Hardware
From the Web
Man charged with developing and distributing cable network hacking tools
November 02, 2009 from: Office of Inadequate Security
Charges were unsealed in federal court in Massachusetts against an Oregon man and the company he founded, TCNISO, alleging that they developed and distributed products that allowed users to modify their cable modems and obtain internet access without paying for it.
Comments (0)
Good enough security?
October 29, 2009 Added by:Christopher Hudel
We have had 802.1x -- CISCO + Active Directory Integration -- in place for over a year know and it is largely a success; windows systems automatically obtain machine certificates (machines automatically receive certificates when they join the domain), supplicants exist for our IP Phones, and those devices (i.e.: printers) that are currently incapable of 802.1x are split off in a tightl...
Comments (2)
IT Security - Defense in Depth Protection using a Data-centric Model
October 29, 2009 Added by:Mike Cuppett
Start aligning your security strategy to better protect your organization's most critical asset - data. While many security proponents lean toward an outside-in strategy - protect every computer in the company from the outside world first - we really need to understand that the data is the asset that must be protected first and foremost. The outside-in strategy starts at a macro level and ov...
Comments (5)
Where are the DBAs?
October 07, 2009 Added by:Michael Menefee
What I really want to know is this: Where are the Database Admins (DBAs) these days? I cant tell you how many times in the past 18 months that I’ve found real enterprises running vulnerable databases with default passwords, weak passwords and no real permissions management.
Comments (3)
From the Web
Website exposes sensitive details on military personnel
September 08, 2009 from: Office of Inadequate Security
Programming errors on a website that helps commuters carpool to work are exposing sensitive information of workers for hundreds of employers in Southern California, including at least one military installation.
Comments (1)
From the Web
Email Obfuscation and Spam Robots
September 08, 2009 from: Rsnake's blog at ha.ckers.org
I’ve long been interested in spam and robots that scrape for email addresses. I’ve done tons of work in the space, although I’ve never published any of it. Call it more of a side hobby than anything I really want to go public with - as it is with a lot of my research
Comments (0)
From the Web
Digital Direct reports breach
September 05, 2009 from: Office of Inadequate Security
Chris Cooper of Bloomberg.com reports that Digital Direct, Inc., a unit of Mitsubishi Corp., had a breach of their e-commerce web site that resulted in the compromise of 52,000 customers’ credit card numbers.
Comments (0)
From the Web
Helping users keep plugins updated
September 04, 2009 from: Mozilla Security Blog
Starting with the upcoming releases of Firefox 3.5.3 and Firefox 3.0.14, Mozilla will warn users if their version of the popular Adobe Flash Player plugin is out of date. Old versions of plugins can cause crashes and other stability problems, and can also be a significant security risk.
Comments (0)
From the Web
Best of Application Security (Friday, Sep. 4)
September 04, 2009 from: Jeremiah Grossman's Blog
Ten of Application Security industry's coolest, most interesting, important, and entertaining links from the past week -- in no particular order. Regularly released until year end. Then the Best of Application Security 2009 will be selected!
Comments (0)
From the Web
Announcement Regarding The October 2009 Critical Patch Update
September 03, 2009 from: The Oracle Global Product Security Blog
Because many Oracle customers with responsibility for deploying the Critical Patch Update within their respective organizations will be attending Oracle OpenWorld on October 11-15, 2009; the October 2009 Critical Patch Update originally scheduled to be published on Tuesday, October 13th 2009, will be released on October 20th 2009.
Comments (0)
OWASP Testing Guide Version 3
August 03, 2009
This is an excellent resource on the process of testing web applications for security vulnerabilities/general insecurities...this is by no means exhaustive nor perfect for every envirnment, but a valuable read for anyone who manages or tests web applications
Comments (2)
Not So Smart Grid?
July 14, 2009 Added by:Michael Menefee
According to a security researcher, the so-called Smart Grid technology being rolled out accross the country as part of the stimulus bill, may be vulnerable to numerous attacks. According to the researcher, many of the commands that allow the power company to interact with the smart-meters at the user's house (for example) do not require authentication, have no encryption and are ripe fo...
Comments (3)
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)
- Complimentary IT Security Resources [May 13, 2013]
- Steps Toward Weaponizing the Android Platform
- Mobile Security Processes Could Be Applied to Medical Devices: Bluebox
- The Emperor Is Naked!
- Infographic: Keeping Web Applications Safe
- Do You Have a Vendor Security Check List? You Should!