SEARCH RESULTS
 
Showing 1-10 of 28 records
 
Expand article

New faces and predictions for the New Year...

2008-01-22 22:11:00 by sdl in The Security Development Lifecycle
 
...solely on cookies for authenticating users - is more of a design flaw and not a simple implementation issue. This makes them tougher to identify and to remove. They can't be mitigated solely through input validation techniques the way that Cross-Site Scripting and SQL injection can As the new web application security guy on the SDL team, it's...
 
Tags: sdl team, team, sdl, sdl blog crew, cve, cve vulnerabilities, microsoft, single prediction, microsoft products
 
 
 
 
Expand article

More thoughts on vulnerability

2008-04-07 13:34:01 by JonesJ in RiskAnalys.is
 
...solely of alphabetic characters A four-character PIN made up solely of numbers A fourteen-character password made up of alpha, numeric, and special characters Actually, there are a couple of rational answers 1) it depends, and 2) all of them, to some degree. As I think about it, maybe these are both the same answer stated from slightly...
 
Tags: capable threat agent, threat agent, capable, password, vulnerability, six-character password, vulnerable, -character password, numeric
 
 
 
 
Expand article

Making Risk Measures Agree with Accounting 100%

2006-12-26 05:27:00 by Jomni in Risk Management Quant
 
...solely by the risk department, even financial controllers use it. This is due to the current trend of making financial reporting reflective of the firm's economic value based on the risks it is taking ( IAS 39 and even Basel II). As a consequence, they expect the results form the risk software to be consistent with accounting results to the...
 
Tags: risk, risk software, software, risk measurement, values, exact market values, exact, exact cent, cent
 
 
 
 
Expand article

ARCO gas pumps targeted by fraudsters

The Article has images
2007-12-27 13:58:30 by Evan Francen in The Breach Blog
...solely on where the information was used, per se. There is a thriving market in fresh stolen credit/debit card data. The compromised information could have been stolen months ago, then recently sold on one of many "carders" forums There seems to be more ARCO gas stations than other gas stations targeted," Glick said. "It's possible a specific...
 
Tags: arco gas pumps, pumps, gas pumps, arco, gas stations, arco gas stations, card, debit card identification, creditdebit card data
 
 
 
 
Expand article

Fatal wine waiters

2007-12-20 18:59:04 by Richard Clayton in Light Blue Touchpaper
 
...solely to host lots of (mainly Google) ads, and thereby make their creators loads of money Well, this one hallwebhosting.com is a little different. I first came across it a few months back when it was clearly still under development, but it seems to have settled down now so that its worth looking at exactly what theyre doing The problem that...
 
Tags: windows server, server, windows, unlike windows, professional web site, server components, site, ntp server misuse, compatibility
 
 
 
 
Expand article

Covert channel vulnerabilities in anonymity systems

2007-12-10 10:39:42 by Steven J. Murdoch in Light Blue Touchpaper
 
...solely based on protocol specifications. I examine some protocol implementations and show how the use of several covert channels can be detected and how channels can be modified to resist detection I show how side channels (unintended information leakage) in anonymity networks may reveal the behaviour of users. While drawing on previous...
 
Tags: covert, covert channel vulnerabilities, vulnerabilities, network covert channels, covert channels, channels, covert channel, anonymity systems, systems
 
 
 
 
Expand article

Cutting through the White Noise

2007-11-09 16:07:55 by Perry Carpenter in Security Renaissance
 
...solely through technical means. So, we again come back to end-user training and awareness. It is imperative that we, as an industry, get a handle on how to better address this in our organizations. Its clear that what most companies are doing is just plain broken Here are my thoughts Engage employees in ways that are relevant to their life as...
 
Tags: data, data breach story, drop malware, story, drop, engage employees, highlights multiple security, salesforce, life
 
 
 
 
Expand article

Just a reminder the free ride is coming to a end.

The Article has images
2008-04-19 15:43:12 by Doug Woodall in The Spyware Biz Blog
...solely bear the responsibility for the loss, and they wont compensate you a dime. A clause has been added to the newly updated Banking Code to make this very clear
 
Tags: online bank account, web safety, remark previously, solely bear, steps, actions, responsibility, antispyware, crime
 
 
 
 
Expand article

Stolen SunGard laptop affects at least 10 post-secondary schools

The Article has images
2008-04-21 14:49:39 by Evan Francen in The Breach Blog
...solely on operating system level passwords Nuts Past Breaches Unknown
 
Tags: information, personal information, store confidential information, university, university system, data custodians apply, data custodians, information security governance, sungard
 
 
 
 
Expand article

Communicating about risk - part 1

The Article has images
2008-05-05 18:12:14 by JonesJ in RiskAnalys.is
...solely by the low threat event frequency. In other words, were not actively managing loss event frequency; were just trusting to luck. If threat event frequency changes (or an event occurs at all), then significant impact will likely occur. An example might be an internal application that handles a significant volume of sensitive consumer...
 
Tags: risk, effective, cost-effective risk management, fragile condition exists, condition, unstable condition, risk qualifiers, risk condition, risk chart perspective