Information Security


From the Web

Senate Panel Clears Data Breach Bills

November 05, 2009 from: Office of Inadequate Security

The Senate Judiciary Committee Thursday approved two companion bills that would require businesses and government agencies to notify individuals of security breaches involving sensitive personally identifiable information. Both bills go to the Senate for consideration.

Comments  (0)


From the Web

Man charged with developing and distributing cable network hacking tools

November 02, 2009 from: Office of Inadequate Security

Charges were unsealed in federal court in Massachusetts against an Oregon man and the company he founded, TCNISO, alleging that they developed and distributed products that allowed users to modify their cable modems and obtain internet access without paying for it.

Comments  (0)


From the Web

Black Box vs White Box. You are doing it wrong.

October 28, 2009 from: Jeremiah Grossman's Blog

A longstanding debate in Web application security, heck all of application security, is which software testing methodology is the best -- that is -- the best at finding the most vulnerabilities. Is it black box (aka: vulnerability assessment, dynamic testing, run-time analysis) or white box (aka: source code review, static analysis)? Some advocate that a combination of the two will yield the most ...

Comments  (1)


From the Web

Whitehouse Drupal and The Open Source Security Model

October 25, 2009 from: Rsnake's blog at ha.ckers.org

Have you heard the news? The Whitehouse has decided to go open source. They have decided to switch from their own proprietary in-house CMS system to Drupal. You heard me right, Drupal. The same Drupal with 12 pages of vulnerabilities at OSVDB since it’s inception. I’m sure this made the Open Source community jump for joy, but I see this as a big mistake if you take it on face value and...

Comments  (0)


From the Web

Website exposes sensitive details on military personnel

September 08, 2009 from: Office of Inadequate Security

Programming errors on a website that helps commuters carpool to work are exposing sensitive information of workers for hundreds of employers in Southern California, including at least one military installation.

Comments  (2)


From the Web

Email Obfuscation and Spam Robots

September 08, 2009 from: Rsnake's blog at ha.ckers.org

I’ve long been interested in spam and robots that scrape for email addresses. I’ve done tons of work in the space, although I’ve never published any of it. Call it more of a side hobby than anything I really want to go public with - as it is with a lot of my research

Comments  (0)


From the Web

Digital Direct reports breach

September 05, 2009 from: Office of Inadequate Security

Chris Cooper of Bloomberg.com reports that Digital Direct, Inc., a unit of Mitsubishi Corp., had a breach of their e-commerce web site that resulted in the compromise of 52,000 customers’ credit card numbers.

Comments  (0)


From the Web

Helping users keep plugins updated

September 04, 2009 from: Mozilla Security Blog

Starting with the upcoming releases of Firefox 3.5.3 and Firefox 3.0.14, Mozilla will warn users if their version of the popular Adobe Flash Player plugin is out of date. Old versions of plugins can cause crashes and other stability problems, and can also be a significant security risk.

Comments  (0)


From the Web

Best of Application Security (Friday, Sep. 4)

September 04, 2009 from: Jeremiah Grossman's Blog

Ten of Application Security industry's coolest, most interesting, important, and entertaining links from the past week -- in no particular order. Regularly released until year end. Then the Best of Application Security 2009 will be selected!

Comments  (0)


From the Web

Announcement Regarding The October 2009 Critical Patch Update

September 03, 2009 from: The Oracle Global Product Security Blog

Because many Oracle customers with responsibility for deploying the Critical Patch Update within their respective organizations will be attending Oracle OpenWorld on October 11-15, 2009; the October 2009 Critical Patch Update originally scheduled to be published on Tuesday, October 13th 2009, will be released on October 20th 2009.

Comments  (0)


From the Web

Symantec names the 100 “Dirtiest” websites of the summer

August 22, 2009 from: Office of Inadequate Security

In an effort to determine which sites are safe to visit, security, storage and systems management solutions provider Symantec (www.symantec.com) has identified the “Dirtiest websites of Summer 2009,” a list of the 100 most threatening sites that try to deceive visitors, steal their information or crash their computer.

Comments  (0)


From the Web

TNCC computer tech says access now cut off

August 03, 2009 from: Office of Inadequate Security

Last week, the Daily Press reported that a former part-time computer help desk technician at Thomas Nelson Community College claimed that he had been laid off almost three weeks earlier, but that he still had computer access to the records and Social Security numbers of every student in the Virginia Communit...

Comments  (0)


From the Web

New CSS Grammar Fuzzer

July 10, 2009 from: Mozilla Security Blog

Fuzzers are a tool that we’ve found incredibly valuable in the past, and continue to employ heavily. A fuzzer’s job is to make your application fail by feeding it surprising inputs.

Comments  (0)


From the Web

Software Security grew to nearly 500M in 2008

June 23, 2009 from: Jeremiah Grossman's Blog

Gary McGraw (Cigital) published his Software Security annual revenue numbers for 2008. By combining software security tools, Software-as-a-Service providers, and professional services it comes really close to a half billion dollars.

Comments  (1)