Web App Security
Online Banking: A Trust Opportunity to (Re)gain?
October 09, 2012 Added by:Mikko Jakonen
How come banks are telling people to maintain their security better, without putting their OWN reputation and capabilities in line with the DIRECT consequences of the change paradigm towards ‘webalized’ approach we have witnessed for years, has now resulted as poor operational security...
Comments (0)
New Book Details the NSA’s Warrantless Wiretapping Program
October 07, 2012 Added by:Electronic Frontier Foundation
Three more NSA whistleblowers, including William Binney a former high ranking official involved with the program during its infancy, also submitted affidavits laying out how the NSA illegally spied on Americans in the aftermath of 9/11...
Comments (0)
MS08-067 Celebrates Another Birthday
October 04, 2012 Added by:Jeremy Sobeck
As a Penetration Tester, this vulnerability is sought out because it is highly reliable and very low risk. As an attacker, the fact is the attack still works. The vulnerability was widely used in conjunction with the Conficker worm, which affected more than 9 to 15 million systems...
Comments (0)
Service Agreements Kill Privacy, But Can They Create It Too?
October 03, 2012 Added by:Electronic Frontier Foundation
The Fourth Amendment has not kept up with technology. And a recent case decided by the Ninth Circuit Court of Appeals highlights the increasing way rights are adjudicated when it comes to data stored by other companies: through the service agreement a user enters into with a company...
Comments (0)
Stop the Next SOPA and CISPA: Register to Vote for Internet Freedom
September 30, 2012 Added by:Electronic Frontier Foundation
Congress needs to know that the Internet is watching and that users won’t sit on the sidelines as technology intended to connect us and bring knowledge to people worldwide is turned against us for the purposes of censorship and surveillance...
Comments (0)
Do Not Track Update: The Fight for User Privacy Continues
September 25, 2012 Added by:Electronic Frontier Foundation
EFF and other digital rights advocates are continuing to fight for Do Not Track, a one-click browser-based signal users can turn on to tell websites not to track their online browsing habits. In this article, we’ll be reviewing recent Congressional hearings about online tracking...
Comments (0)
Video: Do I Have to Secure All My Applications?
September 24, 2012
Attackers take advantage of any externally facing web application. If you think about a web application is not mission because it’s not touching data and if there is a SQL Injection vulnerability that exists in there attackers can use that to gain a foothold inside the network...
Comments (0)
House Passes the Broad Warrantless Spying Bill
September 23, 2012 Added by:Electronic Frontier Foundation
The House voted to renew the dangerous FISA Amendment Act which hands the NSA broad, warrantless surveillance powers for another five years. Sadly, the House refused to add any oversight powers or privacy protections, despite evidence the NSA has used it to spy on Americans...
Comments (0)
Creating a Surveillance-Free Internet
September 20, 2012 Added by:Electronic Frontier Foundation
Since its origins in 2008, Freedom Not Fear has developed the general message: fundamental rights like privacy, free expression, due process, and democratic participation are jeopardized when reactionary, fear-driven surveillance systems penetrate our societies...
Comments (0)
Microsoft Forcing Users to Use Less Secure Passwords
September 18, 2012 Added by:Dan Dieterle
Looks like Windows 8 is capped at a 16 character limit for compatibility with existing Microsoft Accounts. With the decrease of the character set, by limiting special characters for compatibility with Microsoft’s other services, the passwords are less secure than before...
Comments (2)
Don’t Wait for UK Snoopers’ Charter: Encrypt Wikipedia Now
September 17, 2012 Added by:Electronic Frontier Foundation
Rather than waiting for bad legislation, Wikipedians should take this opportunity to make one relatively small technical change that could serve as a bulwark against all kinds of government surveillance, filtering and data retention laws...
Comments (0)
TPP and its Impact on Digital Freedom
September 12, 2012 Added by:Electronic Frontier Foundation
"Disciplines related to IPR could impact how people gain access to the Internet and could constrain what people may say online or how they can collaborate and share content. It is imperative that the IPR chapter of the proposed TPP agreement not inappropriately constrain online activity..."
Comments (0)
Java, Flash, and the Choice of Usability Over Security
September 10, 2012 Added by:Le Grecs
Convenience vs. Security: My goal of not installing Flash and Java on a new system didn't last more than a few hours. Yet, as infosec professionals, following the disable unnecessary services philosophy, we advise not installing these types of applications for security reasons...
Comments (0)
Securing Your Application Perimeter: Getting Results
September 08, 2012 Added by:Fergal Glynn
What applications should you be testing? Just because the discovery process identifies 300 web applications doesn’t mean that you’d want to test the 30 that clearly should be decommissioned...
Comments (0)
Google Wallet: Please Tell Me They’re Joking...
September 08, 2012 Added by:Joel Harding
No computer in the world is safe from a determined hacker. Most of us don’t properly secure our computer, our smart phone, or even our wallets. So how in the heck does storing your credit and debit card information “in the cloud” help you secure your already vulnerable information?
Comments (1)
Securing Your Application Perimeter: What to Test for Vulnerabilities
September 05, 2012 Added by:Fergal Glynn
When dynamic scanning engines were first designed they were primarily tools for penetration testers to use on a few select web applications deemed critical enough to warrant serious testing. But times have changed, every Internet facing application is now a potential attack surface...
Comments (0)
- Brand Damage Through Information Access
- Identity & Access Management: Give Me a REST
- Over-Sharing Riskier than Government Snooping
- 20 Critical Security Controls: Control 13 – Boundary Defense
- Redefining Social Networking
- Creating Your Own Privacy & ROI
- Security Intelligence for the Enterprise - Part 1
- Why are Cybercrimes NOT Always White-collar Crimes?
- From the SMB to Security Guru: Five Ways IT Pros Can Manage Security on a Budget
- Balancing Act Between Privacy and Security