SecurityRatty: tag: propose

Severity Rating Systems - Part 1

2007-11-02 21:32:42 by jrjones in Jeff Jones Security Blog

...propose some alternative that might work better, so I think a deeper look might be interesting I've posted up Part 1 on CSOonline . Read the full details there and give me your thoughts as feedback. I'm planning either one or two more follow-up posts to further explore severity rating systems and your feedback could very likely influence...

Tags: red hat, red hat motivation, impugn vulnerability comparisons, posts, follow-up posts, national vulnerability database, low severity ratings, systems, nist

New Attack Class: XSNADOR

2008-04-01 11:00:47 by Chris Eng in Zero in a bit

...propose that, going forward, security practitioners should refer to these vulnerabilities as Cross Social Networking Application Direct Object Reference (XSNADOR). Thats pronounced eks-SNEY-dohr, in case you were wondering XSNADOR attacks are very common, they have simply lacked a catchy label for the media to latch on to. Look at all of...

Tags: xsnador, facebook moods application, application, cross social, social, facebook application hacks, xsnador attacks, cross, cross-site

KeeLoq Still Broken

2008-04-04 06:03:03 by schneier in Schneier on Security

...propose a new eavesdropping attack for which monitoring of two ciphertexts, sent from a remote control employing KeeLoq code hopping (car key, garage door opener, etc.), is sufficient to recover the device key of the remote control. Hence, using the methods described by us, an attacker can clone a remote control from a distance and gain...

Tags: keeloq, keeloq algorithm, keeloq device, remote control, keeloq code, keeloq encryption algorithm, side-channel attacks, attacks, remote controls

What do the Cold Boot Crypto Attack, DVD Players, and MiFare tell us about the Future of Biometrics?

2008-03-26 00:16:43 by Erik T. Heidt in Art of Information Security

...propose that biometric authentication is most useful when the authentication device is physically secure and the authentication itself is supervised. The MiFare example above also demonstrates two other issues The system chose not to implement a reviewed and standard cryptographic algorithm - always a bad idea MiFare was able to sell 1...

Tags: biometric authentication, biometric authentication infrastructure, biometric authentication challenge, tamper-proof biometric authentication, authentication, authentication device, mifare, tamper, biometrics

See Ya at RSA!

2008-04-04 16:23:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -

...propose: let's meet to roam the vendor expo hall and make fun of the vendors there :-) Some people there will make you ROFL or even ROFLMAO : once I had somebody try to explain why logs are important to me (was not too convincing, BTW) , another time I received a speech on what PCI DPS (!) is. There is also a high chance of spotting a hippo...

Tags: vendor expo hall, vendor, fun, conference starts, pci dps, mobile device, final post, rsa, hipaa

Reverse-Engineering Exploits from Patches

2008-04-23 13:35:08 by schneier in Schneier on Security

...propose solutions which prevent several possible schemes, some of which could be done with existing technology Full paper here

Tags: exploit, security patch, exploit code, patch, security vulnerability, simply wait, redesign windows, propose solutions, vulnerable hosts

Evaluating Electronic Voting Systems Equipped with Voter-Verified Paper Records

2008-05-22 14:32:01 by Editor in IEEE Security and Privacy

...propose solutions to address those issues

Tags: systems, electronic, paper records, discuss issues, analysis, issues, analysis cover, authors report, criteria

An Optical Scan E-Voting System based on N-Version Programming

2008-05-22 14:32:02 by Editor in IEEE Security and Privacy

...propose improvements to Demotek, including those in security and new capabilities. This case study demonstrates how the voter's authentication system and vote data transmission could further simplify and improve the electoral process by adding these new capabilities to the electronic voting system using N-version programming

Tags: system based, based, system, n-version, authentication system, vote data transmission, electoral process, capabilities, electronic

Why Do Street-Smart People Do Stupid Things Online?

2008-05-22 14:32:02 by Editor in IEEE Security and Privacy

The current epidemic of poor trust decisions by users online is largely due to flaws in GUIs that train the users away from using real-world security intuitions. The authors propose a principle for GUI designers that will help them avoid such design mistakes

Tags: users online, real-world security intuitions, users, poor trust decisions, gui designers, current epidemic, authors propose, design mistakes, due

A Blast from the Past: CEP at Stanford,1998-2003

2008-07-07 19:20:21 by Tim Bass in The Complex Event Processing Blog

...propose representing its evolution as a partially ordered set of predefined architectural event types. This representation allows a systems topology to be visualized, analyzed and con-strained. The use of a predefined event types allows the execution architectures of different systems to be readily compared Using Context-Based Correlation in...

Your name:
Your email:
Describe a problem:
AntiSPAM Validation:

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo