http://www.secuobs.com Observatoire de la securite Internet fr webmaster@secuobs.com 2011-02-11 20:42:29 - Accuvant Insight : In late December, the latest IIS FTP service vulnerability was made public by Matthew Bergin This event is significant because it s been a while since the last time a Windows Service had an unauthenticated vulnerability While the FTP server isn t enabled by default, the service is quite prolific in web hosting For most researchers in http://www.secuobs.com/revue/news/284698.shtmlhttp://www.secuobs.com/revue/news/284698.shtml Secuobs.com : 2011-02-04 19:06:02 - Accuvant Insight - Last week, ABCNewscom published an article discussing a new study in which Visa identified restaurants as the most likely sources of credit card theft An estimated 40 percent of all credit card theft occurs at these dining locations more than any other location Multiple factors make restaurants preferred targets With over 935,000 retail food outlets http://www.secuobs.com/revue/news/283050.shtmlhttp://www.secuobs.com/revue/news/283050.shtml Secuobs.com : 2010-12-09 19:33:31 - Accuvant Insight - Last year, identity theft raked as the number one consumer complaint category with 13 million people falling victim to the crime, according to the Federal Trade Commission FTC As e-commerce sales continue to increase Forrester Research has forecasted a 10 percent compound annual growth rate through 2014, rising from 155 billion in 2009 to 250 http://www.secuobs.com/revue/news/270612.shtmlhttp://www.secuobs.com/revue/news/270612.shtml Secuobs.com : 2010-11-17 02:18:00 - Accuvant Insight - Before cloud computing had even gotten off the ground, people were talking about the security implications of computing in the cloud When you step down from the semantic sugar and look at the basics, cloud computing is not fundamentally different from any other technology When a technology can be influenced to execute outside of its http://www.secuobs.com/revue/news/265385.shtmlhttp://www.secuobs.com/revue/news/265385.shtml Secuobs.com : 2010-09-23 19:06:46 - Accuvant Insight - My colleague, Ryan Smith, recently wrote about Defense in Depth and talked about the fact that, regardless of how many tools and techniques an organization implements to prevent infection through malware, they won t be able to stop every infection I agree, and would take that a step further to say that it s practical to assume http://www.secuobs.com/revue/news/251097.shtmlhttp://www.secuobs.com/revue/news/251097.shtml Secuobs.com : 2010-09-17 00:37:00 - Accuvant Insight - It s a pretty well known fact that an attacker with sufficient means and motive has the potential to bypass every security measure you put in place As a countermeasure to this belief, people often propose Defense in Depth DiD , believing that by implementing layers of security controls at various logical and physical tiers within an http://www.secuobs.com/revue/news/246568.shtmlhttp://www.secuobs.com/revue/news/246568.shtml Secuobs.com : 2010-09-17 00:37:00 - Accuvant Insight - Network Access Control NAC is something that people are talking about everywhere, whether they realize it or not It s not that they are determining how to utilize standards such as 8021X, IF-MAP and MS-NAP, or marveling at how cool and exciting they might be Instead, the discussions are around business decisions and initiatives that are http://www.secuobs.com/revue/news/246567.shtmlhttp://www.secuobs.com/revue/news/246567.shtml Secuobs.com : 2010-09-17 00:37:00 - Accuvant Insight - In the malware mitigation market, there are divisions among the vendors The perspective of the vendor, detection philosophy and technology approaches are examples of the vendors different views Most legacy network security devices have developed some semblance of controls to fight malware Similar to the approach of traditional AV vendors, it is relatively easy for a http://www.secuobs.com/revue/news/246566.shtmlhttp://www.secuobs.com/revue/news/246566.shtml Secuobs.com : 2010-09-17 00:37:00 - Accuvant Insight - A new version of the PCI Data Security Standard PCI-DSS is targeted for release in October A lot of companies are aware that the revised standard is coming out, and many of our clients have been asking us what the revisions will entail, and what they ll mean to them I think Seana Pitt, American Express vice http://www.secuobs.com/revue/news/246565.shtmlhttp://www.secuobs.com/revue/news/246565.shtml Secuobs.com : 2010-09-17 00:37:00 - Accuvant Insight - Hello internet-sphere, My name is Chris Valasek and I m the newest edition to the Accuvant LABS research team I will be working alongside Chief Research Scientist Ryan Smith on a variety of subjects While I mainly do reverse engineering and exploitation related work, we have plans to work on a wide array of internet awesomeness Additionally, I http://www.secuobs.com/revue/news/246564.shtmlhttp://www.secuobs.com/revue/news/246564.shtml Secuobs.com : 2010-06-29 23:58:40 - Accuvant Insight - There was once a day when you were considered kind of cool if you had a smartphone or Blackberry it was an honor typically reserved for executives How the times have changed in just a few short years Now, everywhere you look, someone is using a smartphone That s a good thing as it s improved http://www.secuobs.com/revue/news/236281.shtmlhttp://www.secuobs.com/revue/news/236281.shtml Secuobs.com : 2010-06-23 23:28:57 - Accuvant Insight - I recently provided Steven Vaughan-Nichols with some information for an ITWorld article about rootkits tools that attackers use to hide their presence on compromised systems Pulling together my thoughts for Steven really got me thinking a lot about how rootkits started, how they ve evolved, and what s to be expected in the near future Originally, rootkits http://www.secuobs.com/revue/news/234329.shtmlhttp://www.secuobs.com/revue/news/234329.shtml Secuobs.com : 2010-05-11 23:39:03 - Accuvant Insight - Do you allow your employees to use Facebook, Twitter, LinkedIn and others from your corporate network Or, do you have a no social media on the corporate network policy If you re part of the first group, read on You ve got some serious security issues to consider In the old days, when Web 10 was all the http://www.secuobs.com/revue/news/221139.shtmlhttp://www.secuobs.com/revue/news/221139.shtml Secuobs.com : 2010-04-27 17:59:38 - Accuvant Insight - Consider the potential thought process of the IT professional who is challenged with managing security for his or her organization s computer infrastructure What did those 30,000 systems cost anyway How much more will it cost for software licensing, tech support and hardware upgrades every couple of years And, to add insult to injury, apparently one http://www.secuobs.com/revue/news/216495.shtmlhttp://www.secuobs.com/revue/news/216495.shtml Secuobs.com : 2010-04-19 18:40:50 - Accuvant Insight - We are often asked by customers about the relative value of implementing WIPS Wireless Intrusion Prevention Protection Systems in their enterprise network environments either to support a no wireless policy or to augment a WLAN solution and add an additional layer of protection It seems a lot of people equate this kind of system with the http://www.secuobs.com/revue/news/213691.shtmlhttp://www.secuobs.com/revue/news/213691.shtml Secuobs.com : 2010-04-07 17:59:04 - Accuvant Insight - I was recently asked by a reporter, Is the trend towards comprehensive security suites a positive development, or does Accuvant prefer to assemble a solution from various best-of-breed products Personally, I don t think this question can be easily answered, nor do I necessarily agree that the trend exists, at least to any greater extent than http://www.secuobs.com/revue/news/209803.shtmlhttp://www.secuobs.com/revue/news/209803.shtml Secuobs.com : 2010-03-11 20:04:48 - Accuvant Insight - Late last week, I read a SearchSecuritycom blog that quoted Caleb Sima as saying, developers shouldn t learn anything about security It s not their job I felt compelled to write about the piece, not to support or condemn that statement, but rather to encourage people to think about the bigger picture You see, there are a variety http://www.secuobs.com/revue/news/200789.shtmlhttp://www.secuobs.com/revue/news/200789.shtml Secuobs.com : 2010-03-09 00:27:03 - Accuvant Insight - Last week, NetworkWorld published an article under the headline RSA 1024-bit private key encryption cracked RSA encryption was one of the first widely-used asymmetric key algorithms, meaning it used two keys, one public and one private A message encrypted with the public key couldn t be decrypted without the private key, the idea being that your http://www.secuobs.com/revue/news/199538.shtmlhttp://www.secuobs.com/revue/news/199538.shtml Secuobs.com : 2010-02-22 22:52:52 - Accuvant Insight - A recent article published on the Wall Street Journal online declares a Broad New Hacking Attack involving the new malware threat, Zeus or zbot This threat is far from new, however, neither the malware nor the phenomenon In April of 2008, RSA issued an advisory about the threat It is simply another dashboard exploiting a http://www.secuobs.com/revue/news/194347.shtmlhttp://www.secuobs.com/revue/news/194347.shtml Secuobs.com : 2010-02-11 02:26:27 - Accuvant Insight - The latest Oracle vulnerability announcement at the Black Hat DC 2010 conference by security researcher, David Litchfield of NGS Software, could possibly prove troublesome for Oracle 11g users The potential impact of this set of vulnerabilities could be devastating to an enterprise that has sensitive data contained in databases, and allows low level privileged users access http://www.secuobs.com/revue/news/190746.shtmlhttp://www.secuobs.com/revue/news/190746.shtml Secuobs.com : 2009-07-27 19:03:40 - Accuvant Insight - Today, during the 2009 BlackHat conference in Las Vegas, Accuvant officially announced the addition of a research and development division to its security assessment practice, which is now called Accuvant Labs insert link to press release on wwwaccuvantcom This is significant for several reasons First, security research experts Alex Wheeler and Ryan Smith, who most http://www.secuobs.com/revue/news/125395.shtmlhttp://www.secuobs.com/revue/news/125395.shtml Secuobs.com : 2009-05-31 16:44:35 - Accuvant Insight - The difference between a mediocre application assessment and a stellarone is assimilation of information and the ability to apply it to theproblem at hand During an application assessment an individual has alimited amount of time to understand an application, its underlyingarchitecture, the development methodology and compress that intoknowledge that can http://www.secuobs.com/revue/news/103792.shtmlhttp://www.secuobs.com/revue/news/103792.shtml Secuobs.com : 2009-05-31 16:44:35 - Accuvant Insight - So the week before last Neel Mehta of Google, Alex Wheeler ofTippingPoint, Dave Bonvillain of Accuvant, and myself made our way toAmsterdam to speak at Blackhat Europe The topic of our talk was‘Cutting thru the Hype: An Analysis of Application Security TestingMethodologies’ Dave’s name… we were going to speak about all http://www.secuobs.com/revue/news/103791.shtmlhttp://www.secuobs.com/revue/news/103791.shtml Secuobs.com : 2009-05-31 16:44:35 - Accuvant Insight - Overview: The blog post here makes statements about a vulnerability inthe Linux kernel handling of SCTP data The primary point of the postis to show how a vulnerability that was once thought to be of arelative low risk was incorrectly assessed and it can provide a 3rdparty remote access to a server http://www.secuobs.com/revue/news/103790.shtmlhttp://www.secuobs.com/revue/news/103790.shtml Secuobs.com : 2009-05-31 16:44:35 - Accuvant Insight - You can patch OSes all you want and scan your network with just about anygeneral vulnerability scanner but you've left out one very importantstep - password policy enforcement beyond just domain accountshttp://www.secuobs.com/revue/news/103789.shtmlhttp://www.secuobs.com/revue/news/103789.shtml Secuobs.com : 2009-05-31 16:44:35 - Accuvant Insight - A successful security program is not run like a dictatorship but ratherlike a partnership, one of the team, all fighting for a common causeIn order to have a successful security program within an organizationeveryone has to be involved and support ithttp://www.secuobs.com/revue/news/103788.shtmlhttp://www.secuobs.com/revue/news/103788.shtml