SEARCH RESULTS
 
Showing 1-10 of 30 records
 
Expand article

PrincipalPermissionAttribute and Static ctor Leads to DoS

2007-12-03 09:03:00 by Keith Brown in Security Briefs
 
I recently heard a colleague lamenting that he was having difficulty using PrincipalPermissionAttribute at the class level in a certain scenario under WCF. I recommended caution in my guidebook , because of the nasty type load exception that you can run into if the first request to the class is denied by the attribute Be careful about using this...
 
Tags: class sensitive, sensitive, class, class level, static constructor, inside static constructor, class program, static constructor leads, static void
 
 
 
 
Expand article

Is there a "silver bullet" to IT Compliance Management?

The Article has images
2007-12-06 13:12:00 by Ryan Shopp in practical risk management
Is there a "silver bullet" to IT Compliance Management by: Ryan Shopp A few times I've found myself getting confused or having trouble explaining the relationships between policies, standards, controls, audits, etc when answering questions about IT Compliance & Risk Management? I came across a great two part thread in my blog reader that...
 
Tags: compliance, compliance management, silver bullet, compliance institute, standards, numerous standards organizations, compliance close, controls, compliance requirements
 
 
 
 
Expand article

A Blast from the Past: CEP at Stanford,1998-2003

2008-07-07 19:20:21 by Tim Bass in The Complex Event Processing Blog
 
Courtesy of Complex Event Processing at Stanford Complex event processing (CEP) is a new technology. It can be applied to extracting and analyzing information from any kind of distributed message-based system. It is developed from the Rapide concepts of (1) causal event modeling, (2) event patterns and pattern matching, and (3) event pattern...
 
Tags: architectural event types, event, event pattern maps, event types, event aggregation, event patterns, complex event, event based, hierarchical event
 
 
 
 
Expand article

My QA = TA Post Sparked a Debate

2007-02-16 09:20:00 by Jomni in Risk Management Quant
 
I knew this was coming. Posting a link to my previous blog entry in a quants forum sparked a heated debate. See what very intelligent people has to say about the merits of quantitative analysis and technical analysis. Some even pointed out that TA has more realistic models than QA Link to the QA vs. TA thread Tags: quant technical analysis...
 
Tags: previous blog entry, link, quantitative analysis, realistic models, quants forum, technical analysis, intelligent people, tags, thread
 
 
 
 
Expand article

Security is Everybody's Job

2007-09-18 00:00:00 by Jamie Barnett in Speaking of Security, the RSA Blog and Podcast
 
It was blasphemy at the time. At the 2007 RSA Conference in San Francisco, our President, Art Coviello, made the claim that the standalone security market was not long for this world. Some in the audience must have thought he was Looney Tunes, making a claim like that at a longtime venue dedicated to all things security. In my role driving...
 
Tags: security, standalone security market, job, information infrastructure products, storage professionals regularly, s-job, looney tunes, art coviello, emc products
 
 
 
 
Expand article

Book Review: The Pragmatic CSO

2008-01-02 15:24:45 by RSnake in ha.ckers.org web application security lab
 
When I saw Mike Rothmans name on the San Diego ISSA meeting speaker list, I tried to be the first person in the room. Yes, there were more technical talks I could have attended, but why would I want to? If you have never seen or talked to Mike, he is gruff, funny, and knowledgeable about security. I consider Mike to be a friend, so it wasnt a...
 
Tags: book, book mike, technical book, security community, security, security business, mike, mike rothman, mike rothmans
 
 
 
 
Expand article

Diminutive XSS Worm Replication Contest

2008-01-04 16:28:08 by RSnake in ha.ckers.org web application security lab
 
For those of you who are familiar with the RSA diminutive munitions project from ages ago, back when it was illegal to export certain crypto systems , and the diminutive PERL contests Ive enacted a similar contest to write a diminutive self replicating XSS worm (with a non-dangerous payload The diminutive XSS worm replication contest is a week...
 
Tags: xss worm, propagation, worm propagation issues, code, diminutive, live worm code, xss worm propagation, winners code, diminutive perl contests
 
 
 
 
Expand article

Lookit What Network Solutions Registered

2008-01-14 22:17:56 by Editor in Cheap Hack
 
Categories: Domain Name Market Body: One of the more amusing discussions of the Network Solutions front-running scandal is the comment thread to this blog post on domaintools.com . Users have started a contest to see what offensive and denigrating domain names they can trick NetSol into registering by searching for them. Consider these...
 
Tags: network solutions, domain, domain names, trick netsol, lawyers busy, comment thread, blog post, market body, users
 
 
 
 
Expand article

My Open Wireless Network

2008-01-15 03:33:22 by schneier in Schneier on Security
 
Whenever I talk or write about my own security setup, the one thing that surprises people -- and attracts the most criticism -- is the fact that I run an open wireless network at home. There's no password. There's no encryption. Anyone with wireless capability who can see my network can use it to access the internet To me, it's basic politeness....
 
Tags: wireless network, network, fon wireless network, public, public network, computer, computer security, wireless security, wireless security protocol
 
 
 
 
Expand article

My Open Wireless Network

2008-01-15 03:33:22 by schneier in Schneier on Security