SEARCH RESULTS
 
Showing 1-10 of 19 records
 
Expand article

Phishing Metamorphosis in 2007 - Trends and Developments

The Article has images
2007-12-12 10:02:39 by HASH0x89e8bec in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...pretend to be. Why did phishers embrace economies of scale during 2007, what factors contributed to the constantly shrinking period of time it takes for the phishers to come up with a fake email, and how come that despite all the public awareness put into the problem, people still fall victim to phishing scams? This article aims to provide an...
 
Tags: phishers embrace economies, phishers, article aims, article, people online, factors, key factors, people, popular spammers strategies
 
 
 
 
Expand article

Making Threat Modeling Work Better

The Article has images
2007-10-17 00:23:53 by sdl in The Security Development Lifecycle
...pretend its gospel, and enumerates all possible threats.) Given this gospel, it becomes possible to step through the threat modeling diagram, turn the crank, and have threats come out. Item 7 is a data flow? Lets look for T,I and D. (Tampering, Information disclosure, and Denial of service Similarly, we have four ways of addressing threats...
 
Tags: threat, process, process helps ensure, developers threat model, database design process, security, trust boundaries, threat model, security experts
 
 
 
 
Expand article

Process Doubling

2008-01-27 22:44:57 by RSnake in ha.ckers.org web application security lab
 
...pretend that it was set up so that all thats allowed out is port 80 and 443. What now? I cant kill the web server, or people will certainly notice, and I cant tunnel out on any other ports which are already locked up by the web server, so what alternative do I have Sure, I could use some of the modern rootkits that talk outside of the TCP by...
 
Tags: web server, fairly complex set, set, fairly straight forward, egress, fairly easy, fairly common occurrence, easy, firewall egress
 
 
 
 
Expand article

The National Cyber Exercise

2008-02-06 13:29:21 by Burton Group in Security and Risk Management Strategies Blog
 
...pretend that a faux "Worldwide Anti-Globalization Alliance (WAGA)" was attacking U.S. and international interests, and determine how public and private sector targets responded Cyber Storm is of interest now for two reasons. First, late last month the Associated Press received a redacted summary report of the exercise results (two years after...
 
Tags: cyber, national cyber exercise, exercise, exercise objective, security, exercise results, international, international government participants, security contact
 
 
 
 
Expand article

The National Cyber Exercise

2008-02-06 13:29:21 by Burton Group in Security and Risk Management Strategies Blog
 
...pretend that a faux "Worldwide Anti-Globalization Alliance (WAGA)" was attacking U.S. and international interests, and determine how public and private sector targets responded Cyber Storm is of interest now for two reasons. First, late last month the Associated Press received a redacted summary report of the exercise results (two years after...
 
Tags: cyber, national cyber exercise, exercise, exercise objective, security, exercise results, international, international government participants, security contact
 
 
 
 
Expand article

Searching for Terrorists in World of Warcraft

2008-03-11 14:42:08 by schneier in Schneier on Security
 
...pretend we're fighting terrorism , and then get a government grant." Having eliminated all terrorism in the real world, the U.S. intelligence community is working to develop software that will detect violent extremists infiltrating World of Warcraft and other massive multiplayer games, according to a data-mining report from the Director of...
 
Tags: world, real world, warcraft, detect violent extremists, massive multiplayer games, terrorism, intelligence community, develop software, government grant
 
 
 
 
Expand article

Say When - Trusting Log Timestamps

2008-03-23 04:05:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -
 
...pretend that logs objectively record events and user actions, we need to unambiguously establish WHAT happened and WHEN . This post deals with the 'WHEN' issue So, can we trust that the time stamp in the log file or the one added by the log management system correctly describes when the event actually happened We will start from locating the...
 
Tags: logs, windows event logs, syslog files, syslog, define logs, syslog-ng, system logs, syslog daemon, time
 
 
 
 
Expand article

"It Was an Insider!" = "Sorry, We Are Idiots!"

2008-04-02 13:11:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -
 
...pretend to have good security, etc we suffer a huge embarassing data loss how can we still justify our past efforts as worthwhile and "effective" (even though reality just proved they were not let's invent a factor that is known to bypass many of the existing defenses what this factor Yes! Insider! It was an insider We KNOW it Mike R doubts...
 
Tags: insider, custom remote-control trojans, malicious hackers, data loss, fun chronology, theoretical warnings, downright idiotic, specific targets, past efforts
 
 
 
 
Expand article

Dr Beetroot and the Stolen Records

The Article has images
2007-08-27 14:15:00 by Allen Baranov, CISSP in Security Thoughts
...pretend that all is well with patient records in hospitals The Minister is right that her private details should be kept private but once it is in the newspaper it is too late. It should have been protected from the start and the hospital is (in my humble opinion not being a lawyer) to blame If the Minister does take up the issue with the...
 
Tags: sunday times, sunday times newspaper, records, information security, information, sunday times controversy, newspaper, public hospital, medical records
 
 
 
 
Expand article

RSA Impressions - 2: Compliance "Megatrends"