General


From the Web

HTTP Strict Transport Security

October 06, 2010 from: Mozilla Security Blog

A while ago, we talked about Force-TLS that lets sites say “hey, only access me over HTTPS in the future” and the browser listens. Well, this idea has been solidifed into a draft spec for HTTP Strict Transport Security (HSTS) and we’ve landed support for it into our source tree. This means that HSTS will be shipped with Firefox 4, and will be deployed as soon as the next beta release.

Comments  (0)


From the Web

Prior Knowledge Of Users Cert Warning Behavior

September 02, 2010 from: Rsnake's blog at ha.ckers.org

One of the issues Josh and I talked about at Blackhat was how the SSL certificate warning message can be used to gain information about a user’s behavior and how that can be used against the user. Let’s say a man in the middle causes an error via proxying a well-known owner/subsidiary.

Comments  (0)


From the Web

Some Possible Insights into Geo-Economics of Security

July 21, 2010 from: Rsnake's blog at ha.ckers.org

Buying a certificate to allow for transport security is a good idea if you’re worried about man in the middle attacks. But when you’re in another country where the cost of running your website is a significant investment compared to the United States, suddenly the fees associated with the risks are totally lopsided...

Comments  (0)


From the Web

Analyst Study Shows Employees Continue to Put Data at Risk

March 10, 2010 from: Office of Inadequate Security

...the results from the annual "Human Factor in Laptop Encryption" study performed by Absolute Software and the Ponemon Institute reveal some very interesting metrics about the use/adoption of encryption software and the risk posed to businesses from the loss of unencrypted media.

Comments  (1)


From the Web

Taken to the Cleaners

January 20, 2010 from: Office of Inadequate Security

Earlier this month, CSO reported on a worldwide recall on several hardware-encrypted USB sticks from multiple vendors because they contain a flaw which could allow hackers to easily gain access to the sensitive information contained on the device. With the quality of security questionable in many USB drives, it would stand to reason that losing any stick carrying sensitive information now carries ...

Comments  (0)


From the Web

Code That Protects Most Cellphone Calls Is Divulged

December 28, 2009 from: Office of Inadequate Security

A German computer engineer said Monday that he had deciphered and published the secret code used to encrypt most of the world’s digital mobile phone calls, in what he called an attempt to expose weaknesses in the security of the world’s wireless systems.

Comments  (0)


From the Web

Highmark changes it procedures in wake of BCBS breach

October 07, 2009 from: Office of Inadequate Security

that their Social Security numbers or tax ID numbers were on the stolen laptop containing their unencrypted data. A BCBS employee had reportedly breached policy by downloading the unencrypted database to a personal computer that was later stolen from the employee’s vehicle.

Comments  (0)


From the Web

Royal Bank glitch allowed Visa customers to view others’ transactions

October 03, 2009 from: Office of Inadequate Security

The Royal Bank says it has fixed a computer security glitch that allowed some of its West Coast Visa customers to view transactions made by other cardholders.

Comments  (0)


From the Web

Digital Direct reports breach

September 05, 2009 from: Office of Inadequate Security

Chris Cooper of Bloomberg.com reports that Digital Direct, Inc., a unit of Mitsubishi Corp., had a breach of their e-commerce web site that resulted in the compromise of 52,000 customers’ credit card numbers.

Comments  (0)


From the Web

TJX settles banks’ lawsuit

September 02, 2009 from: Office of Inadequate Security

The Associated Press reports that TJX has settled TJX said it has paid $525,000 to settle claims by some banks about costs they incurred as a result of the retailer’s massive data breach. Other banks — AmeriFirst Bank, HarborOne Credit Union, SELCO Community Cre...

Comments  (0)


From the Web

U. Vermont announces credit card breach

September 02, 2009 from: Office of Inadequate Security

Unversity of Vermont recently discovered that the security of up to 242 university-funded credit cards has been compromised. Ann Naylor of UVM Procurement services said in a statement that UVM is unaware of how the breach occured.

Comments  (0)


From the Web

Biggest Breaches of 2009

August 28, 2009 from: Office of Inadequate Security

Linda McGlasson of BankInfoSecurity.com provides an analysis and commentary, based on ITRC’s statistics for this year.

Comments  (0)


From the Web

Gonzalez pleads guilty, sentenced to 15-25 years

August 28, 2009 from: Office of Inadequate Security

Under a plea agreement with federal prosecutors filed in Boston on Friday, Albert Gonzalez would serve a sentence of 15 to 25 years after pleading guilty to a 19-count indictment. He would also forfeit some $2.8 million in cash, a Miami condo, a car and expensive frakelry.

Comments  (0)


From the Web

School district hiding behind a criminal investigation - parent

August 26, 2009 from: Office of Inadequate Security

On the principle of “no good deed goes unpunished,” some of those who have discovered and reported breaches have been terminated or prosecuted for their actions...

Comments  (0)


From the Web

Google Safe-Browsing and Chrome Privacy Leak

August 24, 2009 from: Rsnake's blog at ha.ckers.org

Some more advice from Robert "RSnake" Hansen on why you shoulld be careful if using Google's Chrome browser.

Comments  (0)


From the Web

‘One Tree Hill’ actor admits role in ID scam

August 21, 2009 from: Office of Inadequate Security

Actor Antwon Tanner, a regular on the popular teen drama “One Tree Hill,” faces up to 10 years in jail after pleading guilty in Brooklyn federal court today to illegally selling Social Security numbers for $10,000.

Comments  (0)


« First < Previous   | 1 - 2 - 3 |   Next > Last »