This Month in the Threat Webscape
Recomand: http://community.websense.com/blogs/securitylabs/archive/2011/03/07/this-month-in-the-threat-webscape-february-2011.aspx
Read the rest of this entry »Archive for the ‘security’ Category
drame de computerici
Ieri m-am apucat sa fac un upgrade remote unui echipament Blue Coat Proxy SG. click click, click click apply, yes, reboot Dupa reboot-ul necesar pentru finalizarea upgrade-ului, nu imi mai accepta parola de admin. Drept urmare, am pus mana pe telefon si am anuntat oamenii de isprava, iar azi la prima ora m-am prezentat la [...]
Read the rest of this entry »facebook, cutia pandorei?
Accesul angajaților la rețelele de socializare precum Facebook, MySpace, Twitter a devenit, pe bună dreptate, tot mai controversat. Teama actuală față de rețelele de socializare este cauzată de aspecte de securitate și productivitate. Din punct de vedere al securității avem de-a face cu scurgerea informațiilor confidențiale pe de o parte și pe de altă parte [...]
Read the rest of this entry »the UNprotected
Bad news. You failed the database audit. the UNPROTECTED – episode 1 from Application Security, Inc. on Vimeo. the UNPROTECTED – episode 2 from Application Security, Inc. on Vimeo. the UNPROTECTED – episode 3 from Application Security, Inc. on Vimeo. the UNPROTECTED – episode 4 from Application Security, Inc. on Vimeo. the UNPROTECTED – Episode [...]
Read the rest of this entry »exprimare tehnico-juridica
Citind o hotarare de pe Jurindex cu privire la arestarea preventiva intr-o speta de criminalitate informatica, mi-au atras atentia frazele: Cu ajutorul root-urilor se căutau userii care foloseau acel protocol înregistrându-se un mesaj prin care diferitelor persoane selectate aleatoriu li se trimiteau mesaje avea o lărgime de bandă superioară, ce permitea urcarea (upload) / coborârea [...]
Read the rest of this entry »PCI DSS overview
Sursa. 1) Install and maintain a firewall configuration to protect data. 2) Do not use vendor-supplied defaults for system passwords and other security parameters. 3) Protect stored data. 4) Encrypt transmission of cardholder data and sensitive information across public networks. 5) Use and regularly update anti-virus software. 6) Develop and maintain secure systems and applications. [...]
Read the rest of this entry »Security Assessment of the Transmission Control Protocol (TCP)
http://tools.ietf.org/id/draft-ietf-tcpm-tcp-security-01.txt TCP Maintenance and Minor F. Gont Internet-Draft February 19, 2010 This document contains a security assessment of the specifications of the Transmission Control Protocol (TCP), and of a number of mechanisms and policies in use by popular TCP implementations. Additionally, it contains best current practices for hardening a TCP implementation. It is a derivative [...]
Read the rest of this entry »AppDetectivePro
Get started with AppDetective Pro with the 5 Essentials to Database Vulnerability Assessment. This 20-minute session covers how AppDetective Pro helps ground your compliance and security efforts. The 5 steps: 1) Inventory your database environment through Database Discovery. 2) Perform Penetration Tests to gauge outside-in vulnerabilities. 3) Check for vulnerabilities within the database’s configuration using [...]
Read the rest of this entry »