SEARCH RESULTS
 
Showing 1-10 of 80 records
 
Expand article

New TSA ID Requirement

2008-06-11 13:42:19 by schneier in Schneier on Security
 
...requirement : Beginning Saturday, June 21, 2008 passengers that willfully refuse to provide identification at security checkpoint will be denied access to the secure area of airports. This change will apply exclusively to individuals that simply refuse to provide any identification or assist transportation security officers in ascertaining...
 
Tags: passengers, affect passengers, officers, requirement, refuse, provide identification, cooperative passengers, law enforcement officers, provide
 
 
 
 
Expand article

Vote but Verify

2007-09-07 19:56:11 by Liudvikas Bukys in Liudvikas Bukys
 
...requirement of a voter-verified durable paper ballot as a small-minded banning of an attractive future of modern networked reliable electronic voting machines. I could not resist posting my disagreement into the comments on his blog, and perhaps I am going to convince him, as he edited out my most provocative snide political shots and left in...
 
Tags: all-electronic systems, systems, all-electronic, paper audit trail, all-electronic paperless approaches, security geek consensus, research topic, consensus, nist
 
 
 
 
Expand article

Recent Symantec and IBM vulnerabilities, giblets, banned APIs and the SDL

2008-01-04 23:37:00 by sdl in The Security Development Lifecycle
 
...requirements have significantly helped reduce the number of parsing-related vulnerabilities in our products As I mentioned, the vulnerabilities are not in Symantec code; they are in dependencies, in DLLs provided by another company. The SDL refers to these as "giblets," a term coined by Steve Lipner, a Senior Director at Microsoft and my...
 
Tags: linker sdl requirements, sdl requirements, ibm, sdl, requirements, symantec, bugs affect ibm, bugs, sdl refers
 
 
 
 
Expand article

Phishing Holes

2008-04-03 21:39:00 by sdl in The Security Development Lifecycle
 
...requirement for the next version of the SDL that will help prevent these vulnerabilities. At the heart of this requirement is a new library weve adapted from the Windows Live Spaces team called SafeRedirect SafeRedirect is an alternative to the ASP.NET method System.Web.HttpResponse.Redirect (hence forth referred to as Response.Redirect)....
 
Tags: somebank, domain somebank, somebank rewrites, aspx, aspx redirects, redirect, saferedirect library, comwelcome, library
 
 
 
 
Expand article

SDL and "End to End Trust"

2008-04-17 00:15:00 by sdl in The Security Development Lifecycle
 
...requirement necessary for speech recognition. Yet, its also insufficient to realize the broader vision Some of you reading may be thinking But wait Eric, this is a security blog so why are you rambling on about your former roles working on speech recognition? Well, there is an analogy Im trying to draw. The point Ive been leading up to is...
 
Tags: trust, broader, broader discussion, trust portal, technology, technology progress, broader vision, speech recognition, computer speech recognition
 
 
 
 
Expand article

Why PCI DSS is doomed.

The Article has images
2008-05-12 10:50:00 by Russ McRee in HolisticInfoSec.org
...Requirement 6.6 is to prevent exploitation of common vulnerabilities (such as those listed in Requirement 6.5), several possible solutions may be considered. They are dynamic and pro-active, requiring the specific initiation of a manual or automated process. Properly implemented, one or more of these four alternatives could meet the intent of...
 
Tags: safe, mcafee hacker safe, mcafee, mcafee secure, code, insert code, insert, web site, mcafee delivers
 
 
 
 
Expand article

Security Certification Rules Could Shake Up IT Mgmt

The Article has images
2008-06-26 12:33:17 by Dave Lewis in Liquidmatrix Security Digest
...requirements for professional certification for IT workers Hmm From GCN This is a change we have not faced in the IT security industry before, he added The closest parallel has been in the Defense Department, which anticipated OMBs reaction in this area. DODs Directive 8570 on information assurance, approved in December 2005, requires all of...
 
Tags: cissp cert, cissp, cissp certification requires, requires, market, security manpower market, giant monkey wrench, dod requirement, establish minimum requirements
 
 
 
 
Expand article

Reader Poll: Do you think ISO?

2008-07-21 00:00:00 by Dave Howell in Speaking of Security, the RSA Blog and Podcast
 
...requirement in a silo, and therefore attacking each related security requirement in isolation, it would be better to ensure that the organization is looking more horizontally at the types of security controls that must be enacted in the context of all the requirements that must be met
 
Tags: compliance program, requirement, common control framework, security requirement, compliance, significantly reduce costs, security controls, weeks ago, combination
 
 
 
 
Expand article

Improve Security with "A Layer of Hurt"

2008-07-31 19:13:00 by sdl in The Security Development Lifecycle
 
...requirement, but the idea in this blog post is not an SDL requirement, it's just another way to help meet SDL fuzzing requirements Adding a layer of hurt, as shown in the picture below, is pretty simple as it involves adding code to an application to tweak data as it comes into an application. You can work out where to place the fuzzing code...
 
Tags: layer, code layer, code, decent code coverage, fuzz, void fuzz, ifdef fuzz, code examples, perform fuzz
 
 
 
 
Expand article

My LA Times Op Ed on Photo ID Checks at Airport

2008-09-01 05:15:41 by schneier in Schneier on Security
 
...requirement is a joke. Anyone on the no-fly list can easily fly whenever he wants. Even worse, the whole concept of matching passenger names against a list of bad guys has negligible security value How to fly, even if you are on the no-fly list: Buy a ticket in some innocent person's name. At home, before your flight, check in online and...
 
Tags: list, no-fly list, airport, security, security hole, transportation security administration, photo, ids, matches ids