SecurityRatty: tag: prohibit

Limiting Process Privileges Should Be Easier

2007-11-09 10:00:00 by Security Retentive in Security Retentive

...Prohibit new files, new sockets, etc., by setting the current and maximum RLIMIT NOFILE limits to 0 Prohibit filesystem access: chdir and chroot to an empty directory Choose a uid dedicated to this process ID. This can be as simple as adding the process ID to a base uid, as long as other system-administration tools stay away from the same uid...

Tags: process, uid, effective process sandbox, kill, prohibit kill, uid range, prohibit, privileges, target uid

Corporate Spying

2008-01-16 12:21:41 by schneier in Schneier on Security

...prohibit using fraudulent means to obtain telephone records. Financial records were already off-limits. But federal law doesn't forbid assuming a false identity to get other information -- an area that ex-spies exploit Still, a few techniques favored by the spies-for-hire do appear to violate privacy statutes. One of these involves using...

Tags: agents, intelligence agents, wal-mart, off-duty police officers, officers, wal-mart employee fired, cell-phone calls, phone calls, obtain

Stolen personal laptop may have Memorial University student info

2008-02-05 14:57:10 by Evan Francen in The Breach Blog

...prohibit the use of personal computers to access business information resources. This is a unnecessary and often unacceptable risk While Mr. Burns could not confirm that the information from those courses was actually on the stolen laptop, the university has decided to contact all 150 students who may have been affected to advise them of the...

Tags: secure personal information, personal information, sensitive personal information, university, information, information access, memorial, professor, memorial professor

Stolen Salesforce.com unencrypted external storage device

2008-02-12 13:32:40 by Evan Francen in The Breach Blog

...prohibit the use of mobile media for confidential data storage. If the business case for mobile storage media is too great, then encrypt the information. Seems simple The personal information was not taken from the salesforce.com application, and no customer data was stored on the stolen device. This theft did not compromise our data centers...

Tags: external storage device, storage device, sensitive personal information, personal information, device, personal information includes, information, salesforce, data

Four stolen laptops at the Eastern School District

2008-02-21 16:37:38 by Evan Francen in The Breach Blog

...prohibit the storage of confidential information on mobile devices whenever possible, AND evaluate our internal information security controls, AND We are very concerned," chief executive officer Darrin Pike. "Obviously it's not a good thing, it's not something we want to minimize From what the RNC tells us, [thieves] tend to reformat the...

Tags: district, eastern school district, school, information, personal information, confidential information, encrypt confidential information, computers, laptop computers

Stolen NHS flash drive contained adolescent information

2008-03-06 11:23:26 by Evan Francen in The Breach Blog

...prohibit their use altogether with respect to confidential information Telford police spokeswoman Denise Wakefield said the theft of the Flybook laptop happened on February 27 at 4.50pm Anyone with information about the theft is asked to call police on 08457 444888 Commentary I get tourqued when I read about breaches that affect children....

Tags: information, personal information, medical information, information security, confidential information, information security strategy, nhs, information disclosure, information security program

The Phorm Webwise System

2008-04-04 16:53:06 by Richard Clayton in Light Blue Touchpaper

...prohibit the GoogleBot from indexing your page is rather different from permitting your page contents to be snooped upon, so that Phorm can turn a profit from profiling your visitors Overall, I learnt nothing about the Phorm system that caused me to change my view that the system performs illegal interception as defined by s1 of the...

Tags: phorm, system, phorm assumes, phorm argue, phorm system, extensive technical details, technical details, system anonymises, details

Unauthorized access to the Stryker Corporation VPN

2008-04-17 12:45:57 by Evan Francen in The Breach Blog

...prohibit user password changes via telephone Evan] I wonder why. Password changes via telephone are not really that risky for many organizations, as long as there are proper procedures in place including caller verification Stryker also plans to implement a number of additional preventative measures in the coming months. These measures...

Tags: stryker, stryker corporation, stryker suspects, stryker immediately, immediately, stryker intends, stryker servers, servers, evan user

Canadian farmer personal information on stolen CCGA laptop

2008-06-08 19:32:52 by Evan Francen in The Breach Blog

...prohibit anyone other than the user or the person with the password to access the data on the laptop Evan] These are "strict security measures"? My emphatic answer is NO! These "strict security measures" are easily bypassed but the data was not encrypted Evan] The missing piece of the puzzle. Why go through all of the (self-proclaimed)...

Tags: information, laptop, financial information, confidential information, laptop affects, computer, strict security measures, ccga, laptop computer

Stolen laptop affects thousands of current and former Stanford employees

2008-06-08 23:12:08 by Evan Francen in The Breach Blog

...prohibit keeping sensitive information on unsecured computers. This effort will be redoubled after this incident We sincerely apologize for this incident You can call (650) 736-0099 and leave your contact information for a return call. You can also go to the Stanford home page for updates or email privacyquestions@stanford.edu with your...

Tags: stanford, university laptop, university, stanford university, stanford email address, information, personal information, information security practice, stanford employee

Your name:
Your email:
Describe a problem:
AntiSPAM Validation:

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo