Web Information Security

RSS Feed Homepage

Articles: 1, 2, 3, 4

Infrastructure security powers up
2007-05-11 03:36:00
Many critical infrastructure businesses are scrambling to beef up security against physical and IT threats -- before the government steps in to regulate. He may not have known it at the time, but Lonnie Charles Denison helped prove the need for tighter security at many infrastructure businesses when he launched a multifaceted attack against California Independent System Operator, a quasi-governmental agency responsible for management of the state's power grid. read more
More About: Security , Infrastructure , Structure , Powers

Web 2.0 Threats and Risks for Financial Services
2007-05-02 22:56:00
Web 2.0 technologies are gaining momentum worldwide, penetrating in all industries as enterprise 2.0 applications. Financial services are no exception to this trend. One of the key driving factors behind penetration of Web 2.0 into the financial services sector is the ?timely availability of information?. Wells Fargo, Merill Lynch and JP Morgan are developing their next generation technologies using Web 2.0 components; components that will be used in banking software, trading portals and other peripheral services. read more
More About: Services , Risk , Vice , Threats

Packet fragmentation versus the Intrusion Detection System (IDS) Part I
2007-04-26 06:00:00
Intrusion Detection System s (IDS) have long had a problem with packet fragmentation. This was true five years ago and it is still a problem today. For years the IDS has suffered from several key ailments. Chief amongst them is in how they deal with packet fragmentation. There has been great progress made over the years in how an IDS will deal with packet reassembly, however the problem still remains. Over the past years IDS vendors have grown smarter when it comes to packet fragmentation, and how their IDS's reassemble these fragments. read more
More About: Intrusion Detection , Versus , Part

SSTP: Secure Socket Tunneling Protocol and VPN capabilities
2007-04-20 20:10:00
SSTP (Secure Socket Tunnel ing Protocol ) and the VPN capabilities it will offer in future. The article will give a clear understanding of SSTP and compare standard VPN vs SSTP VPN. The article will also cover the advantages of utilizing both SSTP and VPN simultaneously and what the benefits of using SSTP will be. read more
More About: Bili

Corporate data slips out via Google calendar
2007-04-18 20:03:00
It's not clear what gets discussed during McKinsey & Co.'s weekly internal communication meeting, but the dial-in number and passcode for the event can be easily found by searching with Google . read more
More About: Corporate , Data , Lips , Google Calendar

Handling Security Bugs
2007-04-18 19:46:00
A sad truism is that to write code is to create bugs (at least using today's software development technology) The really sad part is that at least some of these are likely to be security bugs. We know how to ameliorate those security bugs (e.g., run your program in a virtual machine), but that does not eliminate them entirely. read more
More About: Security , Bugs , Hand

Defining Privacy ? and Its Limits
2007-04-18 19:38:00
A student in a public university dormitory room had a ?reasonable expectation of privacy? for his personal computer and its hard drive, a federal appeals court ruled on Thursday. The decision also found that despite that right to privacy, an administrator in the case under review had the right to conduct a remote search of the computer ? without a warrant ? because of the circumstances involved. read more
More About: Privacy , Limits , Riva

2006 Operating System Vulnerability Summary
2007-04-18 19:35:00
Computer security is a precarious business both from a product development and administrative standpoint. Operating system vendors are forced to constantly patch their software to keep consumers protected from the latest digital threats. But which operating systems are the most secure? read more
More About: System , Operating System , Vulnerability , Mary , Bili

Embedded devices open to new attack
2007-04-18 04:38:00
A Juniper Networks security researcher says he's discovered a new type attack that can compromise embedded devices such as routers and mobile phones. The vulnerability lies in the Arm and XScale microprocessors, two chips that are widely used in these devices. "There are interesting quirks in the ARM and XScale architectures that make things very easy for an attacker," said Juniper's Barnaby Jack. The technique he has developed is "100 percent reliable, and it results in code execution on the device," he said. read more
More About: Open , Devices , Device , Vice , Embedded

The fine art of data destruction
2007-04-18 04:34:00
The issue of what to do with the old tapes came to a head when renovation was scheduled for the building where the vault resided. "We had already moved to another backup system. So, these old tapes didn't work in our current system anyway. Now it was just old data we needed to figure out how to dispose of properly," Jones says. read more
More About: Destruction , Fine Art , Data , Fine

103 Free Security Apps for Mac, Windows and Linux
2007-04-18 04:27:00
How many times have you downloaded an app that could supposedly solve all of your computer problems absolutely free of cost? Now ask yourself how many times that app actually did what it was supposed to, or better yet how many times that app was actually free? More often than not your answer is going to be zero. read more
More About: Security , Windows , Linux , Free , Indo

Enabling SSL on IIS 7.0 Using Self-Signed Certificates
2007-04-07 04:51:00
SSL enables browsers to communicate with a web-server over a secure channel that prevents eavesdropping, tampering and message forgery.  You should always use SSL for login pages where users are entering usernames/passwords, as well as for all other sensitive pages on sites (for example: account pages that show financial or personal information).  read more
More About: Cat , Self , Signed , Sing , Sign

Writing Unit Tests, a simple multi-step process to getting started
2007-04-07 04:44:00
One of the things I often hear when I am preaching the gospel of writing Unit Test's is that I have so much existing code, I don?t know where to start.  In order to help others that have this dilemma I thought I would put together a simple multi-step plan to help you become one of the converted.  The key is to start slow, like most every thing else, you don?t want to jump in the deep end head first before you know how to swim. read more
More About: Writing , Arte , Simp , Multi , Start

JavaScript Hijacking
2007-04-07 04:39:00
An increasing number of rich Web applications, often called AJAX applications, make use of Java Script as a data transport mechanism. This paper describes a vulnerability we term JavaScript hijacking, which allows an unauthorized party to read sensitive data contained in JavaScript messages. The attack works by using a <script> tag to circumvent the Same Origin Policy enforced by Web browsers. Traditional Web applications are not vulnerable because they do not use JavaScript as a data transport mechanism. read more
More About: Javascript , Jack , King

Protect SSH from brute force attacks with pam_abl
2007-04-01 16:58:00
Practically all Unix and Linux servers run an SSH service to let administrators connect securely from remote locations. Unfortunately for security administrators, attacks on SSH services are popular today. In this article I'll show you how can you protect machines running SSH services from brute force attacks using the pam_abl plugin for SSH pluggable authentication modules (PAM). read more
More About: With , Force , Attacks , Prot , Brut

How I?d Hack Your Weak Passwords
2007-04-01 16:56:00
If you invited me to try and crack your password, you know the one that you use over and over for like every web page you visit, how many guesses would it take before I got it? Let?s see? here is my top 10 list. I can obtain most of this information much easier than you think, then I might just be able to get into your e-mail, computer, or online banking. After all, if I get into one I?ll probably get into all of them. read more
More About: Word , Words , Hack , Your , Password

Advanced SSH security tips and tricks
2007-04-01 16:30:00
In this article I'll show you some simple tricks to help you tighten security for your secure shell (SSH) service. The SSH server configuration file is located in /etc/ssh/sshd_conf. You need to restart the SSH service after every change you make to that file in order for changes to take effect. Change SSH listening port read more
More About: Security , Tips , Rick , Tricks , Tips and Tricks

How to surf anonymously without a trace
2007-04-01 16:25:00
The punchline to an old cartoon is "On the Internet, nobody knows you're a dog," but these days, that's no longer true. It's easier than ever for the government, Web sites and private businesses to track exactly what you do online, know where you've visited, and build up comprehensive profiles about your likes, dislikes and private habits. And with the federal government increasingly demanding online records from sites such as Google and others, your online privacy is even more endangered. read more
More About: How To , Surf , With , Without a Trace , Anonymous

Monitoring and Securing Enterprise Data
2007-04-01 16:22:00
Companies usually overlook that exposed data because their security posture is still focused on network perimeters, not on what might be going on behind the firewall or even over secure connections with business partners and suppliers, says Paul Stamp, an analyst at Forrester. "The perimeter around data is shrinking," he says. read more
More About: Data , Ring , Monitor , Enter , Tori

Next generation SaaS platform for security risk and compliance management
2007-04-01 16:18:00
QualysGuard 5.0 has arrived, introducing a next generation Software as a Service (SaaS) platform for you to manage network risk and achieve security compliance more effectively. The new AJAX-based user interface and capabilities of QualysGuard 5.0 provide a more efficient approach for proactively detecting and eliminating threats throughout your entire organization. QualysGuard 5.0 New Features: read more
More About: Security , Management , Men , Comp , Next

Securing Web Based Payment Systems
2007-03-31 05:31:00
A typical internet payment system consists of a payment gateway that handles information transfer over the internet between merchant and customer. In this article we shall look at some of the risks involved in this information flow. The Payment gateway as the name suggest act as an important payment link between customers and mechants, it authorizes payments for merchants and ensure that information travels securely between customer and the merchant. 
More About: System , Men , Ring , Systems

Assumptions in Intrusion Detection - Blind Spots in Analysis
2007-03-29 21:28:00
This paper examines one of the assumptions that form the foundations of packet analysis. A discussion of an approach to analyzing protocol stacks is presented. This approach can be used to determine gaps in the protocol stack where an analyst can be misled. Through the discussion a gap in the TCP/IP protocol stack is examined revealing one of the common assumptions made in intrusion analysis; trusting the content of the protocol field of the IP header. read more
More About: Analysis , Spot , Intrusion Detection , Spots , Detection

Regular Expression Development Tools
2007-03-29 21:06:00
Since ModSecurity is based on regular expressions, a lot of rule creation requires developing and testing regular expressions. Therefore I looked for a tool that can be used to test regular expressions for validity and accuracy before using the regular expression in a ModSecurity rule. I found two free tools that let you do that: read more
More About: Tools , Press , Development , Men , Tool

Scanning AJAX for Cross-Site Scripting Entry Points
2007-03-29 20:40:00
Introduces you to a quick way to identify XSS entry points in your AJAX application read more
More About: Scanning , Site , Cross , Script , Ajax

Your Identity Has Been Stolen: a 24-Point Recovery Checklist
2007-03-29 20:30:00
If you are between the ages of 18 to 29 and you live in Phoenix or Los Angeles, your chances for identity theft are higher than the national average according to the Federal Trade Commission (FTC) [PDF]. But, if you're over age thirty and you live in Somerset, Vermont (population 5), don't wipe the sweat off your brow just yet. read more
More About: Recovery , Stolen , Your , List , Check

Logging to Database Sample Download - Enterprise Library 3.0 Logging Applic
2007-03-29 10:39:00
by David Hayden Answering questions in the Enterprise Library Forums this morning and came across a developer having problems logging to a database. It is difficult to answer these questions without seeing the actual code and configuration information, so I just created an example of using the Logging Application Block to log to a database that you can download from my website. read more
More About: Download , Data , Database , Down

SQL Server 2005 Security Best Practices - Operational and Administrative Ta
2007-03-29 10:35:00
This white paper covers some of the operational and administrative tasks associated with Microsoft® SQL Server? 2005 security and enumerates best practices and operational and administrative tasks that will result in a more secure SQL Server system. Each topic describes a feature and best practices. For additional information on the specifics of utilities, features, and DDL statements referenced in this white paper, see SQL Server 2005 Books Online. Features and options that are new or defaults that are changed for SQL Server 2005 are identified. read more
More About: Security , Opera , Administrative , Practice , Mini

What to Do When Your Security's Breached
2007-03-26 00:02:00
Well, it's finally happened. Despite all your efforts to stop both internal and external attackers, someone has penetrated your defenses and stolen or damaged your data. read more
More About: Security , What , Hat , Your , When

Research from ShmooCon: JavaScript flaws peril Web
2007-03-25 23:42:00
JavaScript coding errors and Web developers who are inexperienced at working with emerging programming techniques represent serious threats to the security of many Internet sites and the people who visit them, according to malware researchers. read more
More About: Research , Java , Laws , Search

SSL on ISC, Part 1: What is SSL and why should I care?
2007-03-25 23:35:00
Achieve data security over open communications channels with Secure Sockets Layer (SSL), which provides encryption, certificate-based authentication, and security negotiations. This article, part one of a three-part series, describes SSL and explains why you should implement it on your Integrated Solutions Console. In parts two and three, follow a step-by-step guide to learn how to implement SSL on the Integrated Solutions Console versions 5.1 and 6.0.1, respectively. read more
More About: What , Hat , Care , Part , Should