SEARCH RESULTS
 
Showing 1-10 of 92 records
 
Expand article

What If All Vulnerabilities Had This Disclosure Timeline?

2008-02-07 02:08:33 by Chris Wysopal in Zero in a bit
 
...typical disclosure time line. In recent years we have become accustomed to a disclosure time line that goes something like this Typical Timeline Dec 16, 2007: Vendor notified of vulnerability and given exploit code Feb 6, 2008: Public disclosure with details and vendor patch available Feb 7, 2008: Some customers patched We dont know when this...
 
Tags: vulnerability finders, vulnerability, vulnerability exists, heap overflow vulnerability, gleg realplayer vulnerability, gleg customer, customer, gleg, exploit code
 
 
 
 
Expand article

Two stolen Saks Incorporated laptops contained sensitive information

The Article has images
2008-05-11 21:28:38 by Evan Francen in The Breach Blog
...typical in many company breaches covered by the news Evan] I think laptop thefts and losses are more typical that network, website or database breaches The company has drafted a written notice of the breach that it will be sending to the affected individuals imminently Saks takes its customers' privacy very seriously, and we have exercised...
 
Tags: saks, laptops, information, andor saks, company laptops, personal information, breach description, breach, credit card account
 
 
 
 
Expand article

Building a Security Architecture Blueprint

2008-05-16 09:26:55 by Gunnar Peterson in 1 Raindrop
 
...typical enterprise approach to securing the information or even risk management, is rarely strategic. Last year, I wrote a Security Architecture Blueprint paper to describe one framework for putting a strategic context around information security program. The main idea is that instead of starting with security goals (cue the ritual CIA...
 
Tags: security architecture, security architecture blueprint, security, security architecture capabilities, blueprint, information security program, information, post, grc post
 
 
 
 
Expand article

A Data Security Philosophy, According to Sisyphus

2007-08-22 00:00:00 by Chris Parkerson in Speaking of Security, the RSA Blog and Podcast
 
...typical for the issue at hand to remain either largely or completely unsolved, and just as daunting as it had been before. While I don't think we have quite reached a "Sisyphean state" in data security, an RSA survey conducted by Forrester Consulting
 
Tags: sisyphus, data security, time sisyphus, boulder, greek mythology, extremely crafty, rsa survey, completely, remain
 
 
 
 
Expand article

Should Employees Carry So Much of the Heavy Burden of Security?

2007-08-15 00:00:00 by Chris Parkerson in Speaking of Security, the RSA Blog and Podcast
 
...typical response from companies that have suffered these sorts of breaches is: "Our policy prohibits employees from putting unencrypted sensitive company information on laptops, PDAs, and other devices." While you will get no argument from me that this is a good policy, how much of the responsibility for ensuring this policy is followed as...
 
Tags: policy, policy prohibits employees, sensitive company information, internal employees, expect employees, laptops, significant increase, typical response, companies
 
 
 
 
Expand article

Stolen laptops affect 337,000 Davidson County voters

The Article has images
2007-12-29 11:30:26 by Evan Francen in The Breach Blog
...typical reactionary information security. "Immediate changes" are made after the significant loss of confidential information. I assume that there is not a well written or communicated information security policy at Davidson County. If there is, it is obviously not well enforced or supported by procedural, administrative, or technical...
 
Tags: voters, davidson county voters, davidson county, tennessee voters, information technology department, information, voters monitor, sensitive personal information, confidential information
 
 
 
 
Expand article

Password policies. Once again.

2007-09-04 22:14:00 by Steve Riley in Steve Riley on Security
 
...typical cost to an organization to reset locked accounts is US$75 per help desk call. In a medium or large organization, this can become a very high monthly maintenance cost. In nearly all instances, the call results from users locking themselves out (too many vodka tonics on the plane, maybe?), not users encountering locked out accounts...
 
Tags: account, enable account lockout, password, account lockouts, disable account lockout, 42-day default expiration, default, expiration, password expires
 
 
 
 
Expand article

A Diverse Portfolio of Fake Security Software

The Article has images
2007-12-07 15:16:07 by HASH0x89688e0 in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...typical for a Rock Phish kit efficiency vs quality trade off , namely, all the binaries dispersed through the different domains are actually hosted on a single IP, and are identical Who's hosting the malware and what directory structure per campaign do they use It seems as content.onerateld.com ( 87.248.197.26 ) which is hosted at Limelight...
 
Tags: domains portfolio, domains, portfolio, sample domains portfolio, fake security software, software, onerateld, content, exe
 
 
 
 
Expand article

Using Remote Assistance behind a router

2008-01-14 08:24:00 by Keith Brown in Security Briefs
 
...typical "Accept" and "Decline" links. I clicked accept, and after about 10 seconds and a second confirmation from him, I was looking at his screen. Woohoo! Then I clicked "Take Control" and after his confirmation, I was able to control his machine remotely, even though both of us were behind firewall/NAT devices Here's the two pages that were...
 
Tags: remote assistance, remote assistance session, assistance, assume remote assistance, remote assistance faq, router, remote desktop port, remote desktop, computer
 
 
 
 
Expand article

I Should Really Not Touch This ....

2008-01-15 23:50:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -
 
...typical SIEM approach) vs collect and index all logs (like, ahem , "IT search You can see where this one is going, right Yes, Virginia! You do need to do BOTH - and you know who does both? LogLogic About me: http://www.chuvakin.org