SEARCH RESULTS
 
Showing 1-10 of 54 records
 
Expand article

Injecting IFRAMEs by Abusing Input Validation

The Article has images
2008-03-07 15:53:50 by HASH0x8bac8b8 in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...validation checks applied so loadable IFRAMEs can no longer load or be accepted at all, despite that the injected pages are still indexed by search engines. A malicious campaign targeting high profile sites that went online and got taken care of for some 48 hours, that's good How was the IFRAME injection possible at the first place? OWASP...
 
Tags: input validation, input validation checks, plan input validation, input, input validation refers, input validation flaw, iframes, iframe, iframe attack
 
 
 
 
Expand article

Model Validation - Not Just for Quants

2006-12-26 05:10:00 by Jomni in Risk Management Quant
 
...validation is not a purely quantitative endeavor. Below is a quote from the article Model validation is often thought of as a rather technical and mathematical exercise. However, bank losses from model risk are often caused by poor governance of the wider modeling process, or by a poor understanding of the assumptions and limitations...
 
Tags: model validation, bank, senior bank executives, compliance, regulatory compliance reasons, purely quantitative endeavor, bank losses, poor, article recently
 
 
 
 
Expand article

Extended Validation SSL Certificates

2008-05-16 13:00:00 by Editor in Computerworld Security News
 
Source: Thawte) Extended Validation SSL delivers the acknowledged industry standard for the highest level of online identity assurance processes for SSL certificate issuance. Find out how the EV standard increases the visibility of authentication status through the use of a green address bar in the latest high security web browsers
 
Tags: ssl, validation ssl delivers, security web browsers, address bar, authentication status, industry standard, standard increases, source, visibility
 
 
 
 
Expand article

AIB technical problem discloses details of bank transfers

The Article has images
2007-11-28 17:08:26 by Evan Francen in The Breach Blog
...validation Customers of the bank who either received or transferred an international payment between November 13th and 15th are affected by the error Those who received the notices were wrongly provided with details relating to someone else's transaction. As a result, they were incorrectly told the transaction related to their account...
 
Tags: bank, account, bank account details, aib bank, bank account, aib, details, wrong customers, customers
 
 
 
 
Expand article

The New Threat Modeling Process

The Article has images
2007-10-02 01:15:35 by sdl in The Security Development Lifecycle
...validation. The first is within each stage, the second is a validation pass at the end of the process. That end of process validation entails a. Make sure that the diagrams are up-to-date and accurate b. Ensure that you have STRIDE threats per data flow that crosses a trust boundary, and for each element that such a trust boundary connects...
 
Tags: process, threat, process validation entails, threat model, software process diagram, people, people trust boundaries, love threat, hamster wheel
 
 
 
 
Expand article

Wired.com and History.com Getting RBN-ed

The Article has images
2008-03-10 14:20:33 by HASH0x8aeaaa0 in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...validation the IFRAME injection entirely relies on the lack of input validation within their search engines, making executable code possible to submit and therefore automatically execute upon accessing the cached page with a popular search query many other domains have been introduced within the IFRAMEs, a complete list of which you can...
 
Tags: malware, vbs malware, malware attack, rbn, media malware gang, iframe injection attack, iframe injection, malware research, high-profile sites
 
 
 
 
Expand article

More trustworthy election systems via SDL?

2008-02-04 23:34:00 by sdl in The Security Development Lifecycle
 
...Validation Program (CMVP) who validates cryptographic modules meet Federal Information Processing Standards (FIPS) . Most application developers are not cryptographers and hence are unlikely to encode crypto algorithms correctly. The SDL requires the use of standard crypto functions and outlines requirements on algorithm selection, key length...
 
Tags: machine security concerns, security concerns, election systems, election, security, security researchers, election systems margin, margin, election management system
 
 
 
 
Expand article

SDL and Web 2.0

2008-02-28 22:26:00 by sdl in The Security Development Lifecycle
 
...validation (making sure that user input conforms to a known good format in the case of the wiki entry, to deny HTML and script content) and output encoding (making sure that any active content that gets past the input validation routines is rendered as harmless text and not executed). Internally, we also mandate the use of code analysis tools...
 
Tags: web, site, chriss web site, mashups, web mashups, site cookies, persistent cross-site, cookies, benefit anyones web
 
 
 
 
Expand article

PR Storm - Mass iFRAME Injectable Attacks

The Article has images
2008-03-17 17:54:21 by HASH0x8b5dc70 in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...validation, a good example of tactical warfare combing two different attack tactics, blackhat SEO for traffic acquisition and abusing input validation for injecting iFRAMES, and abusing the sites' search engine optimization practices of storing the now input violated pages. Meanwhile, Iftach Amit at Finjan points out that as it looks like we...
 
Tags: massive iframe attack, iframe attack, attack, attack vector, attack tactics, domains, malicious domains, malicious, sites