SEARCH RESULTS
 
Showing 1-10 of 142 records
 
Expand article

Computer Forensics Procedures, Tools, and Digital Evidence Bags: What They Are and Who Should Use Them

2008-05-08 00:00:00 by Editor in Infosec Writers Latest Security Papers
 
This paper, written by Brett Pladna, will try to demonstrate the importance of computer forensics by describing procedures, tools and differences in the use for individuals/small organizations vs. large organizations
 
Tags: computer forensics, procedures, brett pladna, tools, organizations, importance, differences, paper
 
 
 
 
Expand article

Stored Procedures and SQL Injection

2008-05-16 10:43:56 by Adrian Lane in Information Centric Security
 
There is a nice post by Michael Howard on a couple simple steps to help mitigate SQL Injection attacks over on the Security Development Lifecycle blog this morning. Simple steps that are effective by reducing the avenues of attack or reducing the assumptions of trust between the application and the database. However wanted to add a couple of...
 
Tags: couple simple steps, couple, simple steps, sql injection attacks, procedure permissions -use, procedures, michael howard, nice post, attack
 
 
 
 
Expand article

Giving SQL Injection the Respect it Deserves

2008-05-15 18:45:00 by sdl in The Security Development Lifecycle
 
...Procedures Use SQL Execute-only Permission Use SQL Parameterized Queries From the SDL documentation Applications accessing a database must do so only using parameterized queries Creating dynamic queries using string concatenation potentially allows an attacker to execute an arbitrary query through the application. This vulnerability allows...
 
Tags: sql, sql injection bug, sql injection requirements, sql injection attack, sql server, sql execute-only permission, malicious sql payload, sql injection, sql injection vulnerability
 
 
 
 
Expand article

Australian medical information found in abandoned amusement park

The Article has images
2008-06-28 13:10:55 by Evan Francen in The Breach Blog
...procedures following the discovery at Lansvale in Sydney's south west Evan] I presume that the waste disposal procedures have probably changed over the past ten years. The Health Department should be reviewing procedures on a regular basis anyway The health service's chief executive, Professor Steven Boyages, says it is a serious breach and...
 
Tags: confidential medical records, medical records, clinical waste, waste, waste disposal procedures, disposal, records, procedures, amusement park
 
 
 
 
Expand article

Who should do your security audits? Or, how do you organize the security department?

2008-02-07 22:25:32 by Steve Riley in Steve Riley on Security
 
...procedures. It makes no sense to spend time developing policies and without having some mechanism to measure compliance. That's the role of the auditing function -- to measure compliance. If we all agree that policies are good, then we should all agree that checking up on ourselves is also good So, then, who should conduct the audits? For...
 
Tags: information, information assets, information security, alignment folk, security alignment folk, information security department, alignment, security department, security
 
 
 
 
Expand article

The Arizona Office of the Auditor General finds plenty of holes

The Article has images
2008-06-23 12:28:27 by Evan Francen in The Breach Blog
...procedures for regularly conducting security reviews of their critical Web-based applications. [Evan] Even though it seems like its the same story in company after company, I am still amazed by how many organizations don't know what or how many applications that have (not to mention servers, clients, routers, switches, wireless access points,...
 
Tags: information, information security officer, personal information, information security staffs, confidential information, information security, university information, sensitive information, sensitive
 
 
 
 
Expand article

Drama surrounds People's United Bank breach

The Article has images
2008-04-08 12:47:21 by Evan Francen in The Breach Blog
...procedures and asked to be hired as a consultant. He says he found a problem with a cell phone company and it paid him $10,000 as a consultant in the late 1990s Hastings said the bank's Dumpsters aren't properly secured and it isn't shredding documents, he says Evan] Yes, the ROOT of the problem. We shouldn't lose sight of the fact that the...
 
Tags: bank, financial information, information, confidential information, people, bank deposit, hastings, james hastings dove, bank set
 
 
 
 
Expand article

Unauthorized access to the Stryker Corporation VPN

The Article has images
2008-04-17 12:45:57 by Evan Francen in The Breach Blog
...procedures. Privileged account passwords must be changed when there is a reasonable possibility that someone with knowledge of the privileged account passwords leaves the organization Stryker suspects a particular employee, but has been unable to confirm whether that individual is, in fact, the unauthorized user On March 4, 2008, Stryker...
 
Tags: stryker, stryker corporation, stryker suspects, stryker immediately, immediately, stryker intends, stryker servers, servers, evan user
 
 
 
 
Expand article

Lost Bank of Ireland laptops affect roughly 10,000 customers

The Article has images
2008-04-22 09:35:39 by Evan Francen in The Breach Blog
...procedures had not been followed Evan] Policies and "internal procedures" aren't worth squat if they aren't communicated to all affected persons AND enforced Unfortunately in this situation the procedures were not properly adhered to. The thefts, while they were reported to the Gardai [police], the situation wasn't escalated to the level of...
 
Tags: bank, customers, information security, information, ireland, confidential information, ireland life option, ireland life, bank account details