SEARCH RESULTS
 
Showing 1-10 of 73 records
 
Expand article

Cyber Jihadist Hacking Teams

The Article has images
2007-12-17 20:03:29 by HASH0x847073c in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...teams, and the lone gunmen cyber jihadists in this post are : Osama Bin Laden's Hacking Crew , Ansar AL-Jihad Hackers Team , HaCKErS aLAnSaR , The Designer - Islamic HaCKEr and Alansar Fantom . None of these are known to have any kind of direct relationships with terrorist groups, therefore they should be considered as terrorist sympathizers...
 
Tags: anti-islamic web sites, islamic web sites, web, jihad, electronic jihad program, campaign, electrnic jihad campaign, web sites, cyber jihad
 
 
 
 
Expand article

More trustworthy election systems via SDL?

2008-02-04 23:34:00 by sdl in The Security Development Lifecycle
 
...teams, and weve studied these reports to see the perceptions of development practices from other vendors and results of a different type of review process Something my colleagues and I find very interesting is that many of the vulnerabilities noted in these reports could have been prevented by following the requirements in Microsofts Security...
 
Tags: machine security concerns, security concerns, election systems, election, security, security researchers, election systems margin, margin, election management system
 
 
 
 
Expand article

How Secure is Secure?

2008-05-08 16:46:00 by sdl in The Security Development Lifecycle
 
...teams compliance with SDL requirements offers some interesting fodder for the security metrics debate. Im not offering a complete solution, but am sharing our experience at Microsoft with measuring how development teams actually follow the SDL. Its helped us deliver more secure software, and sharing this will hopefully help others as well as...
 
Tags: security metrics, software security metrics, implementation vulnerabilities, potential implementation vulnerabilities, metrics, secure, software, discretionary security protection, security protection
 
 
 
 
Expand article

Fuzz Testing at Microsoft and the Triage Process

2007-09-20 18:52:00 by sdl in The Security Development Lifecycle
 
...teams. These include fuzzing, binary analysis and attack surface analysis tools Previously, James Whittaker posted a blog entry on Testing in the SDL in which he mentioned that many folks equate fuzz testing with security testing. While fuzz testing doesn't come close to describing how security testing is done at Microsoft it does happen to...
 
Tags: chance exceptions, exceptions, exception handler, exception, divide-by-zero exception, exception code, triage process, process, first-chance exceptions
 
 
 
 
Expand article

SDL and the OWASP Top Ten

2008-05-01 15:46:00 by sdl in The Security Development Lifecycle
 
...teams use to defend against XSS attacks. (As Ive written here before, some of these tools are Microsoft-internal, but some are publicly available ; I highly recommend that you use the ones you can We also have guidance for preventing SQL Injection attacks, the most common form of injection flaws (#2 on the list). In a nutshell, our...
 
Tags: security, web application security, top, security standpoint, list, previous list, agile development teams, development teams, security researcher
 
 
 
 
Expand article

NSA Attacks West Point! Relax, It's a Cyberwar Game

2008-05-10 01:00:00 by David Axe in Wired Security
 
...teams thorough preparation and their excellent teamwork despite the round-the-clock schedule At the network control room on the second floor of West Points 200-year-old engineering building (which once was an indoor horse corral and still smells like it in some remote corners, according to one instructor), the IT team set up cots and, just...
 
Tags: army university, army, custom-built networks, networks, nsa, army cadets, west, cadets, network
 
 
 
 
Expand article

StubHub millionaires?

2008-07-03 01:08:05 by HASH0x8b4fb1c in StillSecure, After All These Years
 
...teams, sports and cities and than uses outlets like StubHub and others to sell these tickets. The guy I spoke to today had season tickets to 6 different NFL teams, 3 major league baseball teams and multiple basketball and hockey teams. Many of his tickets are sold months and weeks before the event. If any are left within 14 days of the event...
 
Tags: tickets, yankee season tickets, buys season tickets, ticket, ticket agent, season, ticket sales, season ticket holder, extra tickets
 
 
 
 
Expand article

StubHub millionaires?

2008-07-03 02:07:37 by ashimmy in StillSecure, After All These Years
 
...teams, sports and cities and than uses outlets like StubHub and others to sell these tickets. The guy I spoke to today had season tickets to 6 different NFL teams, 3 major league baseball teams and multiple basketball and hockey teams. Many of his tickets are sold months and weeks before the event. If any are left within 14 days of the event...
 
Tags: tickets, yankee season tickets, buys season tickets, ticket, ticket agent, season, ticket sales, season ticket holder, extra tickets
 
 
 
 
Expand article

The Trouble with Threat Modeling

2007-09-26 19:11:00 by sdl in The Security Development Lifecycle
 
...teams analyze the security of their designs by threat modeling. So Im very concerned about how well we threat model, and how to help folks I work with do it better. Id like to start that by talking about some of the things that make the design analysis process difficult, then what weve done to address those things. As each team starts a new...
 
Tags: threat, threat models, threat model, reasons threat, service threat, term threat, threat effectively, playsound threat model, development process
 
 
 
 
Expand article

The Other Side of Life

2008-03-21 16:06:00 by sdl in The Security Development Lifecycle