Defend against targeted attacks - Part 2

2008-04-10 10:51:23 by Editor in Adventures in Security

In this second and final installment, weâre examine how to look for and remediate potential attack paths; attack paths that might only make themselves known during focused and aggressive attack preparation

Tags: potential attack paths, attack paths, aggressive attack preparation, final installment, examine

Mashup of the Titans

2008-06-25 17:29:25 by Gunnar Peterson in 1 Raindrop

...paths will not be noticed during normal use (since normal use usually does not include attempts to exercise improper access paths). As a result, techniques such as line-by-line inspection of software and physical examination of hardware that implements protection mechanisms are necessary. For such techniques to be successful, a small and...

Tags: protection mechanisms, protection mechanisms correctly, information security, information, implements protection mechanisms, information travels, information security people, protection, potential information path

Squirreling Backdoors Into Distribution Points

2007-12-19 22:16:35 by Chris Eng in Zero in a bit

...paths, and script locations. This includes some user-supplied input such as the URL query string and the HTTP headers. SM PATH is the filesystem path where SquirrelMail is configured to be run from. So once an attacker controls SM PATH, its likely that a subsequent call to include() can be exploited to fetch and execute PHP code from a remote...

Tags: md5 collisions, md5, md5 hashes, distribution, php, execute php code, execute, code, md5 unsafe

PCI compliance are you just checking the box?

2007-11-14 22:05:00 by Patrick McGregor in Data Protection, Management and Leakage

...paths, security models, networks, and policies. Fully addressing PCI requires solving these hard process problems, and this is an opportunity to build a strong operational base (making you competitive and agile) for the future of the company. As a result, working towards PCI compliance can increase both revenue and profit I see PCI (and so...

Tags: pci, pci compliance, pci requires, address pci challenges, challenges, address, pci initiatives, retailers, data protection benefits

Threat modeling and root cause correction

2008-03-26 10:46:41 by Editor in Adventures in Security

Threat modeling is a good way to understand how an attacker can potentially reach his intended target. Using attack trees, analysts identify paths to the target and efficient ways to block an attacker's progress. The best block is to eliminate root cause. Microsoft apparently missed this piece

Tags: threat, microsoft apparently, target, attack trees, root, block, attacker, piece, reach

What's holding back NAC?

2008-03-22 01:39:00 by JJ in Security Uncorked

...paths with the IEEE and IETF standards, as well as groups like TNC . But, the truth is, the 802.1X and NAC standards are in constant flux in a good way but still in flux. Although we have a great framework in place, some folks are waiting for the dust to settle on Planet NAC before committing Once the standards (ie new RADIUS attributes)...

Tags: nac, product, nac product-, nac vendors domino, solution, nac solution, standards, nac standards, nac industry

Fiber: Review of Optics, Cables & Connectors

2008-04-05 03:22:59 by JJ in Security Uncorked

...paths, creating multiple rays, or modes. The light bounces around more, which means the connectors and splices for multimode are more forgiving than for singlemode, but the bouncing causes dispersion and fidelity loss. On the other hand, singlemode has a much smaller diameter core, giving the light one straight path, or mode, through the...

Tags: cables, simplex fiber cables, fiber, connectors, fiber cables, short fiber runs, short, single-mode, single-mode fiber

Metro Round-Up: OpenAirBOston

2008-04-14 11:12:29 by Glennf in Wi-Fi Networking News

...paths in front of Whole Foods where high school students in favor of the network were gather signatures for a petition--and hugged. That kind of behavior is more of what we need: civility, understanding, and mutual working forward to improve everyone's health. More research? Sure. And more kindness, too Wired's Wi-Fi map: now, useful! My...

Tags: projects, comparable projects, network, municipal projects, wi-fi network, island project, city-wide network, true, pilot projects

Can I just comment out these lines of code?

2008-05-23 10:53:20 by Burton Group in Security and Risk Management Strategies Blog

...paths of analysis, all of which will provide valuable information in attempting to determine a root cause. Unfortunately - and this is something that is also not unique to any specific kind of environment - not all parties involved are neutral, and there can also be a tendency to fixate on symptoms rather than the cause. One reason for this...

Tags: process purportedly, process, fix specific process, software development process, commercial development process, code, low-assurance process, development, specific

Your name:
Your email:
Describe a problem:
AntiSPAM Validation:

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo