Web App Security
From the Web
Federal Data Security Law: ‘Careful What You Wish For’
November 12, 2009 from: Office of Inadequate Security
A federal cybersecurity law edged closer to reality late last week when the Senate Judiciary Committee approved a bill to protect the personal data of Americans. The bill is a bipartisan effort sponsored by Chairman Patrick Leahy, D-Vt., and co-sponsored by former Chairman Orrin Hatch, R-Utah, that would, among other things, force companies and data brokers to institute data privacy and security p...
Comments (0)
Road Map for an Application/Software Security Architect (Part 3)
November 11, 2009 Added by:Stephen Primost
Risk assessments for application software is not a matter of a quick penetration test nor a matter of code reviews at a single point in time. It is a process of moving through the application/solution's Software Development Life Cycle (SDLC) and evaluating the results of the controls that are put in place at each phase. Whether it is waterfall, or agile method, waiting for the end of the final del...
Comments (0)
From the Web
Government accused of ‘cover up’ over lost farmer tapes
November 06, 2009 from: Office of Inadequate Security
The Department of Environment Food and Rural Affairs (Defra) has been accused of a “cover up” after two back-up tapes went missing containing the banking details of around 100,000 farmers.
Comments (0)
From the Web
Senate Panel Clears Data Breach Bills
November 05, 2009 from: Office of Inadequate Security
The Senate Judiciary Committee Thursday approved two companion bills that would require businesses and government agencies to notify individuals of security breaches involving sensitive personally identifiable information. Both bills go to the Senate for consideration.
Comments (0)
From the Web
MA: Williams College laptop stolen; 750 notified
November 05, 2009 from: Office of Inadequate Security
Williams College in Williamstown reports a recent laptop theft. The laptop, which was stolen when an employee left it in a parked car in Boston on October 3, contained the names and Social Security numbers of 750 individuals from 39 states and several foreign countries.
Comments (0)
From the Web
Man charged with developing and distributing cable network hacking tools
November 02, 2009 from: Office of Inadequate Security
Charges were unsealed in federal court in Massachusetts against an Oregon man and the company he founded, TCNISO, alleging that they developed and distributed products that allowed users to modify their cable modems and obtain internet access without paying for it.
Comments (0)
From the Web
Report: Data Breaches Hike Fraud Risk 400%
November 02, 2009 from: Office of Inadequate Security
Because data breaches have become such commonplace incidents, there is concern that people have become desensitized to the potential harm they face upon receiving a notification letter from an organization informing them that sensitive information has been lost or misappropriated.
Comments (0)
From the Web
Judge: FTC Cannot Make Lawyers Comply With Identity Theft Laws
October 29, 2009 from: Office of Inadequate Security
The Federal Trade Commission cannot force practicing lawyers to comply with new regulations aimed at curbing identity theft, a federal judge ruled today at the U.S. District Court for the District of Columbia.
Comments (1)
From the Web
Black Box vs White Box. You are doing it wrong.
October 28, 2009 from: Jeremiah Grossman's Blog
A longstanding debate in Web application security, heck all of application security, is which software testing methodology is the best -- that is -- the best at finding the most vulnerabilities. Is it black box (aka: vulnerability assessment, dynamic testing, run-time analysis) or white box (aka: source code review, static analysis)? Some advocate that a combination of the two will yield the most ...
Comments (1)
From the Web
Former Wachovia employee convicted of bank fraud and aggravated identity theft
October 28, 2009 from: Office of Inadequate Security
Juan Rombado, a former Wachovia Bank employee, has been convicted of bank fraud and aggravated identity theft arising from several schemes aimed at defrauding his employer through the theft of customer identities, United States Attorney Tim Johnson announced. Indicted and arrested in August 2009, Rombado pleaded guilty to both counts before United States District Judge Vanessa Gilmore.
Comments (0)
From the Web
Coalition for Patient Privacy Calls on HHS to Repeal the Breach Notification Rule
October 28, 2009 from: Office of Inadequate Security
The Coalition for Patient Privacy urges the Department of Health and Human Services to revise and repeal the interim final rule (IFR) establishing requirements for notification of breaches of unsecured protected health information.
Comments (0)
Road Map for an Application/Software Security Architect (Part 1)
October 26, 2009 Added by:Stephen Primost
With the level of security concerns about security, it is interesting that there is not more concern with a holistic focus on application security. Numerous articles are citing chilling statistics about security breaches, with the majority (some use the figure of 80%) being related to applications. It is not for lack of information as to what constitutes an “application problem”. One j...
Comments (2)
From the Web
Whitehouse Drupal and The Open Source Security Model
October 25, 2009 from: Rsnake's blog at ha.ckers.org
Have you heard the news? The Whitehouse has decided to go open source. They have decided to switch from their own proprietary in-house CMS system to Drupal. You heard me right, Drupal. The same Drupal with 12 pages of vulnerabilities at OSVDB since it’s inception. I’m sure this made the Open Source community jump for joy, but I see this as a big mistake if you take it on face value and...
Comments (0)
From the Web
LifeLock barred from placing fraud alerts in Experian settlement
October 22, 2009 from: Office of Inadequate Security
LifeLock Inc. and Experian Information Solutions Inc. have settled their lawsuit, and the agreement permanently blocks the original process LifeLock used to protect its clients.
Comments (0)
From the Web
FTC settles latest charges against ChoicePoint
October 19, 2009 from: Office of Inadequate Security
ChoicePoint, Inc., one of the nation’s largest data brokers, has agreed to strengthened data security requirements to settle Federal Trade Commission charges that the company failed to implement a comprehensive information security program protecting consumers’ sensitive information, as required by a previous court order. This failure left the door open to a data breach in 2008 that co...
Comments (0)
From the Web
Retail sales associates sentenced for role in credit card, bank fraud
October 16, 2009 from: Office of Inadequate Security
Four men from Atlanta Georgia were sentenced this week by United States District Judge Orinda D. Evans on charges of bank fraud, credit card fraud and aggravated identity theft.
Comments (0)
- Improving Security by Failing Faster
- BYOD: Should It Be the Wave of the Future?
- Trend Micro Discovers "SafeNet" - a New Targeted Espionage Operation Online
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)
- Complimentary IT Security Resources [May 13, 2013]
- Steps Toward Weaponizing the Android Platform
- Mobile Security Processes Could Be Applied to Medical Devices: Bluebox