Webappsec->General
Five Concerns Surrounding Pinterest
May 10, 2012 Added by:Allan Pratt, MBA
At the current time, there are no privacy or security settings similar to Facebook or Google Plus, and boards cannot be made private, similar to customized Facebook lists or customized Google Plus circles. The bottom line is that anyone with Internet access can view your boards...
Comments (3)
Webinar: Keeping Your Open Source Software Secure
May 09, 2012 Added by:Infosec Island Admin
Understand why collaboration is invaluable in keeping proprietary systems secure. Learn how to share private information in public forums without harming your organization. Identify what tools are available to your organization for collaboration, notification, and knowledge-sharing...
Comments (0)
What’s Going Right with Your Secure Development Efforts?
May 04, 2012 Added by:Fergal Glynn
Security professionals place developer’s code under a microscope and highlight each and every flaw, so you can appreciate why there may be some tension. Testing of code only offers assessments of what they did wrong. Can we apply a different lens while having this conversation?
Comments (0)
Try Application White Listing to Mitigate Malware
May 03, 2012 Added by:Paul Paget
Unless you run a network that has no Internet connection and a “no disks” policy, the only way to against malware is to employ application white listing, which protects the software that controls the behavior of your computers. If the software is not on the white list, it won’t run...
Comments (2)
Online Banking vs. Mobile Banking
May 03, 2012 Added by:Robert Siciliano
Mobile banking can offer additional security by enabling text-backs, as a second form of authentication. If you use your smartphone to access your bank’s website directly, it may recognize that you are using a mobile browser and automatically offer you a dedicated application...
Comments (1)
Applications Targeting Apple Products
May 03, 2012 Added by:Joel Harding
When I was told of a new mobile application distribution system which avoids Apple's scrutiny, my alarm antennas began quivering. Now combine this with who is doing it - Russian developers - and I get an even more dreadful feeling in the pit of my stomach...
Comments (0)
Symantec Internet Security Threat Report Summary
May 01, 2012 Added by:Headlines
"In addition to the 81% surge in attacks, the number of unique malware variants also increased by 41% and the number of Web attacks blocked per day also increased dramatically, by 36%. Greater numbers of more widespread attacks employed advanced techniques..."
Comments (2)
Mobile Applications Shouldn’t Roll Their Own Security
May 01, 2012 Added by:Brent Huston
Many of the applications being designed are being done so by scrappy, product oriented developers. This is not a bad thing for innovation - in fact just the opposite - but it can be a bad thing for safety, privacy and security...
Comments (0)
Google as a Cyber Weapon: New Attack Method Discovered
April 30, 2012 Added by:Pierluigi Paganini
The lesson learned is that it is possible to use Google as a cyber weapon to lauch a powerful "Denial of Money" attack against other platforms. In reality, the service in this case hasn't been interrupted, but the attack has made it extremely expensive to run...
Comments (0)
AppSec Mistakes Companies Make and How to Fix Them
April 24, 2012 Added by:Fergal Glynn
We’re pleased to present responses from an array of security experts including Bill Brenner, Andrew Hay, Jack Daniel and Chris Wysopal. Common themes arose, including the idea of taking AppSec more seriously and committing to a programmatic approach vs. ad hoc manual testing...
Comments (0)
Reflections on Ten years of Software Security
April 21, 2012 Added by:Rafal Los
Given a finite amount of time to write a piece of software with specified features and functionality the security of that code will always take a back seat. At least for the time being.Let's face it, code breaks in strange ways that it's not always easy to understand...
Comments (0)
Adobe Releases Critical Updates Reader and Acrobat
April 12, 2012 Added by:Headlines
Adobe has released critical updates to address multiple vulnerabilities in Adobe Reader X (10.1.2) and earlier versions for Windows and Macintosh, Adobe Reader 9.4.6 and earlier versions for Linux, and Adobe Acrobat X (10.1.2) and earlier versions for Windows and Macintosh...
Comments (0)
The Growing Importance of Protecting Certificate Authorities
April 08, 2012 Added by:Rafal Los
We've seen a few of the largest CAs get compromised and fake certificates end up in the hands of nation-states which wanted to spy on their population. It goes without saying that there are likely more attacks that we've simply either not picked up or were unreported...
Comments (0)
Campaign Targeting Activists Escalates with New Surveillance Malware
April 08, 2012 Added by:Electronic Frontier Foundation
The malware installs a remote administration tool called DarkComet RAT, which can capture webcam activity, disable the notification setting for certain antivirus programs, record key strokes, steal passwords, and more...
Comments (0)
P2P File Sharing Security Concerns for Small Businesses
April 04, 2012 Added by:Robert Siciliano
In my own P2P security research, I have uncovered tax returns, student loan applications, credit reports and Social Security numbers. I’ve found family rosters which include usernames, passwords and Social Security numbers for entire family...
Comments (0)
FTC to Link Do-Not-Track and Big Data Concerns
April 02, 2012 Added by:David Navetta
The FTC sees a greater threat to consumers in third-party data collection because of lack of notice, choice and transparency in the practices of data collectors. But the challenge is understanding where to draw the line between “first party” and “third party” practices...
Comments (0)
- Five Things Your InfoSec Team Should Do in the Next 30 Days
- The Disclosure Debate Continues….. (part 1,453, 769) to be Continued
- The Danger of Mixing Cyber Espionage with Cyber Warfare
- Improving Security by Failing Faster
- BYOD: Should It Be the Wave of the Future?
- Trend Micro Discovers "SafeNet" - a New Targeted Espionage Operation Online
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)