SecurityRatty: tag: potential

Download: Server Core Potential Security Benefit

2008-06-12 16:16:00 by jrjones in Jeff Jones Security Blog

With Windows Server 2008, the Microsoft Windows Server team introduced a new installation option Server Core Server Core is a minimal install option of Windows Server that excludes much of the GUI and many applications such as Internet Explorer and Windows Media Player that would be present in a default installation In this very short report (...

Microsoft to Rate Exploit Potential

2008-08-11 07:30:39 by Editor in Computerworld Security News

Microsoft plans to begin rating the potential exploitability of security flaws in its software, based on an assessment of the likelihood that attackers will try to take advantage of them

Tags: potential exploitability, microsoft plans, security flaws, attackers, advantage, assessment, software, based, likelihood

Online Finance Flaw: TIAA-CREF XSS & Potential CSRF

2008-12-03 09:42:00 by Russ McRee in HolisticInfoSec.org

...potential signs of cross-site request forgery ( CSRF ) in that they accept updates via GET or allow submittal with the referrer stripped Lessons learned 1) Don't assume all is well even though a site may offer examples of how attentive they are to security 2) Never log on to an online financial service offering (or anything else for that...

Tags: tiaa-cref, site, cross-site, tiaa-cref site, tiaa-cref security flaw, flaw, tiaa-cref security page, security page, cross site

Homeland Security Cost-Benefit Analysis

2008-07-17 06:43:25 by schneier in Schneier on Security

...potential terrorist targets is essentially infinite. 2. The probability that any individual target will be attacked is essentially zero. 3. If one potential target happens to enjoy a degree of protection, the agile terrorist usually can readily move on to another one. 4. Most targets are "vulnerable" in that it is not very difficult to damage...

Tags: potential targets invulnerable, potential targets, targets, protection, invulnerable, protection measures, paper, paper attempts, potential terrorist targets

Modelling Air Traffic Control

2008-09-08 13:27:26 by Tim Bass in The Complex Event Processing Blog

...potential collision or aircraft off approach vector we must trace and trace individual objects, aircraft-objects,accurately with very high confidence. In addition to trackingaircraft-objects, there is a database of information about the aircraft (ideally), such as make, model, age, range, passengers and other properties about the...

Tags: model, crude laymansatc model, state-model, simple atc model, complex, isconsiderable complex event, overly simplistic model, complex event, simple model

Partial Disclosure - The Good, Bad, and Ugly

2008-10-21 13:58:00 by Tyler Shields in Zero in a bit

...potential for abuse. When a major flaw is partially disclosed, a number of potential issues may occur. First and foremost, the further along the partial disclosure path we are, the more details will be released to the public, and the higher the probability that someone (either good or bad intentioned) will figure out the exploit and disclose...

Tags: partial disclosure, process, responsible disclosure process, partial disclosure process, disclosure, partial disclosure model, responsible disclosure, partial disclosure path, disclosure andor non-disclosure

Unauthorized access to the Stryker Corporation VPN

2008-04-17 12:45:57 by Evan Francen in The Breach Blog

...potential criminal investigation. Initially, the FBI asked Stryker not to give notice of the security incident, so as not to interfere with its investigation But on March 20, 2008, the FBI informed Stryker that based on current information, it would not pursue a criminal investigation Stryker will provide a notice of the security incident...

Tags: stryker, stryker corporation, stryker suspects, stryker immediately, immediately, stryker intends, stryker servers, servers, evan user

Assessing the Security Benefits of Cloud Computing

2008-07-21 07:00:15 by Craig Balding in Cloud Security

...potential security benefits of Cloud Computing In my view, there are some strong technical security arguments in favour of Cloud Computing - assuming we can find ways to manage the risks With this new paradigm come challenges and opportunities. The challenges are getting plenty of attention - Im regularly afforded the opportunity to comment...

Tags: benefits, cloud, security, technical security benefits, based, virtualization based cloud, efficient security software, security software, cloud market

Online finance flaw: U.S. Bank & National City Bank XSS and more

2008-12-09 15:26:00 by Russ McRee in HolisticInfoSec.org

...potential CSRF and potential SQLi, in a Cold Fusion (gasp!) app that runs a subdomain; specifically insights.nationalcity.com While the potential National City Bank vulns don't necessarily give a malicious attacker a ton to work with, given that it's an isolated app running a subdomain, the XSS issue is still useful in obvious ways I am...

Tags: bank, bank site occurs, bank site, bank issue, italian bank issue, site, national city bank, xss, bank sites

Your name:
Your email:
Describe a problem:
AntiSPAM Validation:

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo