We use easily counterfeited identification, Social Security numbers that are written on the sides of buses and we rely on the anonymity of the phone, fax, internet and snail mail as a means of application. In other countries they solve problems. They have priorities and don’t deal with the rhetoric. They put security first, convenience second...
The mechanical wonders that once used kerosene and chain drive squeegee rollers to mass produce wet-paper copies are long gone. It’s a digital copier these days that falls into a gray area between Classification of Documents and Enterprise Cyber Security. As technology in the copy machine industry has evolved many of these systems now contain large hard drives which retain full and complete images of each and every copy made on the system...
Securing an organization's assets requires work, and there are many different ways to classify controls. This white paper examines three common types of controls are administrative, technical, and physical.
This weekend, BusinessWeek.com will feature our own Anthony M. Freed, Editor and Business Development Director for the Infosec Island Network.
The technique, found by Lava Kuppan describes a scenario where a mix of CSRF, parameter pollution and Clickjacking can defeat CSRF tokens in JSP and (sometimes) in ASP.NET. It’s worth a read. I did briefly mention using CSRF to pre-populate fields that may be necessary to create a Clickjacking scenario during Jeremiah and my brief talk at the world OWASP in New York. But this takes it to a new level, where you can pre-load information in such a way that it will actually defeat the application logic in the process. Anyway, cool stuff by Lava...
There is an UNEQUAL amount of good and bad in most things, the trick is to work out the ratio and act accordingly… The Jester
Brian Krebs reveals that Fiserv, a “Fortune 500 company that provides bank transaction processing services and software to more than 16,000 clients worldwide,” is urging customers not to use the most updated version of Adobe Reader...
Apple Stock: iPad Business More Valuable Than Mac Desktops - We estimate that Apple’s iPad business accounts for 4% of the $267 Trefis price estimate for Apple’s stock compared to about 3% for Apple’s Mac desktop business…
Today’s Malware Strategy and Tactics are advanced and sophisticated. The main purpose for that is to trick antiviruses. Some are using encryption to make the detection difficult for any security software product, other add an AutoRuns to the registry entries to defend itself against anti-malware software or just adding a line to the host file to prevent the antivirus from updating their definition...
Scammers have been devising ways to ride on someone else's coattails since the dawn of time. With every new technology they find another way to make money from nothing. Today I am going to highlight a method that involves Twitter, Yahoo!, and Google AdSense.