SecurityRatty: tag: resistant

Measuring Vulnerability

2008-04-14 14:31:38 by JonesJ in RiskAnalys.is

...resistant to 90% of the general threat population, and may be resistant to as much as 99%+ of the population This is fine as far as it goes, but it doesnt get us the answer were looking for in most circumstances. Most of the time it isnt enough to know our vulnerability to the general threat population. In most analyses, we want to know what...

Tags: threat capability curve, capability, human capability, human threat capability, describe control strength, control strength, capability curve, threat community capability, control

.. and now - PIN stealing..

2008-06-19 10:38:00 by Random InfoSec Guy in Security Coin

...Resistant Security Modules help in securing the keys. Assuming one cannot gain access to the encryption keys, this leaves only two scenarios for an attacker to gain access to the unencrypted PINs 1. Before the PIN is encrypted by the Tamper Resistant Security Module (an ATM in the case of bank customers). Most criminals have been using fake...

Tags: pin, pin reaches, pin offsets, fake pin pads, atm location, atm, bank pins, atm crime spree, access

Covert channel vulnerabilities in anonymity systems

2007-12-10 10:39:42 by Steven J. Murdoch in Light Blue Touchpaper

...resistant voting systems In the military context, for which multilevel secure systems were designed, covert channels are increasingly eliminated by physical separation of interconnected single-role computers. Prior work on the remaining network covert channels has been solely based on protocol specifications. I examine some protocol...

Tags: covert, covert channel vulnerabilities, vulnerabilities, network covert channels, covert channels, channels, covert channel, anonymity systems, systems

A cryptographic hash function reading guide

2007-11-23 16:01:18 by George Danezis in Light Blue Touchpaper

...resistant hash function. It also presents the basic constructions for such functions from block ciphers (too slow for SHA-3), as well as from dedicated compression functions. Chapter 3 also quickly presents Floyds cycle finding algorithm to find collisions with negligible storage requirements If your curiosity has not been satisfied, the...

Tags: function, hash functions, cryptographic hash functions, functions, functions secure, design, hash function design, compression functions, secure hash function

Criminal Enterprises, Inc

2008-04-02 14:41:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -

...resistant" hosting; [it is clarified that this means: "we ignore ALL complaints about abuse from police, banks, etc Phishing and Child p0rn are NOT OK; the rest (spam, warez, etc) are fine Virtual or dedicated servers 24 hr support via ICQ/email Daily backups Server location: Estonia (!), Hong Kong Free 3 days (for testing Wow! Obviously,...

Tags: spam, daily backups, first-hand encounter, fun pieces, server location, hong kong, child p0rn, support, rest

Software Security Metrics and Commentary on "Metrics Framework" Paper

2007-09-17 20:41:00 by Security Retentive in Security Retentive

...resistant to all of the threats I think are important. The important metric is coverage of all application entry points against this framework. When implemented at the infrastructure level using a package such as Siteminder or Sun Access Manager, auditing configuration files for protected URLs ought to get me good coverage From a testing...

Tags: metrics, software security metrics, metrics framework, metrics miss, design-time metric, design, upstream sdl metrics, application, web application security

ATM Communication - How Secure ?

2008-03-21 12:34:00 by Random InfoSec Guy in Security Coin

...Resistant Security Modules), how PINs should be exchanged between various Financial Institutions (exchange keys between two FIs out-of-band AND under the principles of dual control and then encrypt the keys, how should compromised - no - even "suspect" compromised PINs and Keys that encrypt the PINs be treated (securely delete the key,...

Tags: pin, pin offsets, atm, pin translation, natural pin, key, key management, atm communications, encryption key

SQL injection attack in 'third wave,' says IBM

2008-05-15 00:00:00 by Jon Brodkin in Network World on Security

A SQL injection attack that has affected at least a half-million Web sites has entered a "third wave" that's more resistant than previous versions to traditional security measures

Tags: sql injection attack, traditional security measures, half-million web sites, previous versions, wave, resistant

J-PAKE: From Dining Cryptographers to Jugglers

2008-05-29 20:31:05 by Feng Hao in Light Blue Touchpaper

...resistant against phishing attacks, not to mention that it is PKI-free. Since this protocol is the result of an academic research project, we didnt and have no intention to patent it. As explained in the paper , J-PAKE even has technical advantages over the patented EKE and SPEKE in terms of security, with comparable efficiency. It has been...

Tags: pake, past pake solutions, pake research, j-pake protocol, j-pake, protocol, protocol design inherits, security, practical security

Windows Admin Goodies From Microsoft

2008-06-02 18:03:05 by Editor in Cheap Hack

Your name:
Your email:
Describe a problem:
AntiSPAM Validation:

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo