Blog Posts Tagged with "Mitigation"
Software Security: A Chief Financial Officer’s Perspective
May 15, 2012 Added by:Fergal Glynn
Surprise, you woke up today and found that 10% of the value of your company is gone because confidential customer information was made public. The FTC is knocking on your door asking for a forensic security audit. Your largest investors are calling about the scope of the breach...
Comments (0)
Vulnerabilities: Context Matters
May 14, 2012 Added by:Jack Daniel
You do need to assess how the vulnerability is exposed, what mitigations are in place or even possible, how hard the threat may be to execute against your situation, and whether there is a graceful failure mode if the opportunity turns out to be inopportune...
Comments (0)
Information Security is More than Prevention
May 04, 2012 Added by:Brent Huston
One of the biggest signs that an organization’s infosec program is immature is they have an obsessive focus on prevention and equate it with security through knee-jerk reactions to vulnerabilities, never-ending emergency patching situations and a continual fire-fighting mode...
Comments (0)
On Buffer Overrun Vulnerabilities, Exploits and Attacks
April 19, 2012 Added by:Fergal Glynn
A Buffer overflow is a common software coding mistake. To effectively mitigate the vulnerability, it is important that you first understand what buffer overflows are, what dangers they pose to your applications, and what techniques attackers use to successfully exploit them...
Comments (0)
Oracle Releases Critical Patch Updates for April 2012
April 18, 2012 Added by:Headlines
Oracle has released its Critical Patch Update for April 2012 to address 88 vulnerabilities across multiple products. US-CERT encourages users and administrators to review the April 2012 Critical Patch Update and apply any necessary updates to help mitigate the risks...
Comments (0)
Filling in some Blanks on Network Segmentation Faults
April 18, 2012 Added by:Jack Daniel
A couple of thoughts on the segmentation-for-security concept are worth elaboration: grouping by OS makes sense from a management perspective, but if you do that it won’t stop the aforementioned Bad Things from running wild, so consider how best to segment for your situation...
Comments (0)
Apple Releases Flashback Malware Removal Tool and Patches
April 17, 2012 Added by:Headlines
Apple has released a malware removal tool for the most common variant of the Flashback Trojan, as well as security updates to mitigate the vulnerability exploited by the malware for OS X Lion v10.7.3, OS X Lion Server v10.7.3. Mac OS X v10.6.8 and Mac OS X Server v10.6.8...
Comments (0)
HP Releases ProCurve 5400 zl Switches Security Bulletin
April 13, 2012 Added by:Headlines
"A potential security vulnerability has been identified with certain HP ProCurve 5400 zl switches containing compact flash cards which may be infected with a virus. Reuse of an infected compact flash card in a personal computer could result in a compromise of that system's integrity..."
Comments (0)
Misconceptions about Aurora: Why Isn't More Being Done
April 13, 2012 Added by:Joe Weiss
The 2007 Aurora test at the Idaho National Laboratory demonstrated that if someone can gain access to a controller, the attacker will cause physical damage. As Aurora is a gap in protection of the electric grid, one way to prevent an Aurora attack is by hardware mitigation...
Comments (0)
Beyond the Firewall – Data Loss Prevention
April 06, 2012 Added by:Danny Lieberman
It doesn’t matter how they break into your network or servers – if attackers can’t take out your data, you’ve mitigated the threat. This paper reviews the taxonomies of advanced content flow monitoring that is used to audit activity and protect data inside the network...
Comments (0)
What is Aurora and Why is it a Risk to Grid Reliability?
March 30, 2012 Added by:Joe Weiss
Aurora is a gap in the protection of the electric grid. It is a basic physics property - an out-of-phase condition that cannot be seen by the operator and can NOT be addressed by traditional mitigation. The only means to prevent an Aurora event is by physical hardware mitigation...
Comments (0)
Malicious Exploits: Hitting the Internet Waves with CSRF Part 2
March 28, 2012 Added by:Brent Huston
Using the HTTP specified usage for GET and POST, in which GET requests never have a permanent effect, while good practice is not sufficient to prevent CSRF. Attackers can write JavaScript or ActionScript that invisibly submits a POST from to the target domain...
Comments (0)
Metrics, KPIs and Making Business Sense of Infosec
March 28, 2012 Added by:Rafal Los
Does a 10% increase in IT Security spending really make us 10% safer? I refuse to buy-in to the saying that security is either avoiding cost, or a cost center and nothing more. This is simply untrue in my experiences. Good security is good for business, pure and simple...
Comments (0)
Reflections on a Past Vulnerability, Kind Of...
March 22, 2012 Added by:Brent Huston
I don’t want to dig into the debate about open disclosure and non-disclosure. You may have different opinions about it than I do, and I am perfectly fine with that. I choose this path in vulnerability handling because it makes the world a safer place for all of us...
Comments (0)
Quantifying Risk Reduction with an Unknown Denominator
March 08, 2012 Added by:Rafal Los
The problem that exists with all these risk reduction measurements is that they're impossible to quantify. There is simply no way to say that by doing X you've reduced risk by Y% - at least not when you don't know the total number of issues that exist. And therein lies the problem...
Comments (0)
Adobe Releases Critical Updates for Flash Player Vulnerability
March 06, 2012 Added by:Infosec Island Admin
Adobe has released critical updates for Android, Windows, Linux and Solaris operating systems to mitigate vulnerabilities in the company's Flash Player software that may have allowed attackers to inflict a denial of service or take control of a targeted system...
Comments (0)
- Follow Up to the Out of Band Authentication Post
- Skype Malware Campaign Spreading Poison Ivy Trojan
- I Hope Edo is Worth the Privacy Risk
- Dutch MoD Innovation Competition 2012: CYBER Operations 2.0
- NIST Workshop: The Technical Aspects of Botnets
- Security Automation by Hand - Batch/Bash/FOR
- Who Are You Preaching to Anyway?
- Some Observations on Klout Scores
- Where Will the Buck Stop in Cloud Security?
- How Does Your Bank Protect Your Data?