Site Sponsor:
Ask the Expert
Search this site
Entries from Realtime Community | Messaging and Web Security tagged with 'web application security'
Browser Sniffing
We've just posted an article in the Digital Library on browser sniffing. Here is an excerpt:...
Posted by Dan Sullivan on November 26, 2008 6:00 AM
Basics of Threat Modeling
Threat modeling is a design practice that helps us understand they types of attacks and vulnerabilities that can adversely affect our applications. In this podcast, we examine the basic steps in threat modeling and describe a tool for supporting threat...
Posted by Dan Sullivan on November 16, 2008 9:59 AM
Design Flaws Hamper Online Banking Security
Researchers at the University of Michigan are reporting that 75% of 214 online banking sites had significant design flaws. At first this did not sound surprising, assuming the design flaws were minor tradeoffs between security and usability but that wasn't...
Posted by Dan Sullivan on July 24, 2008 8:36 AM
Yet Another Form of Injection Attack: Web Redirects
Brian Kreb's Security Fix discusses some research out of Indiana University on how phishers and others can use open redirects in legitimate Web sites. In addition to the clear examples of hacked redirects Krebs provides, I add that this is...
Posted by Dan Sullivan on July 17, 2008 8:24 AM
Database Complexity is a Security Problem
At about the same time Oracle is releasing its quarterly patch, Sun is announcing MySQL 5.1, a major upgrade that brings more standard relational DBMS functionality to the open source platform. Is Oracle at risk of adding so many features...
Posted by Dan Sullivan on April 15, 2008 7:48 AM
Ajax Security Overview: Problems and Solutions
We've just posted a new article for developers on how to use Ajax without introducing a host of vulnerabilities. Starting from the fundamental premise that we can't trust the client, the article describes three techniques for improving the security...
Posted by Dan Sullivan on April 9, 2008 8:28 AM
Patching for Web 2.0 Vulnerabilities
You may have woken up this morning to find your PC automatically rebooted after a Microsoft critical update. This time around, Microsoft provided critical patches for MS Project, Graphics Device Interface (GDI), VBScript and JScript, and a vulnerability in ActiveX...
Posted by Dan Sullivan on April 9, 2008 7:29 AM
Trusted but Compromised Sites: How to Protect Yourself
There are now more compromised Web sites distributing malware than sites established just for that purpose. How are we supposed to protect ourselves from these unwitting pushers of malware? There are no easy answers but a combination of steps to...
Posted by Dan Sullivan on April 7, 2008 7:28 PM
Will There Be A Pause in the Web 2.0 Party?
Web 2.0 security vulnerabilities are well known and it's almost as well known that these aren't really new - the difference with Web 1.0 is more of quantity than quality. Web 2.0 tools and techniques let us build apps faster,...
Posted by Dan Sullivan on April 3, 2008 7:56 AM
Trends in Malware
Malware is becoming more resilient, in part, because of increasingly sophisticated infrastructure for distributing and controlling malware. This podcasts looks at these themes especially with regard to distribution mechanisms for malware, techniques for protecting compromised devices like fast flux, the...
Posted by Dan Sullivan on March 3, 2008 12:00 AM
Fortune 500 FTP Credential for Sale
Cybercrime is making sales on line and credentials to ftp sites is one of the latest discovered offerings. Finjan reports in ther Malicious Page of the Month report that 8700 ftp credentials of corporations and government agencies are available through...
Posted by Dan Sullivan on February 27, 2008 5:28 PM
McAfee Foresees Growing Threat from Botnets and Vulnerable Web Services
McAfee is looking to the recent past and predicting that two of the biggest problems we'll face in the next year are more resilient and dangerous botnets and more attacks on Web sites. vnunet.com notes: Many of the threats to...
Posted by Dan Sullivan on November 16, 2007 12:34 PM
Good Tips for the Security Novice
I was a little hesitant to click through on a BusinesssWeek article entitled "Looming Online Security Threats in 2008". It isn't even Thanksgiving yet and already Christmas decorations are in the stores and doom and gloom predictions for 2008 are...
Posted by Dan Sullivan on November 12, 2007 12:46 PM
Ways to Avoid Cross Site Scripting Attacks
We've just posted a new article in the Messaging and Web Security library entitled Web Developers Guide to Avoiding Cross Site Scripting Attacks. You can download it here. If you're a Web developer you've probably heard about cross site scripting...
Posted by Dan Sullivan on October 1, 2007 7:20 PM
Poor Web 2.0 Design Harms Usability and Security
History is repeating itself. Poor usability was a problem with client server apps back when Visual Basic opened GUI design to pretty much every programmer. Then easy to use HTML tools turned us all into graphic designers. Now Web 2.0...
Posted by Dan Sullivan on May 14, 2007 9:46 AM
Web 2.0 Small but Still Weak on Security
Wow, lots of talk about the Pew report on Web 2.0. There's nothing like a report on omnivores to get them going. (Omnivores, according to Pew, are those who "participate in cyberspace and express themselves online and do a range...
Posted by Dan Sullivan on May 8, 2007 8:15 AM
Ajax Security Risks
Billy Hoffman of SPI Dynamics is speaking out about the risks of JavaScript and Ajax and was quoted in a recent InfoWorld article. One of the most telling quotes about the state of Web application security from Hoffman is: "In...
Posted by Dan Sullivan on March 26, 2007 12:24 PM
10 Steps for Web Application Deployment
Web application deployment requires careful planning a number of security checks. This podcast desribes a 10 step process spanning application testing and configuration, through multiple levels of security checks to penatration testing....
Posted by Dan Sullivan on February 28, 2007 7:00 PM
Why Push Dell for Linux and OpenOffice?
The IdeaStorm site at Dell is collecting suggestions from customers and he most widely sought changes center around the pre-installed Linux and OpenOffice. Why is there this push to Linux and OpenOffice? Here are some possibilities. 1. The voting population...
Posted by Dan Sullivan on February 27, 2007 8:26 AM
Google Docs & Spreadsheet Security and Privacy
We are going to keep more and more of our work on central servers, whether on private company servers or on Google's or some other third party. There have been a lot of good discussion about the security and privacy...
Posted by Dan Sullivan on February 23, 2007 7:33 AM
Can Google Apps Improve Security?
I've been arguing for shifting from desktop appliciations network based applications because we can more effectively secure servers and high-powered client devices are too much of a resource for spammers and botnet herders. Now Google is making Google Apps official...
Posted by Dan Sullivan on February 22, 2007 7:51 AM
Rich Internet Application (RIA) Security
Web applications are gaining features of client server applications and with this new functionality comes additional security risks. This podcast describes several techniques that should be used in RIAs to improve the security of those applications....
Posted by Dan Sullivan on February 20, 2007 7:07 PM
Compliance and Web Application Security
Regulations made clear the need to protect the privacy and integrity of information. One aspect of meeting those requirements is securing Web applications that collect, manage and analyze that information. This podcast examines some common security problems in Web applications...
Posted by Dan Sullivan on December 26, 2006 5:03 PM
Feed Subscription
If you use an RSS reader, you can subscribe to a feed of all future entries tagged 'web application security'. [What is this?]
Other Tags
Other tags used on this blog:
- 0 day (1)
- 2-factor authentication (1)
- 2008 Summer Olympics (1)
- access control (3)
- access controls (12)
- account sharing (1)
- Acer Aspire (1)
- ACLU (1)
- Active Management Technology (1)
- ActiveX (1)
- ActiveX vulnerability (1)
- ad blocking (1)
- Ad Words (1)
- adaptive design (1)
- AdBlock Plus (1)
- Adi Shamir (1)
- Adobe (2)
- Adobe Acrobat (1)
- Adobe Flash (1)
- Adobe Reader (1)
- adult content (1)
- adult sites (1)
- advertising (3)
- adware (6)
- AI (1)
- Air Force (2)
- air traffic control (1)
- AJAX (2)
- Ajax (6)
- Ajax security (3)
- Alienware (1)
- Altiris (3)
- Amazon (2)
- Amazon compute services (1)
- Amazon EC2 (1)
- Amazon S3 (4)
- Amazon Web Services (1)
- AMTSO (1)
- Amzaon EC2 (1)
- Amzon S3 (1)
- and Sun (1)
- Android (11)
- anit-malware (1)
- anit-virus (1)
- anonymizer (1)
- anonymizing data (1)
- anonymous browsing (1)
- anonymousizer (1)
- anti-forensic (1)
- anti-forensics (1)
- anti-Islamist (1)
- anti-malware (12)
- Anti-Malware Testing Standards Organization (1)
- anti-pharming (1)
- anti-phishing (14)
- anti-spam (8)
- anti-spyare (1)
- anti-spyware (5)
- anti-virus (53)
- anti-virus filtering (1)
- AOL (2)
- Apache (2)
- Apple (19)
- Apple Safari (1)
- appliance (1)
- applicaiton security (1)
- application backdoor (1)
- application development (4)
- application firewall (1)
- application firewalls (3)
- application security (35)
- Application security (1)
- application server security (1)
- application stack (1)
- application testing (4)
- application vulnerability (1)
- application vulnerability assessment (1)
- Arbor Networks (1)
- Aritficial intelligence (1)
- arrest (3)
- Ask (1)
- Ask.com (1)
- AskEraser (2)
- asset management (2)
- Asus (1)
- Asus eee (1)
- Asus Eee (6)
- Asus EEE (2)
- Asus Eee PC (3)
- AT&T (5)
- attack code (1)
- attackers (1)
- attacks (1)
- auction (2)
- audit (6)
- auditing (12)
- audits (1)
- authenticated email (1)
- authentication (11)
- authorization (5)
- AV (1)
- backup (7)
- backup and recovery (2)
- backups (1)
- badware (1)
- bandwidth (1)
- bank bailout (1)
- bank fraud (4)
- Bank fraud (1)
- Bank of America (1)
- Bank of New York Mellon (1)
- banking (2)
- Barack Obama (6)
- Barak Obama Blackberry smartphone mobile device security policy (1)
- Barracuda (1)
- bayesian filter (1)
- Bayesian filtering (1)
- BBC (1)
- BEA (1)
- BEA Weblogic (1)
- BearShare (1)
- behavior tracking (1)
- behavioral analysis (2)
- Beijing Olympics (1)
- best practices (8)
- BGP (2)
- Bhutto assassination (1)
- Biden (1)
- Bitlocker (1)
- BitLocker (3)
- Black Hat (3)
- Black Hats (1)
- black holes (1)
- Blackberry (3)
- blackberry (1)
- blacklist (2)
- Blacksberry (1)
- Blacksburg (1)
- blended threats (2)
- blocking (1)
- blog (2)
- blogs (1)
- Blue Coat (1)
- Bluethooth (1)
- Bluetooth (1)
- bonet (1)
- Boot and Nuke (1)
- boot n nuke (1)
- Border Gateway Protocol (2)
- border patrol (1)
- Boston Mass Transit Authority (1)
- bot (10)
- botnet (29)
- Botnet (1)
- botnets (22)
- bots (1)
- branding (1)
- brandjacking (1)
- Broadcom (1)
- brokerage accounts (1)
- brokerage firms (1)
- broswer (1)
- broswer security (2)
- browser (8)
- browser cache (1)
- browser extensions (2)
- browser interface (1)
- browser secuity (1)
- browser security (18)
- browser securtiy (1)
- browser sniffing (1)
- browser vulnerability (1)
- Bush (1)
- Bush administration (1)
- business alignment (1)
- business case for security (1)
- business computing (1)
- business continuity (1)
- business intelligence (1)
- cache poisoning (1)
- calendar (1)
- camera phone (1)
- campaign (1)
- campaigns (1)
- CAN Spam (1)
- Canada (1)
- captcha (1)
- CAPTCHA (1)
- career development (1)
- categorizing (1)
- cDc (1)
- cell phone (1)
- cell phones (1)
- cellphone (1)
- censorship (5)
- CERT (2)
- certification (1)
- CertifiedEmail (1)
- CES (1)
- change management (3)
- chaos (1)
- chat room (1)
- CheckPoint (2)
- child pornography (1)
- China (4)
- Chinese military (1)
- Chrome (2)
- CIO (1)
- Cisco (4)
- civil liberties (1)
- Clearwire (1)
- clickfraud (1)
- client security (3)
- Clinton (1)
- cloud computing (22)
- cloud security (4)
- CloudSQL (1)
- clustering (1)
- CMDB (1)
- cms (1)
- COBIT (6)
- code review (3)
- codecs (1)
- Colbert Report (1)
- collaboration (3)
- college (2)
- Comcast (2)
- Comcast net neutrality FCC (1)
- command and control (2)
- Common Cause (1)
- communication (1)
- complex event processing (1)
- complexity (3)
- compliance (33)
- compliance regulation (2)
- composting (1)
- compromised Web sites (2)
- computer crime (1)
- computer crime investigations (1)
- computer security (3)
- Computer Security Institute (1)
- computer survelliance (1)
- ComputerWorld (1)
- computing (1)
- computing services (1)
- Conficker (2)
- confidentiality (2)
- configuration (1)
- configuration management (2)
- consolidated security (1)
- constraint programming (1)
- constraint satisfaction (1)
- Consumer Electronics Show (1)
- content filter (5)
- content filtering (17)
- content filters (1)
- content management (2)
- content management system (3)
- control systems (1)
- copyright (4)
- copyright violation (2)
- copyrighted movies (1)
- copyrighted music (1)
- Core Security Technologies (1)
- Coreflood (1)
- counter-terrorism (1)
- counterfeit (1)
- counterintelligence (1)
- countermeasuer (1)
- countermeasures (2)
- Country Wide (1)
- Cox Communications (1)
- cracking (1)
- crawling (1)
- credit card (4)
- credit card fraud (7)
- credit card security (1)
- credit card theft (4)
- credit fraud (1)
- credit monitoring (3)
- credit reporting (1)
- crime (1)
- crimeware (3)
- critical infrastructure (2)
- critical patch (3)
- critical patch update (3)
- critical patch updates (1)
- cross site request forgery (1)
- cross site scripting (2)
- cross site scripting attacks (1)
- cross-doemain trust (1)
- cross-site scripting (2)
- cryptanalysis (1)
- cryptography (4)
- CSI (1)
- CSO (1)
- CSRF (3)
- CTIA (1)
- Cult of Dead Cow (1)
- customs (1)
- cyber attack (1)
- cyber attacks (1)
- cyber crime (1)
- cyber insurance (1)
- Cyber Monday (2)
- cyber-attack (2)
- cyber-security (1)
- cyberattack (4)
- cyberchat (1)
- cybercime (1)
- cybercrime (52)
- Cybercrime (2)
- cybereconomy (1)
- cybersecurity (14)
- cybersquatters (1)
- cybersquatting (1)
- cyberwar (2)
- cyberwarefare (1)
- cyberwarfare (6)
- cyptography (1)
- czar (1)
- Daily Show with John Stewart (1)
- Dan Kaminsky (1)
- DARPA (1)
- Darwin Awards (2)
- data breach (46)
- data breaches (2)
- data classification (3)
- data discovery (1)
- data inference (1)
- data integration (1)
- data leak (15)
- data leaks (11)
- data loss (19)
- data loss disclosure laws (1)
- data loss pervention (1)
- Data loss prevention (1)
- data loss prevention (88)
- data loss prevention disk wiping (1)
- data loss protection (5)
- data mart (1)
- data mining (2)
- data modeling (1)
- data privacy (1)
- data protection (1)
- data security (1)
- data standards (1)
- data warehouse (1)
- data warehousing (1)
- database (2)
- database administration (1)
- database auditing (2)
- database breach (1)
- database design (1)
- database encryption (2)
- database monitoring (4)
- database security (61)
- database vulnerabilitiy (1)
- database vulnerability (2)
- databasse security (1)
- David Blaine (1)
- DB2 (2)
- DBA (3)
- dban (1)
- DDOS (4)
- ddos (4)
- DDoS (2)
- dealing with evolving malware (1)
- debate (1)
- debit card theft (1)
- decryption (1)
- default passwords (1)
- DefCon (1)
- defense in depth (7)
- Dell (3)
- Democratic Party (1)
- Democratic primary (1)
- Democratic Primary (1)
- demographics (1)
- denial of service (8)
- denial of service attack (5)
- denial of service attacks (1)
- Department of Defense (4)
- Department of Homeland Security (1)
- Department of Justice (1)
- deregulation (1)
- dermatitis (1)
- design flaw (1)
- design flaws (1)
- desktop (3)
- desktop application security (1)
- desktop applications (4)
- desktop replacements (1)
- desktop search (2)
- developerWorks (1)
- development (1)
- development environment (1)
- development methodology (1)
- development tools (1)
- device security (1)
- DHS (4)
- Diebold (1)
- Diffie-Hellman (1)
- Digg (2)
- digital certificates (2)
- digital forensic (1)
- digital forensics (2)
- digital rights management (3)
- digital signatures (5)
- disgruntled employee (3)
- disk drive (1)
- disk encryption (1)
- disk recovery (1)
- disk scanning (1)
- distributed computing (1)
- distributed denial of service (1)
- DKIM (2)
- DLP (8)
- DNS (9)
- dns poisoning (1)
- DNS poisoning (2)
- DNS vulnerability (1)
- Do Not Track (1)
- DOC spam (1)
- document spam (1)
- DOD (1)
- DoJ (1)
- domain (1)
- domain hijacking (1)
- domain integrity (1)
- Domain Keys (1)
- Domain Keys Identified Mail (1)
- domain kiting (1)
- domain name system (1)
- domain registration (1)
- domain squatting (1)
- DomainKeys (2)
- DOS (2)
- DoS (2)
- Doubleclick (1)
- DoubleClick (1)
- drive by download (2)
- drive by downloads (5)
- drive-by downloads (3)
- drive-by malware (1)
- DRM (4)
- drunk texting (1)
- Dutch Shell (1)
- DVD (1)
- dynamic analyis (1)
- e-commerce (1)
- e-discovery (2)
- e-mail (1)
- e-voting (12)
- e-waste (1)
- Earth Day (1)
- Earthlink (1)
- eavesdropping (2)
- Ebay (1)
- eBay (4)
- eclipse (1)
- economic downturn (2)
- economics (1)
- economics of cybercrime (1)
- ediscovery (1)
- EEC (1)
- EEF (1)
- election (1)
- elections (2)
- electronic ballots (1)
- electronic voting (2)
- email (16)
- email abuse (1)
- email archiving (1)
- Email client (1)
- email discovery (1)
- email filter (1)
- email filters (1)
- email monitoring (1)
- email policy (1)
- email security (15)
- email spoofing (1)
- employee monitoring (2)
- encrypted e-mail (1)
- encryption (47)
- Encryption (1)
- encryption keys (1)
- end user education (1)
- end user secuity (1)
- end user security (1)
- end user training (2)
- endpoint encryption (1)
- endpoint security (1)
- energy consumption (1)
- enterprise infrastructure (1)
- EnterpriseDB (1)
- ESet (1)
- espionage (1)
- ETL (1)
- EU (4)
- European Commission (1)
- European Union (4)
- EV certificates (1)
- EV SSL (6)
- EV SSL certificates (1)
- Eve Online (1)
- event correlation (1)
- EverQuest (1)
- evolution (1)
- Exchange (1)
- executive management (2)
- eXo (1)
- expansion pack (1)
- Expedia (1)
- exploit (3)
- Express Scripts (1)
- extended validation SSL (1)
- Extended Validation SSL (1)
- Extended Validation SSL Certificates (2)
- extortion (1)
- F-Secure (1)
- FAA (1)
- Facebook (10)
- Fast Company (1)
- fast flux (1)
- fast-flux (1)
- FBI (1)
- FCC (6)
- FDIC (1)
- Federal Deposit Insurance Corporation (1)
- Federal Rules of Civil Procedures (1)
- federal security (1)
- Federal Trade Commission (1)
- feedback (1)
- FERC (1)
- file encryption (1)
- file sharing (6)
- Final Fantasy (1)
- financial services (2)
- fines (1)
- Finjan (1)
- FIrefox (1)
- Firefox (18)
- Firefox plugin (1)
- FirePhish (1)
- firewall (2)
- firewalls (5)
- fiscal stimulus (1)
- FISMA (1)
- Flash (3)
- flash drive (1)
- flash drives (1)
- foreign relations (1)
- forensic analysis (1)
- forensics (7)
- form grabber (1)
- Fortune 100 (1)
- Fortune 500 (1)
- fraud (33)
- free credit monitoring (1)
- free market (1)
- free WiFi (1)
- FreeBSD (1)
- FTC (1)
- ftp (1)
- full disk encryption (6)
- G Data (1)
- gaming (1)
- gaming assets (1)
- gaming inventory (1)
- GAO (2)
- GDI (1)
- GE (1)
- Geert Wilders (1)
- genetic engineering (1)
- Geogia (1)
- Georgia Tech (1)
- Germany (1)
- globalization (1)
- GMail (2)
- gmail (1)
- Gmail (10)
- Goggle phone (1)
- Goodmail Systems (1)
- Google (61)
- google (1)
- Google ads (1)
- Google Applications (2)
- Google Apps (10)
- Google apps (1)
- Google Apps Engine (1)
- Google Blogger (1)
- Google Books (1)
- Google Calendar (1)
- Google Chrome (2)
- Google Desktop (1)
- Google desktop (2)
- Google Docs (4)
- Google email (1)
- Google Gears (3)
- Google Goggles (2)
- Google Groups (2)
- Google mail (1)
- Google operating system (1)
- Google Pack (1)
- Google Phone (2)
- Google phone (10)
- Google Toolbar (1)
- Goolag (1)
- Governance (1)
- governance (4)
- Gphone (2)
- gPhone (1)
- Grand Prix (1)
- Great Britan (1)
- green bar (2)
- Greenborder (1)
- greenhouse gases (1)
- GroupWise (1)
- hack (3)
- hackers (1)
- hackikng (1)
- hacking (48)
- HAL (1)
- Hannaford (3)
- harassment (1)
- hard drives (1)
- hardware error (1)
- Harvard Business Review (1)
- hash functions (1)
- HD-DVD (2)
- health care records management (1)
- Heartland (1)
- Heather Mills (1)
- HerbalKing (1)
- hijacked (1)
- Hillary Clinton (4)
- HIPAA (1)
- Hitachi (1)
- hoax (1)
- holiday (1)
- Homeland Security (2)
- homeland security (1)
- honeypot (1)
- honeypots (1)
- honypots (1)
- host (1)
- host integrity (2)
- host intrusion prevention (2)
- host intrusion prevetions system (1)
- host security (1)
- hosted malware (1)
- hostile workplace (1)
- hotel security (1)
- housing and urban development (1)
- HP (2)
- HP Info Center (1)
- HPMini-Note PC (1)
- HTML (1)
- HTML injection (1)
- HTML Injection (1)
- HTTP (1)
- HUD (1)
- human factors (2)
- human resources (1)
- Hushmail (1)
- hypervisor (1)
- IBM (11)
- IBM DB2 (1)
- IBM Websphere Portal (1)
- ICANN (1)
- identity management (8)
- Identity theft (1)
- identity theft (45)
- IE (4)
- IE 7 (2)
- IE7 (1)
- IE8 (1)
- IEEE Computer (1)
- iFrame exploit (1)
- illegal downloading (2)
- illegal software (1)
- IM (4)
- image analysis (1)
- image spam (3)
- Imeem (1)
- incident management (2)
- incident response (4)
- Indiana Jones (1)
- industrial espionage (1)
- industry regulation (1)
- information classifictaion (1)
- information leaks (4)
- information security (8)
- information technology (2)
- information theft (1)
- infrastructure (1)
- infrastructure protection (1)
- ING (1)
- ING Direct (1)
- Injection attack (1)
- injection attack (4)
- injection attacks (2)
- insider abuse (10)
- insider attack (4)
- insider threat (3)
- insider trading (1)
- instant messaging (3)
- insurance (1)
- Intel (4)
- Intel Dual Core (1)
- intellectual property (9)
- intellectual property theft (1)
- intelligence (1)
- intelligence agency (1)
- intelligence gathering (1)
- Interent Explorer (1)
- interface design (1)
- Internet (4)
- Internet access (1)
- Internet Explorer (16)
- Internet Explorer 7 (1)
- Internet rumor (1)
- Internet security (1)
- intrusion detection (1)
- intrusion prevention (7)
- intrustion detection (1)
- intrustion prevention (1)
- IP address (1)
- IP reputation filter (1)
- IP spoofing (1)
- iPhone (15)
- iphone (3)
- iPhone 2.0 (1)
- iPod (2)
- IPOWER (1)
- IPS (4)
- IRC (1)
- Irish Potato Famine (1)
- IRS (3)
- ISO 27002 (1)
- ISO-17799 (1)
- ISP (14)
- Isreal (1)
- IT (2)
- IT budget (1)
- IT budgeting (1)
- IT infrastructure (1)
- IT management (2)
- IT security (1)
- IT services (1)
- IT spending (1)
- Italian Job 3 (1)
- Italy (1)
- ITIL (7)
- iTouch (4)
- iTunes (1)
- iTunes update (1)
- IXQuick (1)
- jail break (1)
- Japan (1)
- Java security (1)
- JavaFX (1)
- Javascript (7)
- JavaScript (1)
- JBoss (1)
- Jeremy Clarkson (1)
- John Mcain (1)
- John McCain (4)
- JScript (1)
- JSON (1)
- JSR 168 (1)
- Julius Baer Bank and Trust (1)
- Kaspersky (1)
- key management (2)
- keylogger (6)
- keyloggers (1)
- kiting (1)
- Kmart (1)
- Koobface (1)
- Kraken (1)
- kudzu (1)
- laptop (9)
- laptop security (5)
- laptop theft (5)
- Large Hadron Collider (1)
- least privilege (2)
- least privileges (1)
- legislation (3)
- Lending tree (1)
- Leopard (3)
- LHC (1)
- liability (2)
- Lieberman (2)
- Liferay (1)
- Limewire (2)
- LinkedIn (3)
- LinkedIn porn malware (1)
- Linux (14)
- Linux desktop (2)
- lock down (1)
- lock picking (1)
- locksmith (1)
- log analysis (2)
- log monitoring (1)
- lost laptop; stolen laptop; data loss protection; data leak; identity theft; Best Buy (1)
- Lotus Notes (1)
- Lotus Symphony (2)
- Mac (3)
- Mac OS (7)
- Mac OS X (11)
- mail delivery (1)
- malicious domains (1)
- malicious Web site (1)
- malicious Web sites (2)
- malware (138)
- Malware (3)
- malware detection (1)
- malware Trojans worms viruses defense in depth anti-virus anti-malware Mac OS X iPhone iTouch (1)
- man in the middle attack (3)
- man-in-the-middle attack (1)
- managed devices (1)
- managed security services (1)
- managing security budgets (1)
- market (1)
- mashup (1)
- mashups (1)
- Massachusetts (1)
- massacre (1)
- Mastercard (1)
- McAfee (15)
- McAfee Site Advisor (2)
- McAFee SiteAdvisor (1)
- McAfee SiteAdvisor (1)
- Mcain Palin (1)
- McCain (4)
- MD5 (1)
- Media Defender (1)
- MediaDefender (1)
- medical malpractice (1)
- merger (1)
- message digests (1)
- messaging (1)
- metadata (1)
- Metasploit (2)
- metrics (1)
- MI5 (2)
- MI6 (1)
- Micheal Jackson (1)
- Microsoft (61)
- Microsoft Access (1)
- Microsoft Data Engine 1.0 (1)
- Microsoft Exchange (1)
- Microsoft Host Integration Server (2)
- Microsoft Live (1)
- Microsoft Mobile (1)
- Microsoft Office (6)
- Microsoft Project (1)
- Microsoft security (2)
- Microsoft SQL Server 2000 Desktop Engine (1)
- Microsoft SQL Server 2005 Express Edition (1)
- Microsoft Sync Framework (1)
- Microsoft Threat Analysis and Modeling (1)
- Microsoft Threat Analysis and Modeling Tool (1)
- Microsoft Vista (1)
- Microsoft Windows (1)
- Microsoft Windows 2000 (1)
- Microsoft Word (1)
- Microsoft XP (1)
- midsized business (1)
- MiiVi.com (2)
- military network (1)
- mini notebook (1)
- mini-laptop (1)
- mismanagement (1)
- missle defense (1)
- MIT (1)
- MITM (1)
- Mitt Romney (1)
- MMS (1)
- mob (1)
- mobile (1)
- Mobile Armor (1)
- mobile banking (1)
- mobile computing (2)
- mobile device (1)
- mobile device security (6)
- mobile devices (6)
- mobile devices malware iPhone Blackberry Google Phone (1)
- mobile malware (1)
- mobile messaging services (1)
- mobile operating system (1)
- mobile phone (2)
- mobile phones (1)
- mobile security (4)
- mobile storage devices (1)
- money laundering (1)
- monitor (1)
- monitoring (9)
- Monster.com (1)
- Morris worm (1)
- mortgage lending (1)
- Motion Picture Association of America (2)
- Moziall Firefox (1)
- Mozilla (10)
- Mozilla Fireforx (1)
- Mozilla Firefox (2)
- MPAA (4)
- MPack (1)
- MS Exchange (1)
- MS Jet (1)
- MS SQL Server (1)
- MTV (1)
- multimedia messaging (1)
- multiplayer games (1)
- municipal WiFi (1)
- music download (1)
- music industry (1)
- music piracy (1)
- MySpace (4)
- MySQL (5)
- MySQL security (1)
- myth (1)
- NAC (1)
- NASA (1)
- national defense (1)
- national security (2)
- natural language processing (1)
- NeoSploit (1)
- Nessus (1)
- Net Neutrality (1)
- net neutrality (1)
- Netflix (1)
- network (1)
- network abuse (1)
- network access control (1)
- network access controls (1)
- network appliance (2)
- network engineering (1)
- network intrusion prevention (1)
- network monitoring (1)
- network protocols (1)
- network scanner (1)
- network security (64)
- network vulnerabilities (1)
- network vulnerability scanning (1)
- network worms (1)
- Nicholas Carr (1)
- nickle (1)
- Nigerian scam (1)
- NIST (1)
- NLP (1)
- Nmap (1)
- Novell (2)
- NPR (2)
- NSA (2)
- nuclear secrets (1)
- NV Labs (1)
- oauth (1)
- Obama (8)
- Obama administration (1)
- obfuscation (1)
- Office (1)
- office suite (1)
- Ohio (3)
- olap (1)
- OLAP (1)
- one time passwords (1)
- online (1)
- online activity tracking (1)
- online ads (1)
- online advertising (2)
- online applications (2)
- online banking (16)
- online desktop (1)
- online fraud (1)
- online gaming (6)
- online identity (1)
- online pornography (1)
- online security (1)
- online storage (1)
- online theft (2)
- open access (2)
- open source (3)
- Open Source Security Testing Methodologies Manual (1)
- OpenBSD (1)
- OpenDNS (5)
- OpenFlow (1)
- OpenID (5)
- OpenLaszlo (1)
- OpenOffice (3)
- OpenSocial (1)
- OpenSSH (1)
- OpenSSL (2)
- OpenSSL vulnerability (1)
- Opera (3)
- operatin g system (1)
- operating system (4)
- operating system development (1)
- operating system hardening (1)
- operating system market (1)
- operating system restore (1)
- operating system security (3)
- operating systems (1)
- Oracle (28)
- Oracle Data Vault (1)
- organizational management (1)
- OSSTMM (1)
- OTP (1)
- Outlokk (1)
- Outlook (1)
- outsourcing (1)
- OWASP (2)
- P2P (10)
- p2p (1)
- P2P networks (1)
- Pakistan (1)
- Palin (3)
- Palm (1)
- Palm Centrino (1)
- Palm OS (5)
- paper ballots (1)
- paper trail (2)
- parallel processing (1)
- Paralles (1)
- parental controls (1)
- passsword stealing (1)
- password (5)
- password crackers (1)
- password cracking (3)
- Password Hasher Firefox Extension (1)
- password management (1)
- password manager (1)
- password policy (1)
- Password Safe (1)
- password stealing (1)
- passwords (11)
- patch (13)
- patch management (19)
- Patch Tuesday (3)
- patching (23)
- patent (3)
- Payment Card Industry (1)
- Payment Card Industry Data Standards (1)
- PayPal (5)
- PC (1)
- PC security (4)
- PCI (5)
- PCI Data Security Standard (1)
- PCI Data Standards (1)
- PCI DSS (3)
- PDA (2)
- PDA security (1)
- PDF spam (2)
- peer-to-peer (1)
- Peer-to-Peer (1)
- penatration testing (1)
- penetration testing (3)
- Pennsylvannia primary (1)
- Pentagon (7)
- perimeter defenses (3)
- personal devices (1)
- personal financial services (1)
- personally identifiable information theft (1)
- Pew Internet & American Life (1)
- Pew Research (1)
- Pfizer (2)
- Phalanx (1)
- Phantom (1)
- pharming (4)
- phishing (80)
- Phishing (3)
- phisihing (1)
- PHP (3)
- PHP security (1)
- physical security (3)
- PII (1)
- piracy (4)
- PKI (1)
- planning and organizing (1)
- Playstation 3 (1)
- plug-ins (2)
- point of sale (1)
- Pointsec (1)
- policies (1)
- policies and procedures (1)
- policy (2)
- policy enforcement (3)
- Policy enforcement (1)
- policy frameworks (1)
- policy management (4)
- politics (1)
- polymorphic virus (1)
- pop-ups (2)
- porn (6)
- pornography (4)
- portal security (2)
- Portals (1)
- POS (1)
- Poste Italiane (1)
- Postini (2)
- potentially unwanted program (1)
- potentially unwanted programs (2)
- power grid (1)
- power saving (1)
- PowerPoint (1)
- Premier Election Solutions (1)
- Presidential campaign (1)
- presidential campaign (3)
- presidential candidates (3)
- presidential election (4)
- Presidential elections (1)
- primary election (1)
- privacy (40)
- Privacy (1)
- privacy directive (1)
- privacy directives (1)
- privacy legislation (1)
- privacy protection (1)
- PrivacyFinder.org (1)
- private investigation (1)
- privilege elevation (1)
- product evaluation (1)
- product selection (1)
- productivity (1)
- programming errors (1)
- project management (1)
- property rights (1)
- prosecution (1)
- public key cryptopgraphy (1)
- public policy (1)
- pump and dump (2)
- PUP (2)
- put options (1)
- Qualcomm (1)
- quality control (1)
- query interface (1)
- Radware (1)
- random js toolkit (1)
- randomness (1)
- ransomware (2)
- rash (1)
- RBN (1)
- Reader (1)
- recession (1)
- Reconnex (1)
- recording industry (2)
- recovery (3)
- regulation (4)
- regulation. Obama (1)
- regulations (1)
- Reh Hat (1)
- relational database (1)
- relational databases (1)
- remote access (4)
- remote access security (1)
- remote code execution (2)
- remote exploit (1)
- remote management (1)
- reporting (1)
- reputation (1)
- reputation management (1)
- requirements analysis (1)
- requirements management (1)
- resiliency (1)
- resiliency engineering (1)
- retail (1)
- retailer (1)
- reveneues (1)
- revolt (1)
- reward (1)
- RFID (4)
- Rhapsody (1)
- RIA (2)
- RIAA (6)
- rich internet application (1)
- rich internet applications (1)
- rich Web applications (1)
- Richard Clarke (1)
- Richard Stallman (1)
- risk (2)
- risk analysis (5)
- risk assessment (3)
- risk management (20)
- risk mitigation (3)
- Robert Alan Soloway (1)
- Rolls Royce (1)
- Ron Paul (2)
- root access (1)
- root kits (3)
- rooted (1)
- rootkit (1)
- rootkits (6)
- rotation of duties (3)
- rotation of dutities (1)
- RSA (4)
- RSA 2009 (1)
- Ruby (3)
- Ruby on Rails (3)
- Rudder (1)
- Russia (1)
- Russian Business Network (1)
- SaaS (3)
- Safari (6)
- SafeBoot (1)
- Salesforce.com (2)
- sampling (1)
- San Francisco (2)
- sand box (1)
- sandbox (1)
- SANS (1)
- SANS What Works (1)
- Sarah Palin (1)
- satellite (1)
- Scalia (1)
- scam (1)
- scareware (1)
- Scientific American (1)
- screen grabber (2)
- screen logger (1)
- script (1)
- script kiddie (2)
- scripting (1)
- search (2)
- search and siezure (1)
- search engine (1)
- search engines (1)
- Sears (1)
- Second Life (4)
- Secunia (1)
- Secure Computing (1)
- Secure mashups (1)
- secure programming practices (1)
- secure voting (1)
- SecureWorks (1)
- security (34)
- security appliance (1)
- security as a service (3)
- security audit (1)
- security awareness (11)
- security awareness training (2)
- security baseline (1)
- security best practices (3)
- security breach (1)
- security budget (2)
- security budgeting (1)
- security by obscurity (1)
- security domains (1)
- Security Exchange Commission (1)
- security hardware (1)
- security industry (1)
- security informaiton management (2)
- security information management (1)
- security investment (1)
- security management (114)
- security managment (2)
- security market (2)
- Security market (1)
- security methodologies (1)
- security metrics (1)
- security monitoring (1)
- security policies (9)
- security policy (14)
- security practices (2)
- security professionals (1)
- security reporting (1)
- Security research (1)
- security ROI (1)
- security testing (3)
- security threats (3)
- security training (7)
- security update (1)
- security vendors (5)
- security vulnerability (1)
- semi-managed devices (1)
- Sender Policy Framework (2)
- SenderID (1)
- sendmail (2)
- Sentrigo (1)
- separation of duties (2)
- server hardening (1)
- server management (1)
- server security (6)
- server vulnerability (1)
- servers (2)
- service management (1)
- service oriented architecture (1)
- sex scandal (1)
- shredding (1)
- signature base detection (1)
- signature-based analysis (1)
- Silverlight (2)
- SIM (1)
- simulation (1)
- single sign on (1)
- SIP (1)
- SitAdvisor (1)
- SiteAdvisor (1)
- skills (1)
- Skydrive (1)
- Skype (5)
- small and midsized business (1)
- small and midsized businesses (1)
- small business (1)
- small businesses (1)
- small mid-sized businesses (1)
- small midsized business (3)
- smartphone (10)
- smartphones (19)
- Smash (2)
- SMB (8)
- smb (1)
- SMM (1)
- SMS (3)
- Snort (1)
- SOA (1)
- sobriety tests (1)
- social engineering (26)
- social enterprise (1)
- social networking (8)
- society (1)
- sociological drivers (1)
- Société Générale (1)
- software as a servcies (1)
- software as a service (4)
- software as a services (1)
- software asset management (1)
- software design (1)
- software development (6)
- software development methodologies (3)
- software development methodology (1)
- software engineering (1)
- software life cycle (1)
- software life cycle management (1)
- software policy (1)
- software reliability (1)
- software security (1)
- Sony (1)
- Sophos (1)
- Souter (1)
- SouthPark (1)
- spam (60)
- Spam (1)
- spam filter (1)
- spam filtering (1)
- spam stimulus package porn adult film industry bankikng auto industry IRS (1)
- Spamassasin (1)
- Spamassassin (1)
- Spamhaus (2)
- spammers (2)
- spear phishing (1)
- SPF (2)
- spoofing (1)
- Sprint (1)
- spybot (1)
- spyware (19)
- spyware SpyBot Ad-Aware Mcafee Site Safe OpenDNS (1)
- SQL Injection (8)
- SQL injection (5)
- SQL injection attacks (1)
- sql injection scanner (1)
- SQL Server (5)
- SQL Server 2000 (1)
- SQL Server 2005 (1)
- SQL Server 7.0 (1)
- SQL Slammer (1)
- SQLNinja (1)
- SSH (1)
- SSL (5)
- stability issue (1)
- Star Office (1)
- state sponsored cybercrime (1)
- State Street (1)
- static analysis (2)
- statistical analysis (1)
- statistics (2)
- stealth update (1)
- Stephen Colbert (1)
- stimulus plan (1)
- stolen laptop (2)
- StopBadware (1)
- storage services (1)
- Storm (5)
- Storm bot (1)
- Storm worm (3)
- Sun (4)
- Sun Java System Portal (1)
- Sunbelt (1)
- Super Tuesday (1)
- supercomputing (1)
- superhackers (1)
- Supreme Court (1)
- SURBL (1)
- surveillance (7)
- survey (3)
- SUSE (1)
- Sylvania G Netbook (1)
- Symantec (12)
- Symbain (1)
- Symbian (4)
- Symbion (1)
- system administration (1)
- system resiliency (1)
- systems administration (1)
- systems complexity (1)
- systems reliability (1)
- T-Mobile (2)
- targeted attacks (1)
- taxes (1)
- TCP (6)
- technology (1)
- technology policy (1)
- telecommunications industry (2)
- telephony (1)
- telephony security (1)
- testing (4)
- testing methodology (1)
- testing standards (1)
- text messaging (1)
- text mining (1)
- The Economist (1)
- theft (1)
- ThinkFree (1)
- Thinkfree (1)
- threat analysis (2)
- threat assessment (1)
- threat management (1)
- threat modeling (1)
- threat modelying (1)
- threatening messages (1)
- threats (3)
- Thunderbird (1)
- Tiger (2)
- Time Warner Cable (1)
- timing attack (2)
- TJX (9)
- Tor (1)
- Torpig (1)
- TorrentFreak (1)
- tracking (1)
- training (3)
- transportation (1)
- Trend Micro (2)
- Treo (1)
- Tripwire (1)
- trojan (1)
- Trojan (17)
- Trojan horse (7)
- Trojan horses (3)
- Trojan Horses (1)
- Trojans (9)
- trust model (1)
- trustec computing paltform (1)
- trusted computing (3)
- Trusted Computing Platform (1)
- trusted computing platform (2)
- trusted path (1)
- trusted Web sites (1)
- Turing Test (1)
- twitter (1)
- Twitter (2)
- typosquatting (1)
- UAC (2)
- Ubuntu (6)
- UK (2)
- Ukraine (1)
- ultraportable (1)
- underground economy (1)
- unified communications (1)
- unified threat management (6)
- Unisys (1)
- university (1)
- unlock (2)
- unmanaged devices (2)
- unwanted content (1)
- update (1)
- URIBL (1)
- url blocking (1)
- URL filtering (1)
- URL redirect (1)
- US-Cert (1)
- usability (2)
- USB (1)
- USB flash drive (1)
- user authentication (1)
- user awareness (3)
- user training (2)
- utility computing (1)
- UTM (3)
- VA (2)
- Valentines Day spam (1)
- vandalism (1)
- VBScript (1)
- Verified Voting (1)
- Veritas (1)
- Verizon (4)
- Verizon Wireless (2)
- VerizonWireless (2)
- version control (1)
- Viacom (2)
- video (2)
- video conferencing (1)
- Virginia Tech (2)
- virtual criminology (1)
- virtual currency (1)
- virtual goods (1)
- virtual machine (1)
- virtual private database (2)
- virtual server (2)
- virtual server security (1)
- virtual servers (1)
- virtual theft (1)
- virtual world (1)
- virtual worlds (1)
- virtualizaiton (1)
- virtualization (13)
- virtualization security (1)
- virtualization sprawl (1)
- virus (18)
- Virus (1)
- viruses (4)
- virutalization (1)
- Visa (1)
- vishing (2)
- Vista (26)
- vitrualization (1)
- Viver (1)
- VMWare (4)
- VoIP (7)
- VoIP security (3)
- voter fraud (1)
- voter registration (1)
- voting (2)
- voting fraud (2)
- voting machines (3)
- voting security (1)
- VPD (2)
- vpn (1)
- VPN (2)
- vPro (2)
- VT (1)
- vulnerabilities (34)
- vulnerability (35)
- vulnerability assessment (12)
- vulnerability management (5)
- vulnerability scanner (1)
- vulnerability scanning (16)
- vulnerability testing (1)
- vunlernability scanning (1)
- W-Fi (1)
- Wabisabilabi (1)
- Wall St meltdown (1)
- war (1)
- warrantless wiretapping (1)
- weak encryption keys (1)
- weak keys (1)
- Web (1)
- Web 2.0 (15)
- Web 2.0 security (1)
- Web 2.0. (1)
- Web application (2)
- Web application security (19)
- web application security (4)
- Web browser (1)
- Web crawler (1)
- Web email (1)
- Web filtering (1)
- Web hacking (1)
- Web hosting (1)
- Web meeting (1)
- Web rediret (1)
- web security (1)
- Web security (10)
- Web server security (2)
- Web services (1)
- Web site (1)
- Web site attack (1)
- Web site defacement (1)
- Web site integrity (1)
- Web site security (8)
- Web sites (1)
- Web spoofing (1)
- Web surfing (1)
- WebLogic (1)
- WebOS (1)
- Website security (1)
- Website vulnerability (1)
- WEP (2)
- whistle blowing (1)
- white lists (1)
- whitespace (1)
- WhyFirefoxIsBlocked (1)
- whyfirefoxisblocked (1)
- wi-fi (1)
- Wi-Fi (1)
- WiFi (2)
- WiFi communications industry auto industry (1)
- WiFi security (3)
- wiki (1)
- WikiLeaks (1)
- Wikileaks (1)
- wikis (1)
- WiMax (2)
- Windows (16)
- Windows 7 (1)
- Windows administration (1)
- Windows Internal Database (1)
- Windows Live (1)
- Windows Mobile (3)
- Windows registry (1)
- Windows security (8)
- Windows Server 2003 (1)
- Windows Server Service (1)
- Windows Update (1)
- Windows Vista (6)
- Windows XP (3)
- Wired (1)
- wireless (5)
- wireless auction (1)
- wireless encryption (1)
- wireless network (1)
- wireless security (3)
- wiretapping (2)
- Wordpress (1)
- workflow (1)
- World Bank (1)
- World of Warcraft (3)
- worm (4)
- wormm SIS (1)
- worms (13)
- WoW (1)
- WPA (1)
- XACML (1)
- XDrive (1)
- Xen (1)
- XP (2)
- XSRF (2)
- XSS (5)
- Yahoo (6)
- Yahoo widgets (1)
- YouTube (7)
- Yugma (2)
- ZanghSearch (1)
- zero day (1)
- zero day vulnerability (2)
- zero-day attack (1)
- zero-day theats (3)
- zero-day vulnerability (1)
- Zimbra (1)
- Zoho (12)
- Zoho Meeting (1)
- zombie (1)
- zombies (2)
- Zonbu (2)