SEARCH RESULTS
 
Showing 1-10 of 28 records
 
Expand article

Getting into the Flow With Threat Modeling

The Article has images
2007-10-11 23:25:00 by sdl in The Security Development Lifecycle
Adam Shostack again, with the third in our series on threat modeling. In this post, I want to explain one of the lenses that seemed to help us focus threat modeling, and how Ive applied it The concept of flow originated with Mihaly Csikszentmihalyi. It refers to a state where people are energetically involved with what theyre doing. Seeing this...
 
Tags: threat, people develop skills, people, challenge people, flow, sdl threat, entire threat model, threat model, guide people
 
 
 
 
Expand article

Prediction 1 for 2008 - Facebook hacked

2008-01-23 12:18:00 by Allen Baranov, CISSP in Security Thoughts
 
Ok, finally, here it is For the impatient - Facebook will be hacked. Alternatively, a major Facebook application will be hacked Right...the impatient can go now. The rest - read on Personal note first I decided that my Blog was becoming too important. I have a host of blog posts that are just not quite as well written as I'd like and since...
 
Tags: major facebook application, facebook application, application, facebook, application runs, application developer, application language, facebook information, facebook explosion
 
 
 
 
Expand article

More thoughts on vulnerability

2008-04-07 13:34:01 by JonesJ in RiskAnalys.is
 
A continuation of last weeks post Take a look at the following list and ask yourself which of the following would be labeled vulnerable An eight -character password made up of alpha and numeric characters A six-character password made up solely of alphabetic characters A four-character PIN made up solely of numbers A fourteen-character password...
 
Tags: capable threat agent, threat agent, capable, password, vulnerability, six-character password, vulnerable, -character password, numeric
 
 
 
 
Expand article

Measuring Vulnerability

The Article has images
2008-04-14 14:31:38 by JonesJ in RiskAnalys.is
Third in the series regarding vulnerability Apologies in advance, for the length of this post In a perfect world wed know which specific threat agent was going to act against us and know the capability of that threat agent in absolute terms (e.g., pounds per square inch), as well as know (through testing) what our resistance capabilities are in...
 
Tags: threat capability curve, capability, human capability, human threat capability, describe control strength, control strength, capability curve, threat community capability, control
 
 
 
 
Expand article

268,000 donors exposed through stolen Memorial Blood Centers laptop

The Article has images
2007-12-06 14:09:42 by Evan Francen in The Breach Blog
Technorati Tag: Security Breach Date Reported 12/5/07 Organization Memorial Blood Centers Memorial Blood Centers is a nationally known, locally operated nonprofit community blood center that has supplied blood and blood components to area hospitals for nearly 60 years. Memorial Blood Center operates 10 donor centers at nine Minnesota sites...
 
Tags: donors, blood, security, security cameras, store social security, memorial blood centers, donors social security, breach description, blood components
 
 
 
 
Expand article

Don't Try This At Home

2007-11-05 21:52:28 by sdl in The Security Development Lifecycle
 
No, its not a post on why Adam should never volunteer to do a 12 part series on threat modeling, but rather, why inventing your own mitigations is hard, and why we suggest treading carefully if you need to go there Let me first explain what I mean by mitigations because apparently theres some confusion. We have folks here at Microsoft who call...
 
Tags: mitigations, custom mitigations, security mitigations, innovative mitigations, software projects, software, expert, design, design principles
 
 
 
 
Expand article

Microsoft Certified Systems Engineer (or MCSE), Boot Camp Courses

2007-02-14 22:57:00 by MCSE Boot Camp Courses Delhi India in MCSE Training Courses, MCSE Certification Courses, MCSE Courses Delhi India
 
Microsoft Certified Systems Engineer (or MCSE) certification is the industry's most comprehensive program for maintaining and assessing software-related skill. It makes to qualify a person being able to analyze the business requirements for information systems solutions, and design and implement the infrastructure required Microsoft Certified...
 
Tags: microsoft, systems engineer, computer network infrastructure, infrastructure, microsoft exchange server, network infrastructure, mcse, microsoft sql server, information systems solutions
 
 
 
 
Expand article

Process Doubling

2008-01-27 22:44:57 by RSnake in ha.ckers.org web application security lab
 
I was working on a client a week ago or so and we completely compromised their network. Its a fairly common occurrence during an audit (given there are logistical reasons that make many common techniques off limits). It was mission accomplished for showing the vulnerabilities in the client. However, I started thinking about the firewall egress...
 
Tags: web server, fairly complex set, set, fairly straight forward, egress, fairly easy, fairly common occurrence, easy, firewall egress
 
 
 
 
Expand article

WakeMed Emergency Department laptop goes missing

The Article has images
2008-01-31 01:32:38 by Evan Francen in The Breach Blog
Technorati Tag: Security Breach Date Reported 1/28/08 Organization WakeMed Emergency Department Contractor/Consultant/Branch None Victims Ambulance patients Number Affected As many as 850 Types of Data Names, addresses, and Social Security numbers Breach Description A laptop is missing and presumed stolen from the WakeMed Emergency...
 
Tags: sensitive personal information, information, medical information, download diagnostic information, emergency department, county ambulances, ambulances, laptop, county
 
 
 
 
Expand article

Donor personal information was on Lifeblood stolen laptop

The Article has images
2008-02-14 10:17:22 by Evan Francen in The Breach Blog
Technorati Tag: Security Breach Date Reported 2/13/08 Organization Lifeblood Contractor/Consultant/Branch None Victims Blood donors Number Affected 320,000 Types of Data names, contact information, blood type, gender, ethnicity, and, in some cases, Social Security numbers Breach Description Two laptop computers are lost and presumed...
 
Tags: mobile blood collection, blood, personal information, <