SEARCH RESULTS
 
Showing 1-10 of 31 records
 
Expand article

Improve Security with "A Layer of Hurt"

2008-07-31 19:13:00 by sdl in The Security Development Lifecycle
 
...reads that data For example, C or C++ code that reads from a UDP socket and then fuzzes the data before it's consumed by the rest of the application might look like this char RecvBuf[1024 int BufLen = sizeof(RecvBuf int result = recvfrom RecvSocket RecvBuf BufLen 0 SOCKADDR *)&SenderAddr SenderAddrSize ifdef FUZZ Fuzz(RecvBuf,&BufLen endif...
 
Tags: layer, code layer, code, decent code coverage, fuzz, void fuzz, ifdef fuzz, code examples, perform fuzz
 
 
 
 
Expand article

DRM Scorecard Makes Me Wonder: The Media Industry and the TSA, Sadistic or Incompetent?

2007-08-02 08:19:00 by Eric Marvets in The Security Samurai
 
...reads Hackers 1000, Industry 0 This all goes back to the simple fact that all DRM is based on encryption, and that its illogical to give someone the decryption key that is required to enable what the media industry views as authorized behavior (media playback) without expecting someone else to utilize that decryption key for other behavior,...
 
Tags: media industry, industry, media industry views, illogical behavior impedes, drm, behavior, drm scorecard, secret, secret internal referendum
 
 
 
 
Expand article

Moto Q9 DoS and Fingerprinting

2008-01-12 18:10:21 by RSnake in ha.ckers.org web application security lab
 
...reads, MOT-Q9/01.04.35R Mozilla/4.0 (compatible; MSIE 6.0; Windows CE; Smartphone; 320240) Opera 8.65 UP.Link/6.3.1.17.0. Eesh! It gives my actual device type! So then I turn the setting to desktop computer it turns to Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) Opera 8.65 [en] UP.Link/6.3.1.17.0. Okay, fair enough, that appears...
 
Tags: accept language, accept, devcap, devcap charset, devcap numsoftkeys, accept charset, devcap screenpixels, cell phone hacker, phone
 
 
 
 
Expand article

Orthogonal Blogging at the SOA Horse Races

2008-01-20 06:30:30 by Tim Bass in The Complex Event Processing Blog
 
...reads my blog (and Ophers blog) replies with Technological Perfecta where he opines I think there are some mutual dependencies between these technologies, but they are what I call soft dependencies Opher, Richard, you guys are technically right, but you are blogging orthogonally to the message in Betting on the SOA Horse First of all, my post...
 
Tags: real, real-world, real business solutions, soa, soa horse, real business, software, software companies, customers
 
 
 
 
Expand article

Security vs. Privacy

2008-01-29 05:21:41 by schneier in Schneier on Security
 
...reads: "Those who would give up essential liberty to purchase a little temporary safety, deserve neither liberty nor safety." It's also true that those who would give up privacy for security are likely to end up with neither This essay originally appeared on Wired.com
 
Tags: privacy, security, security affects privacy, people, people choose security, choose security, anti-privacy, afford privacy, security theater
 
 
 
 
Expand article

Long Island University notifies students of mailing error

The Article has images
2008-02-12 09:53:50 by Evan Francen in The Breach Blog
...reads "NOTIFICATION OF 1098-T DATA EXPOSURE The school deserves some credit for their prompt and clear response How many IRS forms are sent through the mail this time of year with Social Security numbers on them Past Breaches Unknown
 
Tags: island university, university, post, post office personnel, students, post office, personal data, data, social security
 
 
 
 
Expand article

Chip & PIN terminals vulnerable to simple attacks

The Article has images
2008-02-26 20:33:32 by Saar Drimer in Light Blue Touchpaper
...reads an exact replica of the magnetic strip (for backwards compatibility). Thus, if an attacker can tap the data line between the card and the PEDs processor, he gets all the information needed to create a magnetic strip card and withdraw money out of an ATM that does not read the chip We also found that the certification process of these...
 
Tags: peds, popular peds, protect cardholder data, peds processor, pin, cardholder data, data, encrypt data, governmental certification bodies
 
 
 
 
Expand article

Central Bank of the UAE reports ATM fraud to lenders

The Article has images
2008-03-03 11:41:37 by Evan Francen in The Breach Blog
...reads and records the data from the card's magnetic strip, while either a hidden camera or a nearby observer, known as a shoulder surfer', steals the PIN The stolen details can then be used to create fake cards or make purchases online, or the data may be sold on to other gangs of fraudsters Skimming fraud has been seen in most regions of...
 
Tags: bank card details, card details, bank, bank card, atm, regular card reader, reader, customers, bank customers
 
 
 
 
Expand article

Israel Implementing IFF System for Commercial Aircraft

2008-03-10 12:24:29 by schneier in Schneier on Security
 
...reads back the reply. Authentication is achieved by 1) physical possession of the device, and 2) typing a legitimate PIN into the device to activate it The article talks about a distress mode, where the pilot signals that a terrorist is holding a gun to his head. Likely, that's done by typing a special distress PIN into the device, and...
 
Tags: commercial aircraft, system, hand-held computer device, device, pin, special distress pin, ground control issues, challenge, news article implies
 
 
 
 
Expand article

Mac OS X Security - Reality Check #1

2008-03-27 21:32:49 by jrjones in Jeff Jones Security Blog
 
...reads my blog knows, I like to shine a light on areas of common security misperceptions. I am even happier when others do it I think Apple has really taken a playbook from Oracle (ie, "Unbreakable marketing") with respect to security in the past year with unsupported security claims in their marketing, drawing the attention of security...