SEARCH RESULTS
 
Showing 1-10 of 182 records
 
Expand article

Yet Another Web Malware Exploitation Kit in the Wild

The Article has images
2008-12-02 06:24:43 by Dancho Danchev in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...require MySQL to run, with several modified Adobe Acrobat and Flash exploits - all patched and publicly obtainable. This is precisely where the marketing pitch ends for the majority of malware kits released during the last quarter As always, there are noticable exceptions to the common wisdom that time-to-underground market isn't allowing...
 
Tags: kit, malware exploitation kit, nuclear malware kit, zeus crimeware kit, malware, exclusive kit, nuclear grabber kit, apophis kit, ddos malware kit
 
 
 
 
Expand article

Common Criteria and answering the question 'Is it Safe'

2007-12-20 16:57:00 by sdl in The Security Development Lifecycle
 
...require a weakness (a vulnerability) in the software used, and finding a way to exploit that vulnerability for a nefarious purpose. Security professionals have various frameworks on how to define safe that usually factor in some of the following considerations 1) Value of protected assets 2) Assumptions about the sophistication of and level...
 
Tags: criteria, fails, common criteria fails, common criteria, common criteria arguably, common, arguably, arguably deficient, security
 
 
 
 
Expand article

Employee fraud at Tenet Healthcare affects 37,000

The Article has images
2008-02-18 10:26:45 by Evan Francen in The Breach Blog
...require an additional level of clearance and this clearance should be closely scrutinized. The normal "run of the mill" billing work does not require Social Security number access I'm more concerned with what could happen than what has happened," Ashley Latzer a person that received one of the Tenet notification letters Evan] More than an...
 
Tags: tenet, require, require social security, security, tenet healthcare corp, employee fraud, fraud, letters, tenet notification letters
 
 
 
 
Expand article

IT Vendor VAR Relationships 101

2008-05-31 20:52:07 by JJ in Security Uncorked
 
...require a Reseller to request to be in the Partner Program, and sign a couple of documents. More involved products, such as the network and security products we deal with, usually require the Reseller to demonstrate competencies and a high level of technical expertise with that product. Some product lines or specific products may require a...
 
Tags: manufacturer, manufacturer directly, manufacturer partners, specific, specific product line, manufacturer sales rep, reseller, manufacturer relationship, resellers relationship
 
 
 
 
Expand article

Passport Canada web site suffers serious breach

The Article has images
2007-12-05 11:51:09 by Evan Francen in The Breach Blog
...require organizations to disclose when they've suffered security breaches Comfyllama] Canadian law SHOULD require it (and more Other Responses I was expecting the site to tell me that I couldn't do that," said Jamie Laning of Huntsville. "I'm just curious about these things so I tried it, and boom, there was somebody else's name and...
 
Tags: passport canada, information, personal information, passport application information, application, breach, passport application site, passport canada spokesman, significant security breaches
 
 
 
 
Expand article

5,000 Health Net employees affected by stolen laptop

The Article has images
2008-01-05 19:04:59 by Evan Francen in The Breach Blog
...require it If exceptional business circumstances require confidential information be on a mobile device, then additional controls MUST be present such as encryption Vendors, contractors, consultants, etc. MUST be included in the organizational information security program I respect a CEO who speaks about information security matters, it shows...
 
Tags: employees, health net employees, health net, company vendor, vendor, health net vendor, information, personal information, laptop
 
 
 
 
Expand article

Locked Call Boxes and Banned Geiger Counters

2008-01-18 07:44:31 by schneier in Schneier on Security
 
...require people to get a license before they can buy chemical, biological, or radiological attack detectors: The legislation which was proposed by the Bloomberg administration and would be the first of its kind in the nation would empower the police commissioner to decide whether to grant a free five-year permit to individuals and companies...
 
Tags: boxes, false fire alarms, fire, fire alarms, false alarms, prevent false alarms, alarm boxes, alarm, chicago fire
 
 
 
 
Expand article

Encryption defeated, still an advocate?

The Article has images
2008-02-22 16:15:15 by Evan Francen in The Breach Blog
...require nothing more unusual than a laptop and an Ethernet cable, or a USB Flash drive. With only these supplies, someone could carry out our attacks against a target computer in a matter of minutes And from " Lest We Remember: Cold Boot Attacks on Encryption Keys " Conclusion There seems to be no easy remedy for these vulnerabilities. Simple...
 
Tags: encryption, disk encryption software, encryption software, information security field, information, hard drive encryption, disk encryption, text information, encryption keys
 
 
 
 
Expand article

SDL and Web 2.0

2008-02-28 22:26:00 by sdl in The Security Development Lifecycle
 
...requirements Many Web 2.0 applications allow their end users to build and contribute to the application. Think about social networking sites like Facebook , or wikis like Wikipedia . The content on sites like these comes directly from the users themselves. (Remember that you were Time Magazines Person of the Year in 2006 for this very...
 
Tags: web, site, chriss web site, mashups, web mashups, site cookies, persistent cross-site, cookies, benefit anyones web
 
 
 
 
Expand article

The Other Side of Life

2008-03-21 16:06:00 by sdl in The Security Development Lifecycle
 
...require some small updates to either our installer or theirs. So we met with the team that owns the giblet in question to try to divvy up the work, and to avoid schedule disruptions on either side There was a lot of back and forth about various things to try, and we continued to refine a solution until we had reduced the problem to a single...