Web App Security
Wrong response to zero day attacks exposes serious risks
October 22, 2012 Added by:Pierluigi Paganini
Recent revelations on Flame raise the question on the efficiency of zero day vulnerabilities, software bugs that hackers exploit to avoid security defenses on targeted systems. The real problem when we talk about zero-day is related to the duration of the period in which hackers exploit the vulnerability...
Comments (0)
Prolexic Q3 2012 ... a new generation of DDoS attacks
October 20, 2012 Added by:Pierluigi Paganini
This is significant because very few companies or organizations have the necessary network infrastructure to deal with such attacks. There might be some companies with popular websites such as Google or Facebook that are able to handle such high-bandwidth floods, but most companies are not...
Comments (0)
Cyber Threats to Democracy?
October 18, 2012 Added by:Jayson Wylie
I highly encourage anyone to look into the current mechanisms which count the people’s vote state-by-state, but even more I encourage the security industry and public to voice outrage for not putting security first in our sacred democratic election process...
Comments (0)
Congress Probes USTR on the Confidential TPP Negotiations
October 18, 2012 Added by:Electronic Frontier Foundation
The Trans-Pacific Partnership agreement (TPP) threatens to regulate and restrict the Internet in the name of enforcing intellectual property (IP) rights around the world, yet the public and civil society continue to be denied meaningful access to the official text and are even kept in the dark...
Comments (0)
Advice Regarding Recent Java Vulnerabilities
October 17, 2012 Added by:Fergal Glynn
By now, our readers have undoubtedly seen the buzz about a serious security vulnerability in Oracle Java, with corresponding exploit code making its way around in the form of active, in-the-wild attack campaigns, as well as penetration testing tools...
Comments (0)
The EFF is Losing Its Way on Internet Freedom
October 16, 2012 Added by:Dave Aitel
Internet advocacy is, like the Internet itself, a binary thing. You can be a voice for a perfectly secure Internet, or you can be a voice for messy and chaotic liberty - for a citizen’s personal privacy in an electronic world. You cannot do both, and I do not think the EFF knows which it is doing anymore...
Comments (0)
Believe It or Not, DevOps and Infosec Are a Perfect Culture Match
October 14, 2012 Added by:Gene Kim
By integrating automated security testing into the deployment pipeline, just as the functional and integration tests are, information security testing becomes part of the daily operations of Development. As a result, security defects are found and fixed more quickly than ever...
Comments (0)
EFF Opposes Government's State Secrets Claim in Wiretapping Case
October 14, 2012 Added by:Electronic Frontier Foundation
EFF filed its latest brief in the Jewel v. NSA case, aiming to stop the government from engaging in mass warrantless collection of emails, phone calls, and customer records of ordinary Americans. The matter is set for hearing on December 14, 2012 in federal court in San Francisco...
Comments (0)
Six Questions to Ask Before Posting to Social Networks
October 10, 2012 Added by:Rebecca Herold
Every day I see yet another situation where employees misused, abused or otherwise accused social media sites to the chagrin of their employers. Businesses need to make a coordinated effort, using a combination of policies, training and technology to mitigate the risks of workers using social media sites...
Comments (0)
Online Banking: A Trust Opportunity to (Re)gain?
October 09, 2012 Added by:Mikko Jakonen
How come banks are telling people to maintain their security better, without putting their OWN reputation and capabilities in line with the DIRECT consequences of the change paradigm towards ‘webalized’ approach we have witnessed for years, has now resulted as poor operational security...
Comments (0)
New Book Details the NSA’s Warrantless Wiretapping Program
October 07, 2012 Added by:Electronic Frontier Foundation
Three more NSA whistleblowers, including William Binney a former high ranking official involved with the program during its infancy, also submitted affidavits laying out how the NSA illegally spied on Americans in the aftermath of 9/11...
Comments (0)
MS08-067 Celebrates Another Birthday
October 04, 2012 Added by:Jeremy Sobeck
As a Penetration Tester, this vulnerability is sought out because it is highly reliable and very low risk. As an attacker, the fact is the attack still works. The vulnerability was widely used in conjunction with the Conficker worm, which affected more than 9 to 15 million systems...
Comments (0)
Service Agreements Kill Privacy, But Can They Create It Too?
October 03, 2012 Added by:Electronic Frontier Foundation
The Fourth Amendment has not kept up with technology. And a recent case decided by the Ninth Circuit Court of Appeals highlights the increasing way rights are adjudicated when it comes to data stored by other companies: through the service agreement a user enters into with a company...
Comments (0)
Stop the Next SOPA and CISPA: Register to Vote for Internet Freedom
September 30, 2012 Added by:Electronic Frontier Foundation
Congress needs to know that the Internet is watching and that users won’t sit on the sidelines as technology intended to connect us and bring knowledge to people worldwide is turned against us for the purposes of censorship and surveillance...
Comments (0)
Do Not Track Update: The Fight for User Privacy Continues
September 25, 2012 Added by:Electronic Frontier Foundation
EFF and other digital rights advocates are continuing to fight for Do Not Track, a one-click browser-based signal users can turn on to tell websites not to track their online browsing habits. In this article, we’ll be reviewing recent Congressional hearings about online tracking...
Comments (0)
Video: Do I Have to Secure All My Applications?
September 24, 2012
Attackers take advantage of any externally facing web application. If you think about a web application is not mission because it’s not touching data and if there is a SQL Injection vulnerability that exists in there attackers can use that to gain a foothold inside the network...
Comments (0)
- Five Things Your InfoSec Team Should Do in the Next 30 Days
- The Disclosure Debate Continues….. (part 1,453, 769) to be Continued
- The Danger of Mixing Cyber Espionage with Cyber Warfare
- Improving Security by Failing Faster
- BYOD: Should It Be the Wave of the Future?
- Trend Micro Discovers "SafeNet" - a New Targeted Espionage Operation Online
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)