SEARCH RESULTS
 
Showing 1-10 of 129 records
 
Expand article

Fun Reading on Security and Compliance #10

2008-12-09 10:13:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -
 
...quote: Infosec is spending waaayyyy too much time and money protecting garages and not enough protecting assets Bad? Buahahaha. When it comes to offensive information security, we ain't seen nothing yet, opines Dave Aitel (he is probably right Are you secure ONLY because you didnt let your auditor see your FAIL? The ugliest security by...
 
Tags: special pci dss, pci dss, pci, security, pci security, offensive information security, information security, pci-dss program, measure security roi
 
 
 
 
Expand article

When is 4 out of 5 stars is not 4 out of 5 stars or do I have a car for you!

The Article has images
2008-07-21 23:47:46 by HASH0x8b76ffc in StillSecure, After All These Years
...quote (that had nothing to do with the SC magazine story) and voila!, can they put you in this car today So why do I call this out? No, no sour grapes here. Actually StillSecure Safe Access received the same 4 out of 5 stars and when we dig into the rating here are some interesting facts In actuality, our friends the used car salesmen only...
 
Tags: car, master car salesman, car salesman, car sales guys, nac device, star, star grade, nac, products
 
 
 
 
Expand article

Schneier Misquote

2008-08-02 10:44:25 by schneier in Schneier on Security
 
...quote attributed to me here : Well-known author and expert on security, Bruce Schneier, born in 1963, maintains "Terrorists can only take my life. Only my government can take my freedom I don't think I've ever said that. It certainly doesn't sound like something I would say. It's not in any of my books. It's not in any of the essays I've...
 
Tags: security theatre deserves, trades freedom, freedom, security, source, quote, real source, terrorists, bruce schneier
 
 
 
 
Expand article

When is 4 out of 5 stars not 4 out of 5 stars or do I have a car for you!

The Article has images
2008-07-21 22:55:10 by ashimmy in StillSecure, After All These Years
...quote (that had nothing to do with the SC magazine story) and voila!, can they put you in this car today So why do I call this out? No, no sour grapes here. Actually StillSecure Safe Access received the same 4 out of 5 stars and when we dig into the rating here are some interesting facts In actuality, our friends the used car salesmen only...
 
Tags: car, master car salesman, car salesman, car sales guys, star, star grade, nac device, review, nac
 
 
 
 
Expand article

Automating web application security testing

2007-07-16 11:40:00 by Panayiotis Mavrommatis in Google Online Security Blog
 
...quote not filtered or escaped form blah Injection inside URL attributes - non-http(s) URL javascript:evil script In JavaScript context - single quote not filtered or escaped In the cases where XSS arises from meta characters being inserted from untrusted sources into an HTML document, the issue can be avoided either by...
 
Tags: web application, application, input, input parameters, accepts user input, xss, xss vulnerabilities, security, security team check
 
 
 
 
Expand article

See, they ain't that scientific either

2008-02-25 13:42:29 by Paul Stamp in Security & Risk Management
 
...quote came from hedge fund manager John Devaney, who said "I'd like to thank the market for dealing me a direct hit. As a trader if you don't get sucker-punched every once in a while, you don't understand what risk is Also, there were a few good articles last week about how money managers had retreated from the market because they'd lost...
 
Tags: risk management, information risk management, information risk, risk, information risk professionals, risk models, model risk effectively, direct hit, quote
 
 
 
 
Expand article

SDL and Web 2.0

2008-02-28 22:26:00 by sdl in The Security Development Lifecycle
 
...quote from this column (probably my favorite quote from anyones column so far this year): theres still much to do in the [software] industry to reach a level of truly sustainable computing. This is perhaps especially true in the nascent area of Web 2.0 development. Lets hope Microsoft brings its Trustworthy Computing Initiative, or more...
 
Tags: web, site, chriss web site, mashups, web mashups, site cookies, persistent cross-site, cookies, benefit anyones web
 
 
 
 
Expand article

SQL Server - Fact Checking Recent Vulnerability History

2008-03-05 22:53:36 by jrjones in Jeff Jones Security Blog
 
...quote, which asserted that last year SQL Server had "... most vulnerabilities last year of any commercial database..." That is a big error, though it may be a misquote or a miscommunication. Certainly, if you go look at the current version of the original article , the incorrect statement has been removed However, given that as of today, some...
 
Tags: server, claim sql server, sql, sql server team, sql vulnerabilities, vulnerabilities, sql server, vulnerability, sql team
 
 
 
 
Expand article

Two Fun and Thought-provokinng Pieces

2008-03-06 12:58:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -
 
...quote: " ... Wait - they listen to customers, innovate new things, control costs, and deliver safety mechanisms to market while growing their business? When will Silicon Valley answer the bell on this model? " Read on On an unrelated note, Hoff's comments on "McGovern's " Ten Mistakes That CIOs Consistently Make That Weaken Enterprise...
 
Tags: fun, quote, fun quote, market, market forces, deliver safety mechanisms, security, silicon valley answer, enterprise security