Google's Open Source Security Audit Tool
Google has placed Ratproxy, a passive security audit tool, into open source
Continue reading Google's Open Source Security Audit Tool...
Site Sponsor:
Now Available:
Featured Resource:
Newsletter
Email Address:
Ask the Expert
Have a question for our resident expert? Email your questions to Dan or post a comment to the blog.
July 8, 2008
Digg it!
Sphere it!
Del.icio.us
Reddit!
NewsvineJuly 7, 2008
Who Is Running More Secure Browser Still an Open Question
A recent study on which of the major browsers are more like to be up to date is generating a fair bit of discussion focused on the study's methodology. Critics are right that some assumptions may have biased the findings but there are easy ways to assess how much of a bias those assumptions introduced. The study isn't perfect but it is a step in the right direction.
Continue reading Who Is Running More Secure Browser Still an Open Question...
July 3, 2008
Slaying the E-Mail Dragon: One Success Story from NYT
After reading Luis Suarez's New York Times piece I Freed Myself from E-Mail's Grip I wanted to email everyone I work with to tell them about it - but the irony of littering their inboxes with an article on controlling email was too much to swallow.
Continue reading Slaying the E-Mail Dragon: One Success Story from NYT...
July 2, 2008
Security Management: Tips and Techniques Articles
Managing security in any sizable IT organization can sometimes feel like juggling - things keep coming at you and the stuff you've already handled seems to have a way of coming back at you. There are no simple formulas or list of habits that will guarantee your success in this arena but over the last couple of years we have accumulated a number of articles that help to frame and explain some common issues in security management. Here are some of the most relevant:
Continue reading Security Management: Tips and Techniques Articles...
July 1, 2008
Securing Web Applications: Tips and Techniques Articles
Web applications are prime targets for attackers and developers are expected to develop applications with security high on the requirements list. Over the past years we have accumulated a number of articles that describe tips and techniques for improving application security. Here are some of the most relevant:
Continue reading Securing Web Applications: Tips and Techniques Articles...
June 30, 2008
Evaluating Your Security Management Program: What to Look For
The latest article in the Essentials Series: Messaging and Web Security - Volume III looks into how to keep your security management plan in synch with other business objectives. Here's an excerpt:
Continue reading Evaluating Your Security Management Program: What to Look For...
June 27, 2008
Capturing Keystrokes in Internet Explorer 6
Researchers at McAfee's Avert Labs have reported a vulnerability in Internet Explorer 6 that allows attackers to capture keystrokes. IE 7 does not have this vulnerability.
Continue reading Capturing Keystrokes in Internet Explorer 6...
June 26, 2008
You Are Being Targeted: Common Ground of Phishers and Polticial Strategists
It was a bit strange reading F-Secure's latest IT Threat Summary and having a feeling that I've heard part of this story before. I had, sort of.
Continue reading You Are Being Targeted: Common Ground of Phishers and Polticial Strategists...
June 25, 2008
One Approach to Database Security: Stick Head in Sand, Ignore Patches
Micheal Cobb's article Database Denial: How Critical are Oracle's CPUs does a nice job of laying out the pros and cons of critical patch updates (CPUs). One of the things that struck me was a sentiment that "my database is not accessible to the outside world, so why worry?" For starters, this assumes there are no holes in perimeter security. Right, when pigs fly.
Continue reading One Approach to Database Security: Stick Head in Sand, Ignore Patches...
June 24, 2008
Multiple Ruby Vulnerabilities Serious Concern for Developers
The scripting language Ruby has been quite popular among database application developers since Ruby on Rails came out and alleviated a lot of the drudgery of db application development. A recent announcement about multiple vulnerabilities that can be exploited for denial of service attacks or arbitrary code execution is leaving developers scrambling to patch but there are questions about the patches.
Continue reading Multiple Ruby Vulnerabilities Serious Concern for Developers...
June 23, 2008
Database Security and Inference
A new article from The Essentials Series: Messaging and Web Security - Volume III has just been posted on database security and inference. Here is an excerpt:
Mature relational databases provide an array of access control mechanisms to limit information to only the persons and processes that are authorized to use it. In spite of the significant measures in place, there are still ways for unauthorized users to gain information they should not have. The problem is not that the database code is vulnerable but that the nature of information allows for inferences about data we cannot see.
For more on security management, database security tools, end user security and more, see the Essential Series, volume III.
Can Google Work Collaboratively?
Google phones won't be showing up until late this year. The delay according to the Wall Street Journal is that wireless carriers and application developers are having trouble with keeping to schedules. Silicon Alley Insider notes that Google keeps tinkering with Android. Sounds a bit like Microsoft, hardware vendors and desktop app developers all over again.
June 20, 2008
Surplus Computers and Data Leaks
Stories of stolen company or government laptops with confidential information on them are almost routine now. A slight twist on that story line comes out of Kansas were several state computers put up for auction contained employee personal information, Social Security numbers, and investigation details.
June 19, 2008
Principals of Economics Apply to Stolen Data Markets
Remember supply and demand, substitute goods, and price elasticity? Hackers stealing and selling data do, as evidenced by some findings by Finjan.
Continue reading Principals of Economics Apply to Stolen Data Markets...
June 18, 2008
Internet Security To Get Colbert Bump
Stephen Colbert is famously known, at least to himself and his fans, to provide politicians who appear on his show with a bump in polls while artists and writers see higher sales. Wikiality, the Truthiness Encyclopedia that is dedicated to all things Colbert, uses statistics from Fox News to prove the truthiness of the bump:
Findings, however, show that the bump raises the poll numbers for political candidate by no fewer than 10 points. This was first evidenced in the 2006 midterm elections. Being on The Colbert Report increases book sales by 10 times on average
So will last nights guest Jonathan Zittrain, who was promoting his book on the future of the Internet, lead to an Internet security bump?
June 17, 2008
Paternalism Not Needed in Online Banking
So who is responsible for online banking security, especially when a bank offers free to the customer security software? Are we so collectively naive that we would think a single piece of software will secure transactions in spite of other vulnerabilities? (Think bolted door next to a broken window, which would you use to break in?). This is the question at the center of a debate about online banking and bank provided security measures.
Continue reading Paternalism Not Needed in Online Banking...
June 16, 2008
AT&T Laptop Theft - Physician Heal Thyself?
Would you listen to a doctor who told you to clean up your act while he puffed on a cigarette and sipped scotch in the middle of the day? I wonder if AT&T customers will feel similarly about their managed encryption service after an AT&T laptop containing unencrypted personal data (including salaries and bonuses) was stolen from an employee's vehicle.
Continue reading AT&T Laptop Theft - Physician Heal Thyself?...
June 13, 2008
Searching for Legal Definition of Spyware
Lawmakers face a problem when trying to come up with better legislation to counter the use of spyware: they have to define it.
Continue reading Searching for Legal Definition of Spyware...
June 12, 2008
Obama Looks for Talent in Securing Web Site
Political campaigns don't have a lot of time to get their Web security right and the Obama campaign is looking to avoid any more embarrassing or disruptive attacks on its site.
Continue reading Obama Looks for Talent in Securing Web Site...
June 11, 2008
Study: Focus on Fundamentals to Prevent Data Loss
A study on data breaches across a range of industries conducted by Verizon Business paints an ugly picture of just how preventable a lot of data loss incidents are.
Continue reading Study: Focus on Fundamentals to Prevent Data Loss...