SEARCH RESULTS
 
Showing 1-10 of 214 records
 
Expand article

Thumbscrew: Software USB Write Blocker

2007-10-17 01:25:03 by Editor in Irongeek's Security Site
 
New Script: Thumbscrew: Software USB Write Blocker Thumbscrew is my attempt at a poor man's USB write blocker. When used, it allows you to quickly enable or disable writing to all USB mass storage devices on your Windows system. It may be of use to some of you who are studying forensics
 
Tags: usb, software usb, thumbscrew, blocker, quickly enable, windows system, script, forensics, attempt
 
 
 
 
Expand article

Louisville InfoSec Conference Write-up

2007-10-23 20:42:51 by Editor in Irongeek's Security Site
 
Just a quick write-up of my experiences at the event
 
Tags: quick write-up, experiences, event
 
 
 
 
Expand article

We can't write secure code

2008-05-16 07:00:00 by Stuart King in Stuart King's Security and Risk Management Blog
 
David Lacey makes the important point that writing secure software is "not just about cutting secure code or developing better testing tools. We need to get things right much earlier in the development process." It's a subject I've been harping on about for some time, with many references to excellent resources such as OWASP , and great leaders...
 
Tags: code, secure, code secure, secure code, secure software, security, security holes, security requirements, security patches
 
 
 
 
Expand article

NSA Posts Secrets to Writing Secure Code - Write at 13 LOC Per Day

2008-10-21 07:09:47 by mcurphey in Mark Curphey - SecurityBuddha.com
 
The National Security Agency has released a case study showing how to cost-effectively develop code with zero defects. If adopted widely, the practices advocated in the case study could help make commercial software programs more reliable and less vulnerable to attack, the researchers of the project conclude. The case study is the write-up of an...
 
Tags: commercial software programs, study, national security agency, project conclude, develop code, widely, attack, defects, researchers
 
 
 
 
Expand article

Online Finance Flaw: TIAA-CREF XSS & Potential CSRF

The Article has images
2008-12-03 09:42:00 by Russ McRee in HolisticInfoSec.org
Before discussing a TIAA-CREF security flaw, allow me to clarify my "terms of engagement Prior to offering analysis of any security flaws in online financial services, be assured I have engaged the service provider and offered what I believe to a reasonable amount of time to remedy this issue. Specifically, a minimum of two weeks and three...
 
Tags: tiaa-cref, site, cross-site, tiaa-cref site, tiaa-cref security flaw, flaw, tiaa-cref security page, security page, cross site
 
 
 
 
Expand article

Ted Kennedy: a lifetime of achievement, regrets of a world that could have been

The Article has embedded video
2008-05-21 00:04:43 by HASH0x8b0b1b8 in StillSecure, After All These Years
 
I usually stay away from politics on my blog. As I have said before, it is my blog and I can write what I want, but politics usually is just to controversial for me to write on. Upon hearing the terrible news about Ted Kennedy's malignant brain tumor, I was moved to write something, than thought twice about it and thought yet again. However, Ted...
 
Tags: ted kennedy, kennedy, remember ted kennedy, ted, john kennedy, bobby kennedy, bobby, bobby shortly, remember
 
 
 
 
Expand article

Fuzz Testing at Microsoft and the Triage Process

2007-09-20 18:52:00 by sdl in The Security Development Lifecycle
 
Scott Lambert here. I work on the Security Engineering Tools team where we're responsible for researching, developing and publishing tools to internal product and service teams. These include fuzzing, binary analysis and attack surface analysis tools Previously, James Whittaker posted a blog entry on Testing in the SDL in which he mentioned that...
 
Tags: chance exceptions, exceptions, exception handler, exception, divide-by-zero exception, exception code, triage process, process, first-chance exceptions
 
 
 
 
Expand article

Logs: Parsing, Tokenizing or Extracting?

2008-03-11 01:54:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -
 
As you know, I have long been on a quest to save the world from having to write long and ugly regular expressions (regexes) for log analysis. Back in 2005 ( post , big discussion that ensued ) and later in 2007 ( post , another big discussion that again ensued ), I have tried to poll people for approaches that convert logs into useful...
 
Tags: logs, log analyst, log, convert logs, log management, diverse log sources, text logs, log analysis, bad logs
 
 
 
 
Expand article

10 Myths About Life As An IT Security Professional

The Article has images
2008-04-25 23:08:41 by Craig Balding in Security Wannabe
When you picture the future, what do you see yourself doing? If you find the subject of IT security fascinating, you may be considering a career as an IT Security Professional. To help you decide, here are 10 myths about life as an IT Security Professional IT Security is basically about Passwords and Anti-virus . This is completely untrue. You...
 
Tags: security, company security policy, security policy, technical security skills, technical security, policy, security professional, platform specific security, cool