Software
Significance of 'Death of the Document Web' to Security
January 18, 2012 Added by:Rafal Los
Infosec pros just started getting comfy with profiling, analyzing, and defending web-based apps from a server, consumed by a human, and used in a browser. Hang on tight because the world just took a sharp left and if you're not buckled in you're bound to be thrown from the bus...
Comments (2)
Symantec: The Inconvenient Truth Behind the Data Breach
January 17, 2012 Added by:Pierluigi Paganini
Initially, Symantec spokesman Cris Paden said the hackers had stolen only the source code of Symantec Endpoint Protection 11.0 and Symantec AntiVirus 10.2, minimizing the seriousness of the breach. The situation has now changed dramatically...
Comments (0)
Content Raven – High Speed Low Drag
January 10, 2012 Added by:
Security professionals are always struggling to get usage statistics with security products. Content Raven gives you great metrics and analytics out of the box. I can track by user and/or device and /or location what the user has looked at and for how long...
Comments (0)
Some Facts About Carrier IQ
December 19, 2011 Added by:Electronic Frontier Foundation
There is an additional configuration file (called a "Profile") that determines what information is sent from the phone to a carrier. Profiles are programs in a domain-specific filtering language - they are normally written by Carrier IQ to the specifications of a telco or other client...
Comments (0)
Top Ten Mistakes Made By Linux Developers
December 11, 2011 Added by:Danny Lieberman
My colleague, Dr. Joel Isaacson talks about the top ten mistakes made by Linux developers. It’s a great article and great read from one of the top embedded Linux programmers in the world...
Comments (0)
Common Errors in Firewall Configurations
December 06, 2011 Added by:Christopher Rodgers
With the "ANY" port accessible vulnerability, clear text protocols could be used when both a secure and less secure clear text service are running on the same system, and vulnerabilities found for specific services such as SMB could be launched against vulnerable machines...
Comments (0)
Challenges for Software Security Professionals
December 02, 2011 Added by:Rafal Los
So what catches your attention? What conclusions can you draw here that may be insight into how we can improve the state of software security in the enterprise? My eye gets caught on "politics" and TOOLS in big bold letters... then UPHILL and APATHY. Dang, we're a cynical bunch aren't we...
Comments (1)
Free From Defect Software License
November 22, 2011 Added by:Keith Mendoza
This is a question that I would like to pose to the open-source software community: Assuming that we can ignore the lawyers for a second, what amount of effort would you be willing to put to produce software that is free of defect from workmanship? How will you go about making sure?
Comments (2)
Does Software Security Suffer When the Customer is No Longer Master?
November 22, 2011 Added by:Josh Shaul
When you measure the impact on share price, it’s not worth it to build secure software. Buyers are gobbling up the vulnerable stuff as quickly as they can get their hands on it, and the people who pay the price are those whose data is stolen and whose lives are turned upside down in the aftermath...
Comments (2)
The Importance of Software Updating
November 21, 2011 Added by:Emmett Jorgensen
There is software that can scan your network and check for these un-patched systems. The software can report back exactly which software updates are missing, and then use another tool to actually exploit those vulnerabilities. An attacker could take complete control of your computer...
Comments (0)
Registry Analysis with Reglookup
November 10, 2011 Added by:Andrew Case
This tool recovers deleted entries within registry hives, then reports them in a CSV format similar to reglookup. This capability has fairly obvious applications in forensics investigations, and investigators should consider adding reglookup-recover usage to their forensics process...
Comments (0)
The Fine Line Between Software Defects and Features
November 09, 2011 Added by:Rafal Los
When we find a bug in software that has the potential for causing security-related issues, we want to convince the business to fix the issue, remediate the problem that we find. Only thing is, while we see it as a security vulnerability the business sees it as a critical feature...
Comments (1)
Open Source Registry Decoder 1.1 Tool Released
November 02, 2011 Added by:Andrew Case
We are announcing the release of Registry Decoder 1.1, a free and open source tool. We are reaching out to practitioners and research groups (professional and academic) in an attempt to proliferate Registry Decoder. We would appreciate any plugins contributed from these communities...
Comments (0)
Effective Software Security Starts and Ends with Requirements
October 28, 2011 Added by:Rafal Los
Threat modeling software is a delicate art, and often mis-understood enough to cause poor execution. It seems elementary that the best time to impact security in a positive way is during requirements gathering, yet many security professionals continue to ignore that opportunity...
Comments (0)
Gleg releases Ver 1.7 of the SCADA+ Exploit Pack
October 24, 2011 Added by:Joel Langill
On October 20, Gleg released version 1.7 of the SCADA+ Exploit Pack for the Immunity Canvas framework, though this time around, I do not see a lot of unique value in the code updates. Modules of interest in this release represent the bulk of the ICS/SCADA vulnerabilities disclosed in September...
Comments (0)
Analysis of the October 2011 Oracle CPU Database Patches
October 19, 2011 Added by:Alexander Rothacker
Oracle released its October Critical Patch Update with 57 vulnerabilities across multiple products. This low number of patches continues a trend where Oracle appears to be losing focus on database security, probably due to the many new products offerings and acquisitions...
Comments (0)
- Over-Sharing Riskier than Government Snooping
- 20 Critical Security Controls: Control 13 – Boundary Defense
- Redefining Social Networking
- Creating Your Own Privacy & ROI
- Security Intelligence for the Enterprise - Part 1
- Why are Cybercrimes NOT Always White-collar Crimes?
- From the SMB to Security Guru: Five Ways IT Pros Can Manage Security on a Budget
- Balancing Act Between Privacy and Security
- The NSA’s Word Games Explained: How the Government Deceived Congress in the Debate over Surveillance Powers
- NSA Surveillance Is Legal And Not Targeting Average Americans, Says Texas A&M Professor