http://www.secuobs.com Observatoire de la securite Internet fr webmaster@secuobs.com 2013-05-14 04:35:19 - security : Cipto Junaedy Nama ini sudah tidak asing lagi Strategi Tanpa Uang Tanpa Utang yang diajarkannya dikenal orisinil dan mendobrak Strateginya itu mampu mematahkan strategi Kiyosaki dan Dolf De Ross yang berbasis utang Hampir setiap minggu namanya menghiasi berbagai media massa nasional dan daerah Seminar yang dibawakannya pun menjadi yang terbesar dan terpopuler, juga hadir secara eksklusif dikenal tanpa menggunakan sponsor manapun, karena materi yang disampaikannya berbicara tentang strategi dan agar bebas kepentingan Hanya dalam waktu relatif singkat sejak memulai seminarnya, Cipto Junaedy telah berbicara di hadapan lebih dari 500000 orang Dia didengar oleh berbagai lapisan masyarakat Mulai dari yang kaya dan berpengaruh, seperti pengusaha besar, direktur korporat, para pejabat pemerintahan tingkat pusat maupun daerah, tokoh-tokoh parpol, anggota DPR, artis-artis terkenal, presenter televisi, wartawan, kalangan militer dan kepolisian, pengacara, pemuka agama, tokoh-tokoh adat, dokter, aktivis LSM, budayawan, hingga yang sederhana, seperti ibu rumah tangga, mahasiswa, guru, pensiunan, pedagang kecil, dan relawan korban bencana Rata-rata setiap 42 hari Cipto Junaedy memberikan 1 rumah gratis atau uang senilai rumah kepada mereka yang membutuhkan Sebagai mentor, dia juga telah membuktikan ajarannya sendiri dalam membeli property tanpa uang tanpa utang Dia telah mencaplok berbagai property strategis di sejumlah kota besar di Indonesia dan luar negeri Yang terkini, pada Mei 2011, dia berhasil mencaplok 90 unit apartement yang bergengsi di Jakarta dari developer terkemuka hanya dalam waktu 15 hari http chordsmantapblogspotcom 2013 05 cipto-junaedyhtml http://www.secuobs.com/revue/news/445194.shtmlhttp://www.secuobs.com/revue/news/445194.shtml Secuobs.com : 2013-04-08 13:00:32 - security - 1 Tegakkan Hak Kewajiban Anda Selaku KonsumenKonsumen diajarkan untuk kritis dan berani memperjuangkan haknya apabila barang jasa yang dibelinya tidak sesuai dengan standar yang dipersyaratkan dan tidak sesuai dengan diperjanjikan, tetapi Konsumen cerdas paham perlindungan konsumen juga harus mengerti kewajibannya sebagaimana tercantum pada UUPK 2 Teliti Sebelum MembeliKonsumen cerdas paham perlindungan konsumen diajarkan selalu mempunyai kebiasaan untuk teliti atas barang dan atau jasa yang ditawarkan tersedia dipasar Minimal secara kasat mata dapat digunakan untuk mengetahui keadaan yang sebenarnya dari barang dan atau jasa tersebut, dan bila kurang jelas paham, dapat menyampaikan untuk bertanya atau untuk memperoleh informasi atas barang dan atau jasa tersebut Berdasarkan hal ini, dapat diperoleh gambaran umum atas barang dan atau jasa yang ditawarkan di pasar 3 Perhatikan Label, MKG, dan Masa KadaluarsaKonsumen harus lebih kritis untuk mengetahui kondisi barang dan atau jasa, khususnya atas barang makanan, minuman, obat dan kosmetik, dalam keadaan terbungkus yang disertai label Dalam label dicantumkan antara lain komposisi, manfaat aturan pakai, dan masa berlaku Bila membeli produk telematika dan elektronika harus dilengkapi dengan petunjuk penggunaan manual dan kartu jaminan garansi purna jual dalam bahasa Indonesia Perhatikan masa kadaluarsa agar berhati-hati terhadap barang yang masuk kedalam tubuh atau yang digunakan diluar atas tubuh Karena barang tersebut sangat erat kaitannya dengan aspek kesehatan, keamanan dan keselamatan K3L konsumen 4 Pastikan Produk Sesuai dengan Standar Mutu K3LKonsumen diajak untuk mulai akrab dengan produk bertanda SNI dan memperhatikan produk yang sudah yang wajib SNI Produk bertanda SNI lebih memberikan jaminan kepastian atas kesehatan, keamanan dan keselamatan konsumen, bahkan lingkungannya K3L Saat ini terdapat produk dengan SNI yang diberlakukan secara sukarela voluntary dan 89 jenis produk yang sudah SNI Wajib Standar lain yang diberlakukan di dunia adalah Japanese Industrial Standards JIS , British Standards BS , American Society for Testing and Materials ASTM , Codex Standard, Conformità Europà enne CE , dan lain-lain 5 Beli Sesuai Kebutuhan Bukan KeinginanKonsumen diajak untuk mempunyai budaya perilaku tidak konsumtif artinya bukan barang dan atau jasa yang menguasai atau mempengaruhi konsumen andalah sebagai Konsumen cerdas paham perlindungan konsumen yang menguasai keinginannya untuk membeli barang dan atau jasa http://www.secuobs.com/revue/news/438122.shtmlhttp://www.secuobs.com/revue/news/438122.shtml Secuobs.com : 2012-12-14 19:52:16 - security - Obat Wasir dan Ambeien Manjur di Obatwasirbiz adalah suatu keyword yang sedang di perlombakan di lintasan seo google yang akan segera berakhir dalam beberapa jam sahabat saya pembolang ikut berpartisipasi dalam ajang kontes seo ini Kontes seo ini diadakan oleh obatwaasirbiz yang mana menyediakan tentang obat herbal untuk penyakit wasir dan lain sebagainya Semoga pembolang bisa mempertahankan posisi nya di page one dalam kontes seo Obat Wasir dan Ambeien Manjur di Obatwasirbiz http://www.secuobs.com/revue/news/417135.shtmlhttp://www.secuobs.com/revue/news/417135.shtml Secuobs.com : 2012-12-09 04:20:03 - security - This is some Short cut from windows 8 check it out Windows key Switch between Modern Desktop Start screen and the last accessed application Windows key C Access the charms bar Windows key Tab Access the Modern Desktop Taskbar Windows key I Access the Settings charm Windows key H Access the Share charm Windows key K Access the Devices charm Windows key Q Access the Apps Search screen Windows key F Access the Files Search screen Windows key W Access the Settings Search screen Windows key P Access the Second Screen bar Windows key Z Brings up the App Bar when you have a Modern Desktop App running Windows key X Access the Windows Tools Menu Windows key O Lock screen orientation Windows key Move the screen split to the right Windows key Shift Move the screen split to the left Windows key V View all active Toasts Notifications Windows key Shift V View all active Toasts Notifications in reverse order Windows key PrtScn Takes a screenshot of the screen and automatically saves it in the Pictures folder as Screenshot Windows key Enter Launch Narrator Windows key E Open Computer Windows key R Open the Run dialog box Windows key U Open Ease of Access Center Windows key Ctrl F Open Find Computers dialog box Windows key Pause Break Open the System page Windows key 110 Launch a program pinned on the Taskbar in the position indicated by the number Windows key Shift 110 Launch a new instance of a program pinned on the Taskbar in the position indicated by the number Windows key Ctrl 110 Access the last active instance of a program pinned on the Taskbar in the position indicated by the number Windows key Alt 110 Access the Jump List of a program pinned on the Taskbar in the position indicated by the number Windows key B Select the first item in the Notification Area and then use the arrow keys to cycle through the items Press Enter to open the selected item Windows key Ctrl B Access the program that is displaying a message in the Notification Area Windows key T Cycle through the items on the Taskbar Windows key M Minimize all windows Windows key Shift M Restore all minimized windows Windows key D Show Hide Desktop minimize restore all windows Windows key L Lock computer Windows key Up Arrow Maximize current window Windows key Down Arrow Minimize restore current window Windows key Home Minimize all but the current window Windows key Left Arrow Tile window on the left side of the screen Windows key Right Arrow Tile window on the right side of the screen Windows key Shift Up Arrow Extend current window from the top to the bottom of the screen Windows key Shift Left Right Arrow Move the current window from one monitor to the next Windows key F1 Launch Windows Help and Support PageUp Scroll forward on the Modern Desktop Start screen PageDown Scroll backward on the Modern Desktop Start screen Esc Close a charm Ctrl Esc Switch between Modern Desktop Start screen and the last accessed application Ctrl Mouse scroll wheel Activate the Semantic Zoom on the Modern Desktop screen Alt Display a hidden Menu Bar Alt D Select the Address Bar Alt P Display the Preview Pane in Windows Explorer Alt Tab Cycle forward through open windows Alt Shift Tab Cycle backward through open windows Alt F Close the current window Open the Shut Down Windows dialog box from the Desktop Alt Spacebar Access the Shortcut menu for current window Alt Esc Cycle between open programs in the order that they were opened Alt Enter Open the Properties dialog box of the selected item Alt PrtScn Take a screen shot of the active Window and place it in the clipboard Alt Up Arrow Move up one folder level in Windows Explorer Like the Up Arrow in XP Alt Left Arrow Display the previous folder Alt Right Arrow Display the next folder Shift Insert CD DVD Load CD DVD without triggering Autoplay or Autorun Shift Delete Permanently delete the item rather than sending it to the Recycle Bin Shift F6 Cycle backward through elements in a window or dialog box Shift F10 Access the context menu for the selected item Shift Tab Cycle backward through elements in a window or dialog box Shift Click Select a consecutive group of items Shift Click on a Taskbar button Launch a new instance of a program Shift Right-click on a Taskbar button Access the context menu for the selected item Ctrl A Select all items Ctrl C Copy the selected item Ctrl X Cut the selected item Ctrl V Paste the selected item Ctrl D Delete selected item Ctrl Z Undo an action Ctrl Y Redo an action Ctrl N Open a new window in Windows Explorer Ctrl W Close current window in Windows Explorer Ctrl E Select the Search box in the upper right corner of a window Ctrl Shift N Create new folder Ctrl Shift Esc Open the Windows Task Manager Ctrl Alt Tab Use arrow keys to cycle through open windows Ctrl Alt Delete Access the Windows Security screen Ctrl Click Select multiple individual items Ctrl Click and drag an item Copies that item in the same folder Ctrl Shift Click and drag an item Creates a shortcut for that item in the same folder Ctrl Tab Move forward through tabs Ctrl Shift Tab Move backward through tabs Ctrl Shift Click on a Taskbar button Launch a new instance of a program as an Administrator Ctrl Click on a grouped Taskbar button Cycle through the instances of a program in the group F1 Display Help F2 Rename a file F3 Open Search F4 Display the Address Bar list F5 Refresh display F6 Cycle forward through elements in a window or dialog box F7 Display command history in a Command Prompt F10 Display hidden Menu Bar F11 Toggle full screen display Tab Cycle forward through elements in a window or dialog box PrtScn Take a screen shot of the entire screen and place it in the clipboard Home Move to the top of the active window End Move to the bottom of the active window Delete Delete the selected item Backspace Display the previous folder in Windows Explorer Move up one folder level in Open or Save dialog box Esc Close a dialog box Num Lock Enabled Plus Display the contents of the selected folder Num Lock Enabled Minus - Collapse the selected folder Num Lock Enabled Asterisk Expand all subfolders under the selected folder Press Shift 5 times Turn StickyKeys on or off Hold down right Shift for 8 seconds Turn FilterKeys on or off Hold down Num Lock for 5 seconds Turn ToggleKeys on or off http://www.secuobs.com/revue/news/415901.shtmlhttp://www.secuobs.com/revue/news/415901.shtml http://www.secuobs.com Observatoire de la securite Internet fr webmaster@secuobs.com 2013-05-25 20:01:42 - Security Bloggers Network : Since big data is a hot topic these days, there s no question an increasing number of enterprise infosec teams are going to be asked about the security-related ramifications of big data projects There are many issues to look into, but here are a few tips for making big data security efforts more secure during architecture and implementation phases 1 Create data controls as close to the data as possible, since much of this data isn t owned by the security team The risk of having big data traversing your network is that you have large amounts of confidential data such as credit card data, Social Security numbers, personally identifiable information PII , etc -- that s residing in new places and being used in new ways Also, you re usually not going to see terabytes of data siphoned from an organization, but the search for patterns to find the content in these databases is something to be concerned about Keep the security as close to the data as possible and don t rely on firewalls, IPS, DLP or other systems to protect the data 2 Verify that sensitive fields are indeed protected by using encryption so when the data is analyzed, manipulated or sent to other areas of the organization, you re limiting risk of exposure All sensitive information needs to be encrypted once you have control over it 3 After you ve made the move to encrypt data, the next logical step is to concern yourself with key management There are a few new ways to perform key management, including creating keys on an as-needed basis so you don t have to store them Read the rest of the article here http searchsecuritytechtargetcom answer Securing-big-data-Architecture-tips-for-building-security-in IMAGE http://www.secuobs.com/revue/news/447754.shtmlhttp://www.secuobs.com/revue/news/447754.shtml 2013-05-25 12:56:56 - Security Bloggers Network : Our 60 Second Security videos are back We're aiming for a weekly roundup that's quick, fun and useful But there is a serious side security anecdotes to use in your own elevator advocacy http://www.secuobs.com/revue/news/447719.shtmlhttp://www.secuobs.com/revue/news/447719.shtml 2013-05-25 08:24:57 - SecurityTube.Net : A thirteen-year security veteran and well-known Snort expert, Jason Brvenik s first exposure to Sourcefire was as the company s first customer Impressed with Sourcefire s technology and products, Jason joined the company in August 2002 and has since achieved the distinction of Sourcefire Security Fellow In his role, Jason works closely with Martin Roesch, author of Snort and CTO of Sourcefire, and the highly acclaimed Sourcefire Vulnerability Research Team to help ensure that future offerings are on track with the needs of Sourcefire s major multi-national customers and the security market, as well as helps to direct the Sourcefire resources who provide technical sales support to customers Prior to joining Sourcefire, Jason was a Senior Security Architect for PricewaterhouseCoopers IMAGE http://www.secuobs.com/revue/news/447708.shtmlhttp://www.secuobs.com/revue/news/447708.shtml 2013-05-25 05:30:50 - Security Bloggers Network : info-blog-iconjpg Cyber regulation debate heats up http wwwbankinfosecuritycom cyber-regulation-debate-heats-up-a-5779 I must have missed the part where the debate cooled down info-blog-iconjpg Ranum US government has no idea how to wage cyber war http wwwzdnetcom us-government-has-no-idea-how-to-wage-cyberwar-ranum-7000015840 I m pretty sure every government has ideas how effective or useful these ideas are remains open for debate info-blog-iconjpg Iran hacks US energy firms http onlinewsjcom article SB10001424127887323336104578501601108021968html In the latest operations, the Iranian hackers were able to gain access to control-system software that could allow them to manipulate oil or gas pipelines info-blog-iconjpg Report says active recovery efforts could deter IP theft by foreign attackers http threatpostcom report-says-active-recovery-efforts-could-deter-ip-theft-by-foreign-attackers What I loved about this article is the euphemism active recovery a kinder, gentler way to talk about retaliatory attacks info-blog-iconjpg Critical vulnerability discovered in industrial control product http wwwscmagazinecom critical-vulnerablilty-discovered-in-industrial-control-product article 294670 Two programmable gateways, BL20 and BL 67, produced by German manufacturer TURCK have hard coded log in credentials info-blog-iconjpg Irrational hackers are a bigger threat to US http wwwtgdailycom hardware-brief 71851-irrational-hackers-are-a-bigger-threat-to-us Cybersecurity researchers are worried that focusing on rational attackers like the Chinese might be dangerous info-blog-iconjpg Infectious Computer Worms Are Sucking Energy And Money From Companies http wwwforbescom sites kensilverstein 2013 05 23 infectious-computer-worms-are-sucking-energy-and-money-from-companies More than a dozen utilities are reporting cyber attacks from malware and spyware http://www.secuobs.com/revue/news/447675.shtmlhttp://www.secuobs.com/revue/news/447675.shtml 2013-05-25 01:29:51 - Security Bloggers Network : A group of all-star players don't necessarily mean a winning team Taking that into the Enterprise Security world, today I tackle a long-standing debate over the prioritization of people, process and technology as it relates to an enterprise security p http://www.secuobs.com/revue/news/447665.shtmlhttp://www.secuobs.com/revue/news/447665.shtml 2013-05-24 22:29:36 - Dark Reading All Stories : New findings also highlight poor policy visibility and a lack of automation as significant challenges faced by European organizations http://www.secuobs.com/revue/news/447634.shtmlhttp://www.secuobs.com/revue/news/447634.shtml 2013-05-24 20:59:47 - Security Bloggers Network : In the 3rd of a 4 part webinar series, information security professionals Alan Calder and Phil Hare of Vigilant Software took viewers through the process of carrying out an Information Security Risk Assessment using vsRisk Don't worry if yo http://www.secuobs.com/revue/news/447621.shtmlhttp://www.secuobs.com/revue/news/447621.shtml 2013-05-24 20:02:10 - Security Bloggers Network : In order to deliver predictive threat protection to our customers, the Umbrella Security Labs research team has to collect and correlate data from various sources in innovative ways We ve shared in previous posts how our team applies proprietary algorithms to data from the OpenDNS Global Network, but we re constantly on the hunt for easy-to-use data platforms The post Big Data Driven Security with Splunk appeared first on Umbrella Security Labs http://www.secuobs.com/revue/news/447598.shtmlhttp://www.secuobs.com/revue/news/447598.shtml 2013-05-24 15:31:18 - Security Bloggers Network : We infosec folk eat up industry reports and most of us have no doubt already gobbled up panda_security s recently released Q1 2013 Report PDF It s a good read so go ahead and read it, we ll still be here and I was really happy to see a nicely stylized chart in the early pages However, I http://www.secuobs.com/revue/news/447546.shtmlhttp://www.secuobs.com/revue/news/447546.shtml 2013-05-24 13:38:45 - ShackF00 : I recently read an article that was posted by my friend Brian Honan titled Is it time to professionalize information security I know this debate s been going on for a bit I have a lot of respect for Brian who supports licensing or professionalizing infosec , for a lot of reasons If you ve ever met the guy, and or http://www.secuobs.com/revue/news/447526.shtmlhttp://www.secuobs.com/revue/news/447526.shtml 2013-05-24 12:11:52 - Security Bloggers Network : A recent study by Dr Latanya Sweeney of Harvard University elucidated the genome of more than 1,000 survey participants for the Personal Genome Project and Harvard s Data Privacy Lab In this project, participants provided DNA samples as well as basic information such as birthdate, zip code, http://www.secuobs.com/revue/news/447508.shtmlhttp://www.secuobs.com/revue/news/447508.shtml 2013-05-24 12:11:52 - Security Bloggers Network : Small businesses are under constant attack from malware, scams and online fraud They are simply woefully under-prepared to keep their assets safe Despite reorganisation and redirected priorities, the police can still do little to help Here are some http://www.secuobs.com/revue/news/447507.shtmlhttp://www.secuobs.com/revue/news/447507.shtml 2013-05-24 11:16:51 - Help Net Security News : A Hanover Research survey of 131 information security professionals revealed key differences between the way executive and non-executive IT professionals communicate with senior leadership Key s http://www.secuobs.com/revue/news/447499.shtmlhttp://www.secuobs.com/revue/news/447499.shtml 2013-05-24 10:50:58 - Acunetix Web Application Security Blog : Google Hacking is a hacking technique used by hackers to identify web security vulnerabilities on web applications or gather information for general or individual targets Mostly this information includes configuration and source code files, sensitive data, database information, etc This The post Web Security Vulnerabilities Exposed by Google Searches Google Hacking appeared first on Acunetix http://www.secuobs.com/revue/news/447496.shtmlhttp://www.secuobs.com/revue/news/447496.shtml 2013-05-24 10:27:16 - Security Bloggers Network : This directive could be the touchstone because the vast majority of Internet users appear to agree that something must be done to improve on-line security Unfortunately this is not the something that should be done In the meantime make sure you respond to the BIS call for evidence so that, with luck, we can get the Directive re-written before the start of the inter-regnum http://www.secuobs.com/revue/news/447495.shtmlhttp://www.secuobs.com/revue/news/447495.shtml 2013-05-24 08:00:54 - Security Bloggers Network : Tripwire has announced the results of a survey of 131 information security professionals that revealed key differences between the way executive and non-executive IT professionals communicate with senior leadership The online survey was conducted this year between January and March by Hanover Research Key survey findings include Only 38pourcents of non-executive respondents use business-oriented language Read More IMAGE IMAGE http://www.secuobs.com/revue/news/447485.shtmlhttp://www.secuobs.com/revue/news/447485.shtml 2013-05-24 06:30:31 - Risky Business : Tagline Lots of money going into cyber Media URL http mediariskybiz auscert2013 caseysiliconmp3Content HeadersContent Length 4866587 Content Type audio mpeg In this sponsor interview with chat with Casey Ellis, the founder of BugCrowd BugCrowd is an Australian business, but Casey is currently in the USA where the appetite for information security investment opportunities is apparently hitting fever pitch In this interview I ask him how one might get started off on the path to massive phatcash through their cybersecurity startup http://www.secuobs.com/revue/news/447479.shtmlhttp://www.secuobs.com/revue/news/447479.shtml 2013-05-24 06:21:16 - Security Bloggers Network : This past week Whitehat Security, the leader in web application vulnerability assessment, released a series of interview's their Director of Product Management Richard Hansen held with a self professed blackhat In this http://www.secuobs.com/revue/news/447474.shtmlhttp://www.secuobs.com/revue/news/447474.shtml 2013-05-24 05:57:25 - Dark Reading All Stories : Researchers expect to release proof-of-concepts at Black Hat that show how malware can infect BIOS, persist past updates and fool the TPM into thinking everything's fine http://www.secuobs.com/revue/news/447471.shtmlhttp://www.secuobs.com/revue/news/447471.shtml 2013-05-24 04:05:14 - Security Bloggers Network : info-blog-iconjpg Hackers find China the land of opportunity http wwwnytimescom 2013 05 23 world asia in-china-hacking-has-widespread-acceptancehtml smid tw-share r 0 Really interesting read about the commercialization of hacking as a service info-blog-iconjpg North Carolina fuel distributor hit by 800,000 cyberheist http krebsonsecuritycom 2013 05 nc-fuel-distributor-hit-by-800000-cyberheist The way the bank changed it account access , anybody anywhere could access it as long as they had my login, and apparently that s what happened because the logins came from a different IP address than our normal one I think they made it more convenient, but less secure info-blog-iconjpg Utilties to FERC Thanks for your security controls, but no thanks http wwwsmartgridnewscom artman publish Technologies_Security Utilities-to-FERC-Take-your-security-measures-and-shove-it-5778html utm_source buffer utm_medium twitter utm_campaign Buffer utm_content buffer9ad79 UZ5qSIfVCYk The controversy of regulation continues info-blog-iconjpg FBI Arrests NYPD Detective On Hacking Charges http wwwinformationweekcouk security attacks fbi-arrests-nypd-detective-on-hacking-ch 240155332 The Department of Justice Tuesday announced the arrest of New York City Police Department NYPD detective Edwin Vargas, 42, on computer hacking charges info-blog-iconjpg Government Plan to Build Back Doors for Online Surveillance Could Create Dangerous Vulnerabilities http wwwslatecom blogs future_tense 2013 05 23 calea_reform_to_build_back_doors_into_online_communications_could_createhtml Do the benefits of intentionally made back doors outweigh the risks info-blog-iconjpg IT security vendors seen as clueless on industrial control systems http wwwcsoonlinecom article 733873 it-security-vendors-seen-as-clueless-on-industrial-control-systems The IT world has done an awful lot more on networking than we have, but they're not looking at our types of applications and constraints, info-blog-iconjpg Is it time to professionalize information security http wwwnet-securityorg articlephp id 1842 Information security is no longer a niche department info-blog-iconjpg Cyber security spending on electrical grid infrastructure to reach 29bn by 2013 http securitycbronlinecom news cyber-security-spending-on-electrical-grid-infrastructure-to-reach-29bn-by-2013-230513 Operators need to view cyber security as a core, integrated requirement of their offering and not as a secondary add-on info-blog-iconjpg Kim Dotcom Claims He Invented Two-Step Authentication http wwwpcmagcom article2 0,2817,2419441,00asp Dotcom says he will allow Google, Facebook and Twitter to use his patent for free if they help fund his legal defense http://www.secuobs.com/revue/news/447466.shtmlhttp://www.secuobs.com/revue/news/447466.shtml 2013-05-24 02:56:31 - Dark Reading All Stories : Majority of senior-level IT and security respondents concerned about inability to secure data across big data initiatives, Voltage Security study http://www.secuobs.com/revue/news/447462.shtmlhttp://www.secuobs.com/revue/news/447462.shtml 2013-05-24 01:16:28 - Dark Reading All Stories : Survey shows communication breakdown between IT security staffers and business execs http://www.secuobs.com/revue/news/447453.shtmlhttp://www.secuobs.com/revue/news/447453.shtml 2013-05-23 23:56:29 - Security Bloggers Network : Are you working on cutting edge research on the future of cybersecurity policy If so, you have less than 3 weeks left to enter our Cybersecurity 2020 essay contest for a chance to win the 5,000 cash prize Read more read more http://www.secuobs.com/revue/news/447443.shtmlhttp://www.secuobs.com/revue/news/447443.shtml 2013-05-23 23:04:23 - Security Bloggers Network : Twitter has introduced a new two-factor security system - an optional extra layer of security which should help to prevent unauthorised access to accounts The post Twitter beefs up security after wave of attacks on media sites appeared first on We Live Security http://www.secuobs.com/revue/news/447435.shtmlhttp://www.secuobs.com/revue/news/447435.shtml 2013-05-23 22:56:44 - CORE Security : In my latest SecurityWeek article, I try to address the important question, where are the security breakdowns and why are they happening with such regularity When it comes to cyber security there are two indisputable facts One, a network is only as secure as you make it and two, human behavior will always be the http://www.secuobs.com/revue/news/447432.shtmlhttp://www.secuobs.com/revue/news/447432.shtml 2013-05-23 21:08:20 - Security Bloggers Network : By now, many of you have seen this week s announcement detailing the Websense agreement to be acquired by Vista Equity Partners and become a privately held company I view this as a very positive development for our Websense customers, partners, http://www.secuobs.com/revue/news/447409.shtmlhttp://www.secuobs.com/revue/news/447409.shtml 2013-05-23 21:08:20 - Security Bloggers Network : Twitter released its two-factor authentication feature yesterday Given the time it took to roll it out, I anticipated it to be a non-shared dedicated mobile application like Microsoft or Google or an innovative application integration to deliver the two-factor authentication It uses mobile phone as the second factor but not as I expected Basically, Twitter says Give http://www.secuobs.com/revue/news/447408.shtmlhttp://www.secuobs.com/revue/news/447408.shtml 2013-05-23 20:48:27 - Network World on Security : A Google security engineer accused Microsoft of treating outside researchers with great hostility days before posting details of an unpatched vulnerability in Windows that could be used to crash PCs or gain additional access rights http://www.secuobs.com/revue/news/447399.shtmlhttp://www.secuobs.com/revue/news/447399.shtml 2013-05-23 20:48:27 - Network World on Security : Many IT security vendors have a minimal understanding of industrial control systems ICS and try to sell technology that could easily damage the devices found in plants running the nation's critical infrastructure, experts say http://www.secuobs.com/revue/news/447398.shtmlhttp://www.secuobs.com/revue/news/447398.shtml 2013-05-23 20:10:42 - Security Bloggers Network : The US Securities and Exchange Commission is currently reviewing whether public companies should divulge more information on cyber-attacks and risks that impact their networks to their investors Will the SEC guidelines help companies connect security to their businesses Listen to Tim Eriln and Dwayne Melançon discuss the SEC proposal and more on Tripwire's State of Security blog http://www.secuobs.com/revue/news/447376.shtmlhttp://www.secuobs.com/revue/news/447376.shtml 2013-05-23 20:10:42 - Security Bloggers Network : People often ask for tips on staying safe in cyberspace while traveling in real space It s odd to think that our physical location affects our digital lives, but various state and non-state threat actors can have a real impact on digital security during business trips or vacations Read the rest http://www.secuobs.com/revue/news/447375.shtmlhttp://www.secuobs.com/revue/news/447375.shtml 2013-05-23 20:10:42 - Security Bloggers Network : If you want to drive traffic to your security blog, here are some sure-fire topics Responsible disclosure Security awareness training Hacking back Risk analysis Certifications And it appears to be firestorm season when it comes to the last one Rather than go back to the binary argument about whether certifications are good or bad, I d http://www.secuobs.com/revue/news/447372.shtmlhttp://www.secuobs.com/revue/news/447372.shtml 2013-05-23 19:15:56 - Security Bloggers Network : The US Securities and Exchange Commission is currently reviewing whether public companies should divulge more information on cyber-attacks and risks that impact their networks to their investors Will the SEC guidelines help companies connect security to their businesses Listen to Episode 77 of our Security Slice podcast and hear Tim Erlin and Dwayne Melançon discuss Read More IMAGE IMAGE http://www.secuobs.com/revue/news/447364.shtmlhttp://www.secuobs.com/revue/news/447364.shtml 2013-05-23 18:59:12 - Computer Security News : With the microblogging site's new two-factor authentication, users can choose heightened security http://www.secuobs.com/revue/news/447359.shtmlhttp://www.secuobs.com/revue/news/447359.shtml 2013-05-23 18:28:27 - The New School of Information Security : Cem Paya has a really thought-provoking set of blog posts on TrustZone, TEE and the delusion of security indicators part 1, part 2 Cem makes the point that all the crypto and execution protection magic that ARM is building is Read the rest of this entry http://www.secuobs.com/revue/news/447349.shtmlhttp://www.secuobs.com/revue/news/447349.shtml 2013-05-23 18:22:24 - Security Bloggers Network : Cloud security fears are still with us Peer 1 Hosting recently found in a survey summarized in a nice infographic that 92pourcents of IT decision makers identified The post Making Cloud Security Simpler with the latest Threat Manager release appeared first on Alert Logic http://www.secuobs.com/revue/news/447348.shtmlhttp://www.secuobs.com/revue/news/447348.shtml 2013-05-23 17:27:35 - Security Bloggers Network : John Hawes argued that what's needed is carefully considered defensive strategies combined with fast responses to new, unforeseen vulnerabilities Sadly when government and big business intersect, pragmatism and speedy reactions are rarely in evidence http://www.secuobs.com/revue/news/447337.shtmlhttp://www.secuobs.com/revue/news/447337.shtml 2013-05-23 16:16:50 - LinuxSecurity.com Latest News : LinuxSecuritycom Call it security through absurdity a pair of telecom firms have branded reporters for Scripps News as hackers after they discovered the personal data of over 170,000 customers -- including social security numbers and other identifying data that could be used for identity theft -- sitting on a publicly accessible server http://www.secuobs.com/revue/news/447331.shtmlhttp://www.secuobs.com/revue/news/447331.shtml 2013-05-23 15:26:03 - Network World on Security : The US government is in negotiations with SoftBank for greater control over equipment purchases by Sprint Nextel and the selection of one of the Japanese company's nominee to the US carrier's board, according to a news report http://www.secuobs.com/revue/news/447314.shtmlhttp://www.secuobs.com/revue/news/447314.shtml 2013-05-23 11:32:41 - Security Bloggers Network : Twitter has finally improved the security of its users' accounts The good news is that it is a simple system, although you will have to enable it manually To reduce the chances of someone hacking your Twitter account you need to first register a mo http://www.secuobs.com/revue/news/447254.shtmlhttp://www.secuobs.com/revue/news/447254.shtml 2013-05-23 11:32:41 - Security Bloggers Network : By Henry Dalziel We had a legendary Hacker Hotshot event with a Raspberry Pi guru, DJ Palombo, and we post quite a bit on the Pi especially with how it can be used for creative purposes Ever since Kali Linux was made available on ARM Architecture we have taken an even greater interest Anyway Continue Reading The post appeared first on Concise Courses Information Security Blog http://www.secuobs.com/revue/news/447253.shtmlhttp://www.secuobs.com/revue/news/447253.shtml 2013-05-23 11:32:13 - Help Net Security Articles : The issue of whether or not information security professionals should be licensed to practice has already been the topic of many a passionate debate I think it is time to examine the question again a http://www.secuobs.com/revue/news/447252.shtmlhttp://www.secuobs.com/revue/news/447252.shtml 2013-05-23 11:32:02 - Help Net Security News : The issue of whether or not information security professionals should be licensed to practice has already been the topic of many a passionate debate I think it is time to examine the question again a http://www.secuobs.com/revue/news/447251.shtmlhttp://www.secuobs.com/revue/news/447251.shtml 2013-05-23 09:50:55 - Help Net Security News : Drawing from responses from more than 100 utilities across America, a new report shows that the nation s electric grid remains highly vulnerable to attacks from Iran and North Korea, or other threats http://www.secuobs.com/revue/news/447236.shtmlhttp://www.secuobs.com/revue/news/447236.shtml 2013-05-23 09:00:22 - TorrentFreak : Kim Dotcom has announced that he is the inventor of the so-called two-step authentication system and has a patent to prove it The Megaupload founder says the security mechanism, which has just been introduced by Twitter, is being used by US companies more than a billion times every week without permission Dotcom says he doesn't want to sue, but might if the likes of Google and Facebook don't help fund his legal battle with the US Government Source Kim Dotcom to Google, Twitter, Facebook I Own Security Patent, Work With Me http://www.secuobs.com/revue/news/447232.shtmlhttp://www.secuobs.com/revue/news/447232.shtml 2013-05-23 08:47:30 - Computer Security News : Don't open that attachment warns Sophos security analyst Graham Cluley If you get an email appearing to be from world-famous jeweler Tiffany's, saying something like, Kindly open to see export License and payment invoice attached, it likely contains a malicious Trojan horse, designed to infect and compromise your computer http://www.secuobs.com/revue/news/447229.shtmlhttp://www.secuobs.com/revue/news/447229.shtml 2013-05-23 08:12:02 - Security Bloggers Network : Security BSides Las Vegas which this year will be held at the Tuscany Suites Casino on July 31st August 1st is just around the corner, so we decided to run a short series highlighting some of the fantastic presentations that are slated for the event First up is a session by Read More IMAGE IMAGE http://www.secuobs.com/revue/news/447226.shtmlhttp://www.secuobs.com/revue/news/447226.shtml 2013-05-23 08:12:02 - Security Bloggers Network : Infosec gurus Dwayne Melancon, Brian Honan, Nigel Stanley, Neira Jones, Sarb Sembhi, Simon Heron, and Amar Singh offer insight on how to better connect security to the business in order to allow your efforts to be seen as being an important enabler for the organization s primary objectives Special thanks to twistandshoutUK for video production Read More IMAGE IMAGE http://www.secuobs.com/revue/news/447225.shtmlhttp://www.secuobs.com/revue/news/447225.shtml 2013-05-23 07:08:30 - Computer Security News : Twitter is adding an extra security measure to users' accounts following a series of high-profile breaches by hackers hitting media organisations and others http://www.secuobs.com/revue/news/447221.shtmlhttp://www.secuobs.com/revue/news/447221.shtml 2013-05-23 06:08:04 - Dark Reading All Stories : Telecom firm TerraComm seeks to sue Scripps-Howard journalists for Google searches that uncovered sensitive info freely available online http://www.secuobs.com/revue/news/447182.shtmlhttp://www.secuobs.com/revue/news/447182.shtml 2013-05-23 05:26:42 - Computer Security News : If you used a credit or debit card to make a payment within the MAPCO Express, Inc http://www.secuobs.com/revue/news/447175.shtmlhttp://www.secuobs.com/revue/news/447175.shtml 2013-05-23 04:00:14 - Security Bloggers Network : info-blog-iconjpg Should US companies be allowed to hack China in revenge New report says yes wwwthevergecom 2013 5 22 4356196 report-tells-congress-companies-should-hack-back Now, a new report by the Intellectual Property Commission says that if intellectual property theft continues at future levels, Congress should consider passing laws allowing US companies to counterattack against such hackers, whoever they may be info-blog-iconjpg Twitter Finally Adds Two-Factor Authentication to Secure Your Account http wwwwiredcom gadgetlab 2013 05 twitter-two-factor cid co8198564 Finally More information on how to update is here info-blog-iconjpg Lawmakers seek to bar bosses from asking for Facebook passwords http thehillcom blogs hillicon-valley technology 301319-lawmakers-look-to-bar-bosses-from-asking-for-facebook-passwords The Password Protection Act would protect both current employees and job applicants info-blog-iconjpg Small businesses beware Point-of-sale malware is after you http nakedsecuritysophoscom 2013 05 22 small-businesses-beware-point-of-sale-malware-is-after-you Attackers are turning their attention to smaller organizations and taking smaller amounts of money info-blog-iconjpg The US is the least riskiest place to open a data center http wwwcomputerworldcom s article 9239470 The_US_is_the_least_riskiest_place_to_open_a_data_center Indonesia, India and Brazil are at the bottom of the list info-blog-iconjpg The Eight Most Common Causes Of Data Breaches http wwwdarkreadingcom perimeter the-eight-most-common-causes-of-data-bre 240155330 About 76pourcents of network intrusions involved weak credentials info-blog-iconjpg Information Sharing Critical To Cyber Defense http wwwforbescom sites richardstiennon 2013 05 22 information-sharing-critical-to-cyber-defense Information sharing is an effective way to get ahead of the bad guys It increases their expense by making them shift their ground http://www.secuobs.com/revue/news/447170.shtmlhttp://www.secuobs.com/revue/news/447170.shtml 2013-05-23 02:27:01 - SANS Internet Storm Center InfoCON green : more http://www.secuobs.com/revue/news/447164.shtmlhttp://www.secuobs.com/revue/news/447164.shtml 2013-05-23 01:36:25 - Security Bloggers Network : I was in Munich last week, speaking at the European Identity and Cloud Conference in a panel on standards for mobile security It was a very good session, not least because of the colleagues who joined me on the panel John Sabo spoke about the work he s doing in privacy frameworks Tony Nadalin spoke about http://www.secuobs.com/revue/news/447161.shtmlhttp://www.secuobs.com/revue/news/447161.shtml 2013-05-23 01:23:03 - Computer Security News : Scripps reporter Isaac Wolf has been accused of hacking after his research turned up personal customer data that was publicly available on the websites of TerraCom Inc http://www.secuobs.com/revue/news/447155.shtmlhttp://www.secuobs.com/revue/news/447155.shtml 2013-05-22 23:56:32 - Security Bloggers Network : Forrester research has always identified security as a major impediment to broad scale implementation for cloud, regardless of the model, SaaS, PaaS, IaaS, the adoption rate has been slowed by security concerns Cloud providers recognize this is an imp http://www.secuobs.com/revue/news/447138.shtmlhttp://www.secuobs.com/revue/news/447138.shtml 2013-05-22 23:02:07 - Security Bloggers Network : Hardly a week goes by when I don't hear from some malware researcher or reader who's discovered what appears to be a new sample of malicious software or nasty link that invokes this author's name or the name of this blog I've compiled this post to document a few of these examples, some of which are quite funny Related Posts DDoS Attack on KrebsOnSecuritycom KrebsOnSecurity Wins Awards Crimeware Author Funds Exploit Buying Spree New Java 0-Day Attack Echoes Bit9 Breach Exploit Sat on LA Times Website for 6 Weeks http://www.secuobs.com/revue/news/447133.shtmlhttp://www.secuobs.com/revue/news/447133.shtml 2013-05-22 22:45:27 - Computer Security News : Los Alamos National Laboratory Director Charlie McMillan said the importance of securing the nation's electrical grid is becoming more serious as hackers invade computer systems linked to the nation's infrastructure http://www.secuobs.com/revue/news/447131.shtmlhttp://www.secuobs.com/revue/news/447131.shtml 2013-05-22 22:34:44 - Dark Reading All Stories : Spam attempts to lure email recipients into buying cheap stock with a low trading volume http://www.secuobs.com/revue/news/447129.shtmlhttp://www.secuobs.com/revue/news/447129.shtml 2013-05-22 20:12:52 - Security Bloggers Network : As a follow-up to our recently held Tools of Engagement Minding the Security Gap webinar, questions answered by presenters Dave Merkel and Lucas Zaichkowsky are listed below To view the archived webinar, please click here 1 What happens at 2 00am on a Sunday when there isn t anyone on duty Read the rest http://www.secuobs.com/revue/news/447083.shtmlhttp://www.secuobs.com/revue/news/447083.shtml 2013-05-22 19:52:31 - Network World on Security : Blue Coat Systems, a provider of Web traffic filtering and business assurance products and services, plans to buy security analytics specialist Solera Networks, which uses data mining techniques to classify network traffic and detect potential security threats http://www.secuobs.com/revue/news/447079.shtmlhttp://www.secuobs.com/revue/news/447079.shtml 2013-05-22 19:16:54 - Help Net Security News : Cloud security professionals from accross EMEA will once again come together to discuss the latest issues and industry trends Not only will we be offering more practical solutions, but we will als http://www.secuobs.com/revue/news/447071.shtmlhttp://www.secuobs.com/revue/news/447071.shtml 2013-05-22 18:22:13 - Security Bloggers Network : The Xbox One microphone one of the hi-tech new features of Microsoft s new Xbox One console has raised security concerns since it listens to users even when the console is turned off The post Xbox One Kinect microphone always on security fears appeared first on We Live Security http://www.secuobs.com/revue/news/447056.shtmlhttp://www.secuobs.com/revue/news/447056.shtml 2013-05-22 18:08:18 - SecurityCurve : This month, Ed discusses the value that candid feedback http://www.secuobs.com/revue/news/447048.shtmlhttp://www.secuobs.com/revue/news/447048.shtml 2013-05-22 17:59:12 - Dark Reading All Stories : Solution combines network security with real-time, continuous endpoint and server monitoring and recording http://www.secuobs.com/revue/news/447046.shtmlhttp://www.secuobs.com/revue/news/447046.shtml 2013-05-22 17:05:34 - Dark Reading All Stories : SecureAuth IdP 70 uses an heuristics approach to identify, authenticate, and assert access to mobile devices and apps http://www.secuobs.com/revue/news/447025.shtmlhttp://www.secuobs.com/revue/news/447025.shtml 2013-05-22 16:38:59 - Security Bloggers Network : We use security products to secure our systems and our businesses However, the very security http://www.secuobs.com/revue/news/447019.shtmlhttp://www.secuobs.com/revue/news/447019.shtml 2013-05-22 16:38:59 - Security Bloggers Network : The Xbox One microphone one of the hi-tech new features of Microsoft s new Xbox One console has raised security concerns since it listens to users even when the console is turned off The post Xbox One microphone always on security fears appeared first on We Live Security http://www.secuobs.com/revue/news/447018.shtmlhttp://www.secuobs.com/revue/news/447018.shtml 2013-05-22 15:01:18 - Security Bloggers Network : IMAGE http://www.secuobs.com/revue/news/446994.shtmlhttp://www.secuobs.com/revue/news/446994.shtml 2013-05-22 13:25:30 - Wired Danger Room : 4 Questions Obama s Big National Security Speech Should AnswerObama has a chance to clear up four major areas of ambiguity about the seemingly endless war on terrorism in his forthcoming speech We'll see IMAGE IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/446974.shtmlhttp://www.secuobs.com/revue/news/446974.shtml 2013-05-22 12:34:53 - Security Bloggers Network : I read an excellent article earlier this month on Forbes in which Revlon's CIO talks about simplifying IT to more quickly deliver new capabilities that not only support the business, but to actually DRIVE the business This echoes some of the things that I've read in Gartner's research and analysis on CIOs leading the business Security must be included in this discussion as it is an integral part of the IT team and not left as an afterthought Read more The post Driving Business Agility through IT Security Simplicity appeared first on Security Management at the Speed of Business - AlgoSec Blog http://www.secuobs.com/revue/news/446966.shtmlhttp://www.secuobs.com/revue/news/446966.shtml 2013-05-22 12:22:48 - Netsparker Web Application Security Scanner : You have just been promoted from a web application developer to a managerial role where you are responsible for the security of the company s web applications Happy about the new job, you launch a web application security scan against all websites and find out that all of them have vulnerabilities that need to be fixed Being pressed with time and on a limited budget you try to work out which web application vulnerabilities should be fixed and which should be left out, rather than asking your superiors for more time Sounds familiar, doesn t it And here is where the problems begin Many people working in the web application security industry think that some technical vulnerabilities are not dangerous so not worth looking into and fixing them This is a very common misconception sql injection is more dangerous than a cross-site scripting vulnerability In this article we will see why this web application security misconception is so common and what such misconception can lead to What is Cross-Site Scripting ----------------------------- Cross-site scripting, also known as XSS, is a very common web application vulnerability By exploiting a XSS vulnerability the attacker can inject malicious client-side scripts in a website which is later executed by the victims while browsing the website There are different cross-site scripting variants, all of which can be used to craft different types of attacks Read What is cross-site scripting web application vulnerability to learn more about this vulnerability Why Many Think That XSS is not Dangerous ----------------------------------------- Many web application developers think that cross-site scripting is not a dangerous web vulnerability because the victim is the user visitor of the website rather than the actual web application, the web server or the data stored in the database For example if a forum user falls as a victim to a XSS vulnerability, the hacker would only gain access to the forum user s profile, private messages and forum posts Therefore we all think that by exploiting a cross-site scripting vulnerability a malicious user can never tamper the web application or steal sensitive data, such as customer details and credit card numbers That is why in such cases, web application developers prefer to focus and fix web application vulnerabilities which when exploited allow hackers to gain access to server and compromise the website Cross-Site Scripting is as Dangerous as SQL Injection ----------------------------------------------------- What if the victim of the cross-site scripting attack is the forums administrator, as it happened in many cases In this case, the attackers would gain admin privileges to the forums or any other vulnerable web application By combining a cross-site scripting attack with social engineering skills hackers can still penetrate networks, hack web servers and steal sensitive data That is exactly what happened to the Apache Software Foundation in 2010 an attacker exploited a cross-site scripting vulnerability and worked his or her way up to gain root access to main apacheorg shell servers For more information about this attack, refer to the detailed Apache and JIRA attack documentation In the Apache incident mentioned above, the attacker exploited a non-persistent cross-site scripting vulnerability, hence the attacker needed social engineering skills to fully execute the attack There were other cases in the past where attackers exploited a persistent cross-site scripting attack, which has a much bigger impact and one does not need to have social engineering skills to exploit it Refer to the cross-site scripting technical documentation for more information about the different XSS variants The Apache incident is not the only real life hacking incident where by exploiting a cross-site scripting vulnerability the attackers managed to do a lot of damage There are several other ones we ve heard of, but not all have been documented and it is not possible to list them all here Exploit a Cross-Site Scripting Vulnerability to Steal Money ----------------------------------------------------------- It is a must to fix all web application vulnerabilities because if exploited, not only the company who owns the web application can sustain damage, but also its customers And when as such happens, legal issues come into play Some people might not be bothered if a particular forum they used has been hacked, even if their forum account was affected Mostly they reset their password, delete all the hacker s activity and get back on with life But what if the e-banking web application your bank uses is vulnerable to a cross-site scripting attack If it is, maybe a hacker won t be able to take the system down but can easily hijack your e-banking session and transfer money out of your account All Reported Web Application Vulnerabilities should be Fixed ------------------------------------------------------------ As we have just seen a cross-site scripting attack can be used to infiltrate the network of one of the most popular corporations in the world, or to hijack your e-banking session from where hackers can transfer money out of your account The aim of this article is not to scare people or show them what an attacker can be up to if he or she exploits a cross-site scripting vulnerability, but to raise awareness about web application security misconceptions As a web application developer or security expert you might think that a web application vulnerability on its own might not be enough for a hacker to break into a network or web server Though it is enough to steal someone s identity, money and destroy a life It might also be used in conjunction with other attack methods to break into some of the most secure networks in the world Seasoned malicious hackers are very smart and most of the time web application developers cannot imagine what they could be up to, so the approach everyone can take is to make sure that every reported web application vulnerability is looked into and fixed Check your Web Applications for All Types of Vulnerabilities ------------------------------------------------------------ Download the 15 days trial version of Netsparker to scan all your websites and web applications for vulnerabilities such as XSS and SQL injection Netsparker will automatically crawl your website and provide you with all the technical details when a vulnerability is detected within minutes For more information about Netsparker Web Application Security Scanner you can visit the Netsparker product page IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/446964.shtmlhttp://www.secuobs.com/revue/news/446964.shtml 2013-05-22 11:46:19 - Help Net Security News : Cloud computing is exceeding expectations, according to a CA report Respondents indicate the cloud has moved beyond adolescence and is on the path to maturity in the enterprise Survey participa http://www.secuobs.com/revue/news/446959.shtmlhttp://www.secuobs.com/revue/news/446959.shtml 2013-05-22 04:14:20 - Dark Reading All Stories : Black Hat injection attacks instructor dishes on the complexity of SQLi, SQL injection myths and the prevalence of lesser-known injection attacks http://www.secuobs.com/revue/news/446915.shtmlhttp://www.secuobs.com/revue/news/446915.shtml 2013-05-22 03:48:05 - Security Bloggers Network : A great video from Sophos busting three of the most common wifi security myths Easy to understand for everyone so i recommend having a look at this 4 and a half minute video http://www.secuobs.com/revue/news/446913.shtmlhttp://www.secuobs.com/revue/news/446913.shtml 2013-05-22 02:59:58 - Security Bloggers Network : Last year Sophos looked at Wi-Fi security in London and Sydney and the results weren't fantastic So we thought it was time to make a short revision video, just in time for 2013 Cyber Security Awareness Week in New Zealand http://www.secuobs.com/revue/news/446908.shtmlhttp://www.secuobs.com/revue/news/446908.shtml 2013-05-22 02:57:35 - SecurityTube.Net : In this video Brian R Balow Member of OnlineTech Webinar talking about Security and Privacy Concerns with Patient Portals Overview Definitions - Patient Portals and Personal Health Records , Drivers for Adoption and Use, Identifying and Managing Risks Patient Portal Patient Portals are healthcare-related online applications that allow patients to interact and communicate with their healthcare providers, such as physicians and hospitals Typically, portal services are available on the Internet at all hours of the day and night Some patient portal applications exist as stand-alone web sites and sell their services to healthcare providers Other portal applications are integrated into the existing web site of a healthcare provider Still others are modules added onto an existing electronic medical record EMR system What all of these services share is the ability of patients to interact with their medical information via the Internet Currently, the lines between an EMR, a personal health record, and a patient portal are blurring For example, Intuit Health and Microsoft HealthVault describe themselves as personal health records PHRs , but they can interface with EMRs and communicate through the Continuity of Care Record standard, displaying patient data on the Internet so it can be viewed through a patient portal http enwikipediaorg wiki Patient_portal Personal Health Record A personal health record, or PHR, is a health record where health data and information related to the care of a patient is maintained by the patient 1 This stands in contrast to the more widely used electronic medical record, which is operated by institutions such as hospitals and contains data entered by clinicians or billing data to support insurance claims The intention of a PHR is to provide a complete and accurate summary of an individual's medical history which is accessible online The health data on a PHR might include patient-reported outcome data, lab results, data from devices such as wireless electronic weighing scales or collected passively from a smartphone http enwikipediaorg wiki Personal_health_record IMAGE http://www.secuobs.com/revue/news/446907.shtmlhttp://www.secuobs.com/revue/news/446907.shtml 2013-05-22 02:11:11 - Security Bloggers Network : info-blog-iconjpg Chinese hacker who breached Google gained access to sensitive data, US officials say http wwwwashingtonpostcom world national-security chinese-hackers-who-breached-google-gained-access-to-sensitive-data-us-officials-say 2013 05 20 51330428-be34-11e2-89c9-3be8095fe767_storyhtml According to current and former government officials, they gained access to a sensitive database with years worth of information about US surveillance targets info-blog-iconjpg Why don t risk management programs work http wwwnetworkworldcom news 2013 052013-risk-management-programs-269400html Risk management programs don t work because our profession doesn't, in large part, understand risk agree Disagree info-blog-iconjpg Journalists Find Massive Data Security Lapse, Get Threats Instead of Thanks http wwwslatecom blogs future_tense 2013 05 21 scripps_journalists_reportedly_find_data_security_lapse_with_lifeline_programhtml Telecom firms may sue the reporters who uncovered mishandled customer data sounds like security research to me info-blog-iconjpg Few utilities complying with voluntary anti-Stuxnet measures http thehillcom blogs hillicon-valley technology 301091-few-utilities-complying-with-voluntary-anti-stuxnet-measures A voluntary approach to cybersecurity might make sense for some sectors, but experience shows that it cannot be relied upon to protect the electric grid info-blog-iconjpg Federal government hunkers down for massive cyber attack Tuesday http wwwbuzzfeedcom evanmcsan federal-government-hunkers-down-for-massive-cyber-attack-tue utm_source buffer utm_medium twitter utm_campaign Buffer utm_content buffer909a9 OPUSA could affect agencies across the Federal government info-blog-iconjpg Research reveals reality of password sniffing over HTTP connections http wwwscmagazineukcom research-reveals-reality-of-password-sniffing-over-http-connections article 294008 When you load a login form over HTTP, anything you do after that is a little bit pointless' info-blog-iconjpg 'Aggressive' espionage-for-hire operation behind new Mac spyware http wwwzdnetcom aggressive-espionage-for-hire-operation-behind-new-mac-spyware-7000015613 An Indian malware service is building attack software for projects involving secret surveillance info-blog-iconjpg Opinion Cyber security, what s in a word http wwwinfosecurity-magazinecom view 32534 comment-cybersecurity-and-reality-whats-in-a-word Hate the cyber pre-fix that s taking over security news Here s why you should get over it http://www.secuobs.com/revue/news/446902.shtmlhttp://www.secuobs.com/revue/news/446902.shtml 2013-05-22 02:09:05 - Network Security Podcast : and now Rich is dealing with an entire family of sick Zach must be empathizing, as he s also a bit under the weather, but joins Martin for a romp through this week s stories Network Security Podcast, Episode 313, May 21, 2013 Time 41 13 Show notes Is It Wrong to Use Data From the World s First http://www.secuobs.com/revue/news/446901.shtmlhttp://www.secuobs.com/revue/news/446901.shtml 2013-05-21 23:42:52 - Security Bloggers Network : Last week, Trusted Computing Group hosted a webinar on how to automate security and the benefits of doing so for enterprises TCG's Trusted Network Connect co-chair Steve Hanna teamed with Dave Waltermire of the US National Institute of Standards and Technology NIST to define security automation, discuss industry standards to enable it and how to deploy SCAP, or the Security Content Automation Protocol SCAP was developed by NIST to support automated assessment of endpoint configuration and state However, while SCAP defines a number of data formats and controlled vocabularies, it does not include standardization of network protocols to exchange this information TCG has integrated its Trusted Network Connect TNC architecture with SCAP in 2013 see the post on this at here Why automate security Hanna noted some startling facts from the 2012 Verizon data breach report 60pourcents of Data Breach Attacks Exfiltrate Data in Data in 1 Month92pourcents of Attacks Discovered by External Parties 49pourcents for Large Organizations A majority of attacks are automated while others involve infected websites, phishing and other vectors In essence, the good guys are outnumbered, noted Hanna Therefore, automating some security functions will help free up security and IT experts to focus on big problems, while catching and fixing others automatically, all the time Hanna defined security automation as a set of tools, technologies, processes and standards to make staff more efficient and effectiveSaid Hanna, Security Automation automates the hundreds of routine tasks you have to do every day, like checking logs and patching systems It increases compliance with corporate policies by rapidly detecting noncompliant systems and optionally remediating them Known threats are rapidly identified and handled with recommended countermeasures And it delivers the information you need, when you need it Hanna concluded noting security automation benefits Obtain accurate and timely situational awareness Share info with other defenders Enable manual or automated response Plug in new sensors and capabilities as needed Next week, we will take a look at the NIST part of the presentation on SCAP and automation The slides from the talk can be seen here IMAGE http://www.secuobs.com/revue/news/446888.shtmlhttp://www.secuobs.com/revue/news/446888.shtml 2013-05-21 23:42:52 - Security Bloggers Network : There are a few ways to audit your domain for Internet-facing remote access services If you re looking to audit your network perimeter with free tools, then something like Nmap would be the way to go Do your research before firing away at your perimeter with a port scanner, though you don t want to inadvertently create a denial of service by pummeling the network with port scans obviously make sure you have permission from your superiors as well Also, when using Nmap, make sure you fingerprint the open ports you find on the network to determine what s running behind them Using the Nmap sV command on a port will often times show you the application listening on the port This comes in handy when someone is running software on a non-standard port to exit your firewall Another tool that s recommended when looking to audit remote access services is Nessus There are multiple plug-ins available that can scan your port and determine if you are running particular remote access services However, unlike Nmap, Nessus will let you know if a particular vulnerability will allow remote access into your organization unintentionally This tool looks for vulnerabilities, whereas Nmap gives you hard facts as to what s listening in your environment There are many other tools that could be used, but these two are common and come at no charge Another way to prevent rogue services from listening on your network is by locking down what s allowed to leave your organization Many people still don t perform egress filtering on their firewalls this is a common way to prevent botnets, misconfigurations and malicious insiders from allowing remote connections into your network Also, filtering traffic leaving the network with an IPS or next-gen firewall NGFW will enable you to inspect the allowed firewall traffic for malicious use Many times, attackers take advantage of normally open ports, such as port 80, port 443, etc, to transmit data out of your network without you noticing Read the rest of the article here http searchsecuritytechtargetcom answer Network-perimeter-security-How-to-audit-remote-access-services IMAGE http://www.secuobs.com/revue/news/446886.shtmlhttp://www.secuobs.com/revue/news/446886.shtml 2013-05-21 22:48:26 - Security Bloggers Network : More than 58 million American adults had at least one malware infection that affected their home PC s performance last year The cost of repairing the damage from those infections was nearly 4 billion These findings are from the latest Consumer Reports Annual State of the Net Report published in the June issue of their respected magazine http://www.secuobs.com/revue/news/446875.shtmlhttp://www.secuobs.com/revue/news/446875.shtml 2013-05-21 21:49:26 - Security Bloggers Network : Last month my blog post discussed Microsoft s perspective on building a Cybersecurity Framework for critical infrastructure, which is part of President Obama s Executive Order on cybersecurity As a next step in the process of impleme http://www.secuobs.com/revue/news/446860.shtmlhttp://www.secuobs.com/revue/news/446860.shtml 2013-05-21 21:32:16 - Computer Security News : You may not realize it, but that small device in your pocket could be giving out confidential information to unwanted guests http://www.secuobs.com/revue/news/446853.shtmlhttp://www.secuobs.com/revue/news/446853.shtml 2013-05-21 19:58:49 - SANS Internet Storm Center InfoCON green : more http://www.secuobs.com/revue/news/446843.shtmlhttp://www.secuobs.com/revue/news/446843.shtml 2013-05-21 19:52:50 - OpenDNS Blog : Despite your best efforts to educate employees on the hazards of the Web, does it still seem like there are a few users who end up clicking where they shouldn t There are many security myths that still get passed from user to user, rendering your education tactics less effective than you d hope, and placing heavy The post Busted 5 Common Myths About Web Security appeared first on OpenDNS Blog http://www.secuobs.com/revue/news/446836.shtmlhttp://www.secuobs.com/revue/news/446836.shtml 2013-05-21 18:54:16 - Security Bloggers Network : California s Right to Know law was recently put on hold because of push-back from various technology companies and business lobbies The law aimed to provide consumers with greater transparency on how online vendors use their data Listen to Tim Eriln, Lamar Bailey, Andrew Storms and Dwayne Melançon discuss why the Right to Know law and more on Tripwire's State of Security blog http://www.secuobs.com/revue/news/446825.shtmlhttp://www.secuobs.com/revue/news/446825.shtml 2013-05-21 17:58:42 - Security Bloggers Network : Hadoop clusters are popping up everywhere Almost every large enterprise customer I speak with has already deployed or is in the process of deploying Hadoop clusters for generating data-driven business intelligence Unfortunately, Hadoop was not designed with security in mind and that can pose a serious problem in this age of intensifying cyber threats The simple fact is, data is ingested into Hadoop clusters from many sources and it typically includes sensitive data such as Personally Identifiable Information PII , Personal The post Best Practices in Big Data Security appeared first on Data Security Blog Vormetric http://www.secuobs.com/revue/news/446805.shtmlhttp://www.secuobs.com/revue/news/446805.shtml 2013-05-21 16:41:26 - Dark Reading All Stories : Black Hat announces three more featured talks http://www.secuobs.com/revue/news/446784.shtmlhttp://www.secuobs.com/revue/news/446784.shtml 2013-05-21 16:14:22 - Security Bloggers Network : network securityI think we as security experts need to stop focusing on who or what will attack us and start acting like we re already owned If we just started thinking in terms of I m already compromised the security and monitoring of your network and systems would improve drastically The initial fear of security experts was of being hacked or compromised, but in reality this is happening everyday while you re on the clock If you ve ever had malware infect a workstation you ve been breached This is just a small example, but it s true There are two types of security professionals Read more The post Practical Tips to Improve Network Security with What You Already Have Part 1 of 2 appeared first on Security Management at the Speed of Business - AlgoSec Blog http://www.secuobs.com/revue/news/446782.shtmlhttp://www.secuobs.com/revue/news/446782.shtml 2013-05-21 16:14:22 - Security Bloggers Network : California s Right to Know law was recently put on hold because of push-back from various technology companies and business lobbies The law aimed to provide consumers with greater transparency on how online vendors use their data Listen to Episode 76 of our Security Slice podcast and hear Tim Eriln, Lamar Bailey, Andrew Storms and Dwayne Melançon discuss why the Right Read More IMAGE IMAGE http://www.secuobs.com/revue/news/446781.shtmlhttp://www.secuobs.com/revue/news/446781.shtml 2013-05-21 15:07:05 - Network World on Security : For the past several months, security veteran Aaron Turner has been making the rounds at industry events presenting some pretty disturbing information about the state of mobile security http://www.secuobs.com/revue/news/446769.shtmlhttp://www.secuobs.com/revue/news/446769.shtml 2013-05-21 09:18:40 - Help Net Security News : Google Android, Apple iOS, BlackBerry, and Windows Mobile devices have an inherent security weakness in the method they use for connecting to Wi-Fi networks that has the potential for exploitation by http://www.secuobs.com/revue/news/446715.shtmlhttp://www.secuobs.com/revue/news/446715.shtml 2013-05-21 08:06:29 - Dark Reading All Stories : A firewall, patch procedure, anti-malware and, possibly, an IDS are a good start But to detect breaches, small and medium businesses should focus on logging activity and looking out for suspicious behavior http://www.secuobs.com/revue/news/446707.shtmlhttp://www.secuobs.com/revue/news/446707.shtml 2013-05-21 03:36:59 - Security Bloggers Network : info-blog-iconjpg Chinese hackers resume attacks on US targets http wwwnytimescom 2013 05 20 world asia chinese-hackers-resume-attacks-on-us-targetshtml Unit 61398, the People s Liberation army cyber unit featured in the Mandiant report earlier this year, is now operating at 60 percent to 70 percent of previous levels info-blog-iconjpg Millions hit by Yahoo Japan hack attack http wwwbbccouk news technology-22594136 22 million IDs, but no passwords or other identifying info, may have been stolen info-blog-iconjpg Large Attacks Hide More Subtle Threats In DDoS Data http wwwdarkreadingcom monitoring large-attacks-hide-more-subtle-threats-i 240155145 According to DDoS mitigation experts the worst denial of service attacks are not the biggest ones, not the ones that knock applications down info-blog-iconjpg Want To Destroy Any Hope Of Serious Cybersecurity Give The DOJ Its Desired Backdoor Wiretaps On All Communications http wwwtechdirtcom articles 20130517 08111723117 want-to-destroy-any-hope-serious-cybersecurity-give-doj-its-desired-backdoor-wiretaps-all-communicationsshtml The Obama administration has been considering the latest version of the DOJ's plan to require backdoor wiretapping abilities in any form of digital communication info-blog-iconjpg Jailed hacker designs device to thwart ATM skimming http wwwnet-securityorg secworldphp id 14931 The device is meant to be installed over the ATM's card slot or incorporated into new ATM models, and requires cards to be inserted into the device longer side first, then the card is rotated and and pushed into the slot too simple info-blog-iconjpg Think your Skype messages get end-to-end encryption Think again http arstechnicacom security 2013 05 think-your-skype-messages-get-end-to-end-encryption-think-again Right now is that there's a mismatch between the privacy people expect and what Microsoft is actually delivering info-blog-iconjpg DDos for hire works with the blessing of FBI, operator says http arstechnicacom security 2013 05 ddos-for-hire-service-works-with-blessing-of-fbi-operator-says Since it is a public service on a public connection to other public servers this is not illegal http://www.secuobs.com/revue/news/446673.shtmlhttp://www.secuobs.com/revue/news/446673.shtml 2013-05-21 00:29:40 - Slashdot Your Rights Online : colinneagle writes Scripps News reporters discovered 170,000 records online of customers of Lifeline, a government program offering affordable phone service for low-income citizens, that contained everything needed for identity theft Last year, the FCC 'tightened' the rules for the program by requiring Lifeline phone carriers to document applicants' eligibility, which led to collecting more sensitive information from citizens A Scripps News investigative team claims it 'Googled' the phone companies TerraCom Inc and YourTel America Inc to discover all of the files A Scripps reporter asked for an on-camera interview with the COO of TerraCom and YourTel after explaining the files were freely available online That did not happen, but shortly thereafter the customer records disappeared from the internet Then, the blame-the-messenger hacker accusations and mudslinging began Although the Scripps reporters videotaped the process showing how they found the documents, attorney Jonathon Lee for both telecoms threatened the 'Scripps Hackers' with violating the Computer Fraud and Abuse Act CFAA IMAGE IMAGE Share on Google Read more of this story at Slashdot IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/446660.shtmlhttp://www.secuobs.com/revue/news/446660.shtml 2013-05-20 23:28:12 - Security Bloggers Network : I have posted prior on the issue of smartphone security And one of the biggest issues related to this is how many people who have smartphones are sadly not aware of the need to be secure I guess we could say there is a lack of security aw http://www.secuobs.com/revue/news/446654.shtmlhttp://www.secuobs.com/revue/news/446654.shtml 2013-05-20 22:31:07 - Security Bloggers Network : Had Locked Down Information Security for Lawyers not been published by the American Bar Association ABA and 2 of its 3 authors not been attorneys one would have thought the book is a reproach against attorneys for their obliviousness towards information security and privacy In numerous places, the book notes that lawyers are often clueless when it comes to digital security With that, the book is a long-overdue and valuable information security reference for anyone, not just lawyers Such a title is needed as the legal field has embraced digital technology for nearly every aspect of the legal field, has magazines and conferences about legal technology and much more Wireless often insecure networks are pervasive in corporate offices throughout legal America The underlying problem is that while attorneys often know the intricacies of tort law, court proceedings and the like they are utterly unaware of the information security and privacy risks surrounding the very technologies they are using In many firms, the lawyers think that someone is protecting their data, but don t understand their requirements around those areas of data protection Legal IT systems are a treasure trove of personal data Many small law firms are extremely attractive to identity thieves gives their systems have significant amount of personal information via social security numbers, credit card information, birth dates, financial information and much more Small law firms are notorious for weak information security controls and attackers will scan those systems and networks for vulnerabilities A pervasive aspect of the book is ABA rule 16 regarding the confidentiality of information regarding client-lawyer relationships The rule requires that a lawyer not reveal information relating to the representation of a client unless the client gives informed consent The lawyer though can reveal information relating to the representation of a client to the extent the lawyer reasonably believes necessary The myriad details of 16 can be left to the bar association to enforce, suffice to say that a lawyer can find themselves on the wrong side of the law if they are not careful with information security controls The authors note that although lawyers are all well aware of rule 16, the challenge is how to keep client data secure in the digital age In a world of paper, things were much easier and cheaper This is why the authors note that so many otherwise competent layers fails so miserably in reference to their duty to maintain the confidentiality of digital client data The book quotes an ABA 2011 technology survey in which 21pourcents of large law firms reported that their firm had experiences some sort of security breach, and 15pourcents of all firms reported that they suffered a security breach It is figures like those which show that attorneys really need to read this book and take the information to heart The books 17 chapters are in a readable 150 pages, with an additional 120 pages of appendices Written in an easily understandable style and non-technical for the technologically challenge lawyer When it comes to the security of client data, in chapter 4 the authors write that encryption is a topic that most attorneys don t want to touch with a ten-foot pole But it has reached a point where attorneys must understand how and when encryption should be used Just as important, they need to know about key managements, and what good encryption is The chapter provides a high-level detail on what needs to be done regarding encryption Chapter 13 is on secure disposal, is an important topic to everyone, and not just lawyers Digital media needs to be effectively disposed of and for many lawyers, they often think that means reformatting a hard drive or simply erasing files The chapter effectively details the issues and offers numerous valuable hardware and software-based solutions Chapter 14 on outsourcing and cloud computing is an area where too many attorneys are oblivious to of the security and privacy risks For example, the authors advise attorneys against the use of the free Gmail service since the terms of service allow Google to do anything it wants with the data That opens a Pandora s Box when it comes to securing client data The authors advise to use premium Google business versions, so attorneys can stay in control of their data with added security and privacy features Two omissions in chapters 13 and 14 are that the authors don t reference NAID National Association for Information Destruction or the CSA Cloud Security Alliance CSA Firms that outsource their digital disposal to non-NAID certified firms run the risk of having a glorified recycler do their work As to NAID, it is an international trade association for companies providing information destruction services NAID's mission is to promote the information destruction industry and the standards and ethics of its member companies while the mission of the CSA is to promote the use of best practices for providing security assurance within cloud computing and to provide education on the uses of cloud computing to help secure all other forms of computing The authors include many real-world stories and case law to reinforce their point The book closes with a number of appendices on various rules from the FTC, state information protection regulations, the SANS Institute glossary of security terms and more For the lawyer looking for an easy to read introduction to nearly everything they need to know about information security and privacy, the book is a great resource The book closes with the note that since lawyers have an ethical duty to protect their client s data, they have no choice but to keep themselves as well educated as possible For the attorney that wants to ensure their requirements remain current and are looking for an easy to read introduction about information security and privacy Locked Down Information Security for Lawyers should be considered required reading http://www.secuobs.com/revue/news/446648.shtmlhttp://www.secuobs.com/revue/news/446648.shtml 2013-05-20 22:31:07 - Security Bloggers Network : Tony Drewitt is an information security risk management consultant at IT Governance Before this, Tony was a risk consultant for 12 years, both freelance and for a number of consulting organisations including Qinetiq Vigilant Software caught up with T http://www.secuobs.com/revue/news/446647.shtmlhttp://www.secuobs.com/revue/news/446647.shtml 2013-05-20 21:28:26 - Security Bloggers Network : Community has always been a priority at OpenDNS, so we re thrilled to announce that the new Umbrella Security Community Forums are now online We created the forums so our community had a central place to discuss new threats appearing on the landscape, malware samples, security research, and the Umbrella Security Community review process The top The post Announcing the Security Community Forums appeared first on Umbrella Security Labs http://www.secuobs.com/revue/news/446642.shtmlhttp://www.secuobs.com/revue/news/446642.shtml 2013-05-20 20:26:51 - Security Bloggers Network : Those who wish small firms to transact online should focus on ensuring that the products and services they wish to promote are indeed fit for purpose - with a premium on security processes that inspire confidence Otherwise they risk merely stoking up paranoia with awareness exercises are not linked to effective education and support programmes http://www.secuobs.com/revue/news/446634.shtmlhttp://www.secuobs.com/revue/news/446634.shtml 2013-05-20 20:26:51 - Security Bloggers Network : What do you say to organizations considering software security, but struggling with adoption due to the inevitable, additional drag on release cycles -- I say read this, because there is a discussion to be had, still IMAGE http://www.secuobs.com/revue/news/446631.shtmlhttp://www.secuobs.com/revue/news/446631.shtml 2013-05-20 20:26:51 - Security Bloggers Network : SOC GenerationspngWhat generation of security does your organization utilize If your answer involves nuisance programs it might just be time for an update This blog post discusses the five generations of security operations and what the next generation of security operations centers look like IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/446629.shtmlhttp://www.secuobs.com/revue/news/446629.shtml 2013-05-20 19:32:37 - PaulDotCom Security Weekly : Tim Conway is the Technical Director of the Industrial Control Systems and SCADA programs at SANS, where he is responsible for developing, reviewing, and implementing technical components of the ICS and SCADA product offerings Tim was formerly the Director of Compliance and Operations Technology at the Northern Indiana Public Service Company NIPSCO http://www.secuobs.com/revue/news/446622.shtmlhttp://www.secuobs.com/revue/news/446622.shtml 2013-05-20 18:23:10 - Security Bloggers Network : The call has gone out to Yahoo Japan's 200 million users to change their passwords, after the company warned that it suspected hackers had managed to access a file containing 22 million user IDs http://www.secuobs.com/revue/news/446581.shtmlhttp://www.secuobs.com/revue/news/446581.shtml 2013-05-20 16:05:28 - Network World on Security : The deployment has already revealed a whole lot of devices that don't meet the criteria for getting on the corporate network http://www.secuobs.com/revue/news/446559.shtmlhttp://www.secuobs.com/revue/news/446559.shtml 2013-05-20 16:02:05 - Information Security Today Essential Information for Managing the Security of a Modern Evolving En : It is the disparity between theoretical approaches and real-life operations that makes it necessary to approach whitelisting with pragmatism Because right now the major problem with whitelisting is that it is very expensive from the point of view of human involvement You can't completely eliminate that expense, but you can at least minimize it by keeping user workflows unimpeded while the decision-makers look closely into those 50 shades of gray http://www.secuobs.com/revue/news/446557.shtmlhttp://www.secuobs.com/revue/news/446557.shtml 2013-05-20 15:29:39 - Security Bloggers Network : A fair percentage of clients that I have provided incident response services to over the last 12 months are operating without security or oversight on the Internet, meaning not a single person employed at that organization is solely dedicated to working on security issues While this is common for small companies and startups, these clients matured over the years to the point where they had hundreds or thousands of employees and even more computing devices on the network What had not occurred, however, was the investment in security commensurate with the growth of the company http://www.secuobs.com/revue/news/446554.shtmlhttp://www.secuobs.com/revue/news/446554.shtml 2013-05-20 15:26:50 - SecurityTube.Net : In this video Joe McCray talking about The Evolution of Pentesting High Security Environments About Joe Joe MacCary j0emccray Founder CEO of Strategic Security 10 Year Experience Network Web Mobile Client-Server DoD, Federal Goverment, Commercial,Financial Specializing in High Security Environments Bypassing Security Solutions Spoken Trained at over 200 Security conferences IMAGE http://www.secuobs.com/revue/news/446551.shtmlhttp://www.secuobs.com/revue/news/446551.shtml 2013-05-20 15:06:40 - LinuxSecurity.com Latest News : LinuxSecuritycom Security has seldom been a priority in application development, but pressure from businesses stuck patching faulty software is having an impact on the industry http://www.secuobs.com/revue/news/446547.shtmlhttp://www.secuobs.com/revue/news/446547.shtml 2013-05-20 14:31:09 - Schneier on Security : All of the anti-counterfeiting features of the new Canadian 100 bill are resulting in people not bothering to verify them The fanfare about the security features on the bills, may be part of the problem, said RCMP Sgt Duncan Pound Because the polymer series' notes are so secure there's almost an overconfidence among retailers and the public in terms http://www.secuobs.com/revue/news/446541.shtmlhttp://www.secuobs.com/revue/news/446541.shtml 2013-05-20 14:04:53 - Dark Reading All Stories : Web apps are essential to your business -- and easy targets for hackers Here are some tips for keeping them secure http://www.secuobs.com/revue/news/446537.shtmlhttp://www.secuobs.com/revue/news/446537.shtml 2013-05-20 13:34:38 - Security Bloggers Network : Following my Friday fun post titled Houston We have a Problem aka A Cool State of Security Report 2013 , an interesting discussion started on twitterverse regarding liabilities to damages related to software vulnerabilities, the value of Software Development Lifecycle SDL SDLC and on improving SDL Security as a Developer Enabler In my view, the current model of security fails http://www.secuobs.com/revue/news/446527.shtmlhttp://www.secuobs.com/revue/news/446527.shtml 2013-05-20 13:34:38 - Security Bloggers Network : An interesting article from NBC News in there Technology section WASHINGTON Reuters Six months after a US cybersecurity bill died in the Senate, some Obama administration officials and lawmakers are optimistic they can get a new law passed amid heightened public awareness of hacking attacks and cyber espionage With top intelligence officials warning that cyber attacks have replaced terrorism as IMAGE http://www.secuobs.com/revue/news/446525.shtmlhttp://www.secuobs.com/revue/news/446525.shtml 2013-05-20 12:39:29 - Help Net Security Articles : Randall Gamby is the CSO of the Medicaid Information Service Center of New York In this interview he discusses healthcare security and compliance challenges and offers a variety of tips Is it mor http://www.secuobs.com/revue/news/446513.shtmlhttp://www.secuobs.com/revue/news/446513.shtml 2013-05-20 12:39:18 - Help Net Security News : Randall Gamby is the CSO of the Medicaid Information Service Center of New York In this interview he discusses healthcare security and compliance challenges and offers a variety of tips Is it mor http://www.secuobs.com/revue/news/446512.shtmlhttp://www.secuobs.com/revue/news/446512.shtml 2013-05-20 10:38:01 - Computer Security News : Government-mandated software vulnerabilities would make computers and the Internet a lot less safe, warned a coalition of 20 computer-security experts http://www.secuobs.com/revue/news/446504.shtmlhttp://www.secuobs.com/revue/news/446504.shtml 2013-05-20 06:44:48 - Help Net Security News : Here's an overview of some of last week's most interesting news, videos, reviews and articles Police unable to decrypt iPhones, asks Apple to do it Court documents from a drug trial in Kentucky http://www.secuobs.com/revue/news/446468.shtmlhttp://www.secuobs.com/revue/news/446468.shtml 2013-05-18 16:50:06 - Security Bloggers Network : Prevent Data Leakage ESXi provides a useful and not so well known interface used to provide both support information and the configuration of your ESXi hosts through esxicli This is accessed by connecting to your ESXi host using a web browser, the url syntax is - Remediation If you don t want this to be made available http://www.secuobs.com/revue/news/446347.shtmlhttp://www.secuobs.com/revue/news/446347.shtml 2013-05-18 03:09:31 - SecurityTube.Net : In this video Richard Puckett talking about Future of Mobile Platform Security he will talk about A Survey of Mobile Platform security and explaining it IMAGE http://www.secuobs.com/revue/news/446291.shtmlhttp://www.secuobs.com/revue/news/446291.shtml 2013-05-18 00:59:12 - Security Bloggers Network : Financial Times Twitter and tech blog accounts hacked http onlinewsjcom article SB10001424127887324767004578488862256223962html Twitter and two-factor authentication are getting to be a regular item in the media http://www.secuobs.com/revue/news/446282.shtmlhttp://www.secuobs.com/revue/news/446282.shtml 2013-05-17 23:39:17 - Dark Reading All Stories : Information security keeps evolving but our educational methods are not evolving rapidly enough to win the cold cyberwar http://www.secuobs.com/revue/news/446226.shtmlhttp://www.secuobs.com/revue/news/446226.shtml 2013-05-17 20:27:05 - Security Bloggers Network : For your Friday viewing pleasure, a supercut of 50 years of security breaches Enjoy http://www.secuobs.com/revue/news/446207.shtmlhttp://www.secuobs.com/revue/news/446207.shtml 2013-05-17 20:16:40 - CYBER ARMS Computer Security : Just when you thought Viruses where on the way out, it looks like they may be raising their ugly head yet again According to Microsoft, virus global detection rate hit 78pourcents in the fourth quarter of 2012 with some nations reaching over 40pourcents With the increase of Trojans and credential stealers, many thought we had http://www.secuobs.com/revue/news/446203.shtmlhttp://www.secuobs.com/revue/news/446203.shtml 2013-05-17 19:33:36 - Security Bloggers Network : The Umbrella Security Labs combines our proprietary research tool the Umbrella Security Graph Sgraph with various investigative methods and backend predictive algorithms and classifiers to uncover new sets of suspicious and malicious domains each day We leverage these technologies to discover domains before they are used in the wild, with the goal of ensuring that customers The post Details on exploit kits, as told by the Umbrella Security Graph appeared first on Umbrella Security Labs http://www.secuobs.com/revue/news/446196.shtmlhttp://www.secuobs.com/revue/news/446196.shtml 2013-05-17 19:19:26 - Veracode Security Blog Application security research security trends and opinions : good-security-postureI recently came across an interesting blog post by a team member at Acunetix that addressed a challenge many enterprises are facing when it comes to securing third-party components This is a pretty hot topic in certain circles these days, and understandably so - studies have suggested that as many as 65pourcents of an enterprise s mission critical applications are developed externally Additionally, Veracode research shows that a typical internally developed applications contains somewhere between 30pourcents and 70pourcents of externally developed code, indicating that even internally developed apps are utilizing code originating outside of their own walls http://www.secuobs.com/revue/news/446192.shtmlhttp://www.secuobs.com/revue/news/446192.shtml 2013-05-17 16:50:14 - SecurityTube.Net : In this video Andrew Morris Ruining Security Models with SSH In this video he will cover topics like, Authentication, Scripting, File Transfer, Traffic Tunneling, Hiding etc About Andrew Morris A penetration tester at NOVA Based consulting company Hold the OSCP and GXPN In my free time I play music and find confusing GIFs on the internet IMAGE http://www.secuobs.com/revue/news/446154.shtmlhttp://www.secuobs.com/revue/news/446154.shtml 2013-05-17 15:15:25 - Security Bloggers Network : Caution Fun post IT is transforming and evolving rapidly in the way it enables business Applications are delivered through emerging architectures on multiple platforms with capabilities to scale the infrastructure they run on This allows data to be more fluid and access more containers A longer chain has a higher probability of having weaker links http://www.secuobs.com/revue/news/446136.shtmlhttp://www.secuobs.com/revue/news/446136.shtml 2013-05-17 15:02:38 - Computer Security News : Two of Google's top Chrome and Google Apps security experts confessed that the problem of passwords will continue to plague the people who use them and computer security for the foreseeable future http://www.secuobs.com/revue/news/446134.shtmlhttp://www.secuobs.com/revue/news/446134.shtml 2013-05-17 12:47:20 - Security Bloggers Network : In Part 1 of this post about the DMARC Domain-based Message Authentication, Reporting and Conformance standards for digital messaging integrity, Alec Peterson of Message Systems and Sam Masiello of Groupon, both representing DMARCorg, gave us great information about the new technical specification designed to reduce the phishing abuse of known and controlled domains Today we pick up where we left Read more IMAGE http://www.secuobs.com/revue/news/446087.shtmlhttp://www.secuobs.com/revue/news/446087.shtml 2013-05-17 07:17:37 - Security Bloggers Network : Dwayne Melancon, CTO of Tripwire, discusses how to maintain a strong security posture in an environment where companies are pushing up to ten changes per hour Start moving toward a goal where you re able to continuously monitor the most critical assets and the most critical business services so that the moment something happens, you re alerted, Read More IMAGE IMAGE http://www.secuobs.com/revue/news/446052.shtmlhttp://www.secuobs.com/revue/news/446052.shtml 2013-05-17 05:44:32 - Security Bloggers Network : info-blog-iconjpg Opinion Let s not sacrifice privacy on the altar of cyber security http njtodaynet 2013 05 16 opinion-lets-not-sacrifice-our-privacy-on-the-altar-of-cyber-security Here, here info-blog-iconjpg CISPA cyber security bill backers hope second time s a charm http wwwnbcnewscom technology cispa-cybersecurity-bill-backers-hope-second-times-charm-1C9948195 We might see this bill again by fall info-blog-iconjpg Utilities rising target of hackers with warning of dire results http wwwbusinessweekcom news 2013-05-16 utilities-rising-target-of-hackers-with-warnings-of-dire-results Cyber attacks on computers that run the nation s energy grid, nuclear reactors and water-treatment plants are increasing with potentially lethal effects, the Department of Homeland Security s top investigator said info-blog-iconjpg Researchers develop industrial systems that watch for breaches http wwwcsoonlinecom article 733477 researchers-develop-industrial-systems-that-watch-for-breaches Each device listens to its neighboring device to see if they're misbehaving, info-blog-iconjpg CISO Chief infosec scapegoat officer http wwwinfosecurity-magazinecom view 32453 ciso-chief-infosec-scapegoat-officer CISOs are the first victims of every data breach and it's just going to get worse info-blog-iconjpg Hotel Lock Hack Still Being Used In Burglaries, Months After Lock Firm's Fix http wwwforbescom sites andygreenberg 2013 05 15 hotel-lock-hack-still-being-used-in-burglaries-months-after-lock-firms-fix The latest Onity hack crime wave has been occurring in hotels across Arizona http://www.secuobs.com/revue/news/446040.shtmlhttp://www.secuobs.com/revue/news/446040.shtml 2013-05-17 04:26:07 - Security Bloggers Network : Earlier today NIST released a document covering their initial analysis of the hundreds of comments provided by industry as part of the RFI for the development of a critical infrastructure cybersecurity framework The 33-page document starts out by introducing some of the overall categories and themes and culminates in Figure 1 to the right This chart provides a map for the remainder of the document with each of the subsequent sections detailing a theme in terms of key phrases, statistics, example responses, and questions via NISTgov The National Institute of Standards and Technology NIST has posted an initial analysis of hundreds of comments submitted by industry and the public related to the President s Improving Critical Infrastructure Cybersecurity Executive Order, issued Feb 12, 2013 NIST is making this initial analysis available as a status update and to help provide background for a workshop later this month to discuss the cybersecurity framework The Executive Order calls for NIST to work with industry to develop a voluntary framework to reduce cybersecurity risks to the nation s critical infrastructure, which includes power, water, communication and other critical systems The first step toward drafting the framework was soliciting information on current risk management policies, existing standards http://www.secuobs.com/revue/news/446037.shtmlhttp://www.secuobs.com/revue/news/446037.shtml 2013-05-17 02:06:58 - Security Bloggers Network : Apple released the latest update to iTunes today, version 1103, fixing 41 vulnerabilities in the Windows version and 1 in the OS X version Many of these flaws are rated critical and we advise you update as soon as possible http://www.secuobs.com/revue/news/446024.shtmlhttp://www.secuobs.com/revue/news/446024.shtml 2013-05-16 23:38:30 - Security Bloggers Network : Enterprises know they ll have happier employees if they embrace BYOD rather than prohibit it Welcoming BYOD can be better for business output, too the trick is to find the tools that keep employees productive when they re using their own smartphones, tablets or laptops to access the corporate network remotely In his recent reviews of NCP s managed http://www.secuobs.com/revue/news/446005.shtmlhttp://www.secuobs.com/revue/news/446005.shtml 2013-05-16 20:19:23 - Dark Reading All Stories : Members provide strategic and technical input to PCI SSC on specific areas of Council focus http://www.secuobs.com/revue/news/445912.shtmlhttp://www.secuobs.com/revue/news/445912.shtml 2013-05-16 19:46:13 - Security Bloggers Network : It was recently revealed that QinetiQ North American, a major defense contractor, was the victim a massive, multi-year, cyber espionage operation allegedly originating from China According to a representative from Verizon s security division, There was virtually no place we looked where we didn t find intrusion How could an important national security contractor suffer such devastating Read More IMAGE IMAGE http://www.secuobs.com/revue/news/445900.shtmlhttp://www.secuobs.com/revue/news/445900.shtml 2013-05-16 18:46:09 - Help Net Security News : Respondents to a new ISC 2 study identified application vulnerabilities as their top security concern A significant gap persists between software developers priorities and security professionals c http://www.secuobs.com/revue/news/445884.shtmlhttp://www.secuobs.com/revue/news/445884.shtml 2013-05-16 18:39:01 - CORE Security : Yesterday, we here at CORE announced a major enhancement to our CORE Insight Enterprise solution, with the launch of Insight 30 Here are some of the highlights that we announced in yesterday s press release A recent report from Forrester Research stated To say that the threat landscape is overwhelming is the understatement of the year http://www.secuobs.com/revue/news/445881.shtmlhttp://www.secuobs.com/revue/news/445881.shtml 2013-05-16 17:29:18 - Reverse Engineering : submitted by polsab link comment http://www.secuobs.com/revue/news/445862.shtmlhttp://www.secuobs.com/revue/news/445862.shtml 2013-05-16 14:50:38 - Network World on Security : University researchers have developed a methodology for enabling networked devices in an industrial control system to police each other for abnormal behavior that would indicate a compromise http://www.secuobs.com/revue/news/445834.shtmlhttp://www.secuobs.com/revue/news/445834.shtml 2013-05-16 14:19:22 - Security Musings : There are quite a few tools readily known to the Android reversing community The primary one is most likely smali baksmali It s an open source tool which will decompile compile an android dex format which is used by dalvik the native Android VM, into a format known as smali, which is very similar to an assembly language A lot of people even like dex2jar, which further enhances the experience and takes a broken down apk, and pulls out the compiled dex classes With dex2jar you can further that and attempt to get some readable jar files If you wanted to make it even simpler you continue with that jar and use something like JD-GUI to read those jars back into native java code and be off running For the lazy, there s also the apktool which does most of the above for you in a simple one-stop-shop These are all great tools, but what else is out there That s what I ll be covering in the next few articles Today I d like to point your attention to JEB http java-decompilercom I discovered this back in February when it made its first public release At the time, I was knee deep in doing Android Application Security Assessments as part of our IPA process I was still primarily using the tools mentioned above, so it was nice not only to find something different it doesn t use the open source smali as the decompiler , and it s a nice all-in-one solution for exploring the code, as well as analyzing it http://www.secuobs.com/revue/news/445826.shtmlhttp://www.secuobs.com/revue/news/445826.shtml 2013-05-16 09:16:39 - Help Net Security News : CORE Security launched Insight 30, which delivers multi-vector vulnerability assessment, asset categorization, threat simulation, penetration testing and security analytics, all in the context of net http://www.secuobs.com/revue/news/445773.shtmlhttp://www.secuobs.com/revue/news/445773.shtml 2013-05-16 06:49:50 - Security Bloggers Network : I try to stay away from politics in this blog, but a recent item I saw in another blog I have to pass alongThe original item is HEREThis week, the House is voting on several cybersecurity billsMost important is the controversial CISPA Cyber Intelli http://www.secuobs.com/revue/news/445759.shtmlhttp://www.secuobs.com/revue/news/445759.shtml 2013-05-16 06:49:50 - Security Bloggers Network : As if securing an enterprise s information technology systems was not enough of a headache, security professionals in this day and age especially at the senior level also need to make sure they can communicate the value of their efforts upstream by speaking a language familiar to the executive level, and then throughout the Read More IMAGE IMAGE http://www.secuobs.com/revue/news/445758.shtmlhttp://www.secuobs.com/revue/news/445758.shtml 2013-05-16 06:49:50 - Security Bloggers Network : Today s post is all about Control 11 of the CSIS 20 Critical Security Controls Limitation and Control of Network Ports, Protocols, and Services the last post pertained to Control 10 Here I ll explore the 19 requirements I ve parsed out of the control I used the PDF version, but the online version is here and offer my thoughts Read More IMAGE IMAGE http://www.secuobs.com/revue/news/445757.shtmlhttp://www.secuobs.com/revue/news/445757.shtml 2013-05-16 06:47:33 - SecurityTube.Net : RSA Full Domain Hash RSA-FDH is a digital signature scheme, secure again chosen message attacks in the random oracle model The best known security reduction from the RSA assumption is nontight, ie, it loses a factor of q s , where q s is the number of signature queries made by the adversary It was furthermore proved by Coron EUROCRYPT 2002 that a security loss of q s is optimal and cannot possibly be improved In this work we uncover a subtle flaw in Coron s impossibility result Concretely, we show that it only holds if the underlying trapdoor permutation is certified Since it is well known that the RSA trapdoor permutation is for all practical parameters not certified, this renders Coron s impossibility result moot for RSA-FDH Motivated by this, we revisit the question whether there is a tight security proof for RSA-FDH Concretely, we give a new tight security reduction from a stronger assumption, the Phi-Hiding assumption introduced by Cachin et al EUROCRYPT 1999 This justifies the choice of smaller parameters in RSA-FDH, as it is commonly used in practice All of our results positive and negative extend to the probabilistic signature scheme PSS IMAGE http://www.secuobs.com/revue/news/445754.shtmlhttp://www.secuobs.com/revue/news/445754.shtml 2013-05-16 06:47:33 - SecurityTube.Net : The Schnorr signature scheme has been known to be provably secure in the Random Oracle Model under the Discrete Logarithm DL assumption since the work of Pointcheval and Stern EUROCRYPT 96 , at the price of a very loose reduction though if there is a forger making at most q h random oracle queries, and forging signatures with probability ε F , then the Forking Lemma tells that one can compute discrete logarithms with constant probability by rewinding the forger O qh εF times In other words, the security reduction loses a factor O qh in its time-to-success ratio This is rather unsatisfactory since q h may be quite large Yet Paillier and Vergnaud ASIACRYPT 2005 later showed that under the One More Discrete Logarithm OMDL assumption, any algebraic reduction must lose a factor at least q1 2h in its time-to-success ratio This was later improved by Garg et al CRYPTO 2008 to a factor q2 3h Up to now, the gap between q2 3h and q h remained open In this paper, we show that the security proof using the Forking Lemma is essentially the best possible Namely, under the OMDL assumption, any algebraic reduction must lose a factor f ε F q h in its time-to-success ratio, where f 1 is a function that remains close to 1 as long as ε F is noticeably smaller than 1 Using a formulation in terms of expected-time and queries algorithms, we obtain an optimal loss factor Ω q h , independently of ε F These results apply to other signature schemes based on one-way group homomorphisms, such as the Guillou-Quisquater signature scheme IMAGE http://www.secuobs.com/revue/news/445753.shtmlhttp://www.secuobs.com/revue/news/445753.shtml 2013-05-16 04:17:32 - Computer Security News : Prior to a trip it's not uncommon for many of us to load up our smartphone with the latest time-killer games, social or travel apps http://www.secuobs.com/revue/news/445742.shtmlhttp://www.secuobs.com/revue/news/445742.shtml 2013-05-16 02:57:02 - Security Bloggers Network : info-blog-iconjpg Internet crime costs consumers more than half a billion dollars last year http wwwdarkreadingcom attacks-breaches internet-crime-cost-consumers-more-than 240154922 Consumers lost an average of 1,800 last year info-blog-iconjpg A hacker broke into 420,000 vomputers to bring you this GIF of the entire internet at work http wwwbusinessinsidercom a-hacker-broke-into-420000-computers-to-bring-you-this-stunning-gif-of-the-entire-internet-at-work-2013-5 ixzz2TIBUvxCr An anonymous researcher took control over some 420,000 Internet connected-devices in order to map the whole Internet in a way nobody had done before info-blog-iconjpg Spreading the word about cyber security http fcwcom articles 2013 05 15 cybersecurity-evangelismaspx Network building is the most important part of the job you have to win advocates for moving forward with security controls in our systems info-blog-iconjpg Holder backs warrant requirement for most email searches http thehillcom blogs hillicon-valley technology 300011-holder-backs-warrant-requirement-for-most-email-searches The balance between privacy and government access is one of the most important conversations we can have in the 21st century info-blog-iconjpg Air gaps won t protect your operations http wwwautomationworldcom air-gaps-wont-protect-your-operations Because people will always find a way to get the data where they need it info-blog-iconjpg Critical Linux vulnerability imperils users even after silent fix http arstechnicacom security 2013 05 critical-linux-vulnerability-imperils-users-even-after-silent-fix This high-severity vulnerability that gives untrusted users with restricted accounts nearly unfettered root access over machines http://www.secuobs.com/revue/news/445739.shtmlhttp://www.secuobs.com/revue/news/445739.shtml 2013-05-16 00:36:27 - Security Bloggers Network : Ever wondered how cybercriminals turn electronic trickery into cold, hard cash What sort of person gets drawn into this sort of crime Who bears the cost And how do the cops arrest the perpetrators when they might be dozens of network hops away http://www.secuobs.com/revue/news/445720.shtmlhttp://www.secuobs.com/revue/news/445720.shtml 2013-05-16 00:10:26 - Dark Reading All Stories : CORE Insight 30 delivers multivector vulnerability assessment, asset categorization, threat simulation, penetration testing, and advanced security analytics http://www.secuobs.com/revue/news/445719.shtmlhttp://www.secuobs.com/revue/news/445719.shtml 2013-05-15 23:43:24 - Security Bloggers Network : I have questioned the existence of thought leadership in security industry before This seems to be changing With a few innovative and smart individuals and rapid technological developments in the industry, the approach to addressing security challenges is shifting A good example is Bromium Using developments in the chip industry and virtualisation technology, Bromium offers an http://www.secuobs.com/revue/news/445715.shtmlhttp://www.secuobs.com/revue/news/445715.shtml 2013-05-15 23:43:24 - Security Bloggers Network : Lots going on in the enterprise space right now, including the rush to push out mobile apps They're springing up like weeds, replacing websites, and are gaining multi-factor authentication for security but wait, does any of this added security make sense, especially on the mobile platform Let's investigate IMAGE http://www.secuobs.com/revue/news/445713.shtmlhttp://www.secuobs.com/revue/news/445713.shtml 2013-05-15 22:17:57 - Digital Forensics Magazine supporting the professional computer security industry : British business on the back foot in terms of Cyber security says security firm Banking sector needs more support http://www.secuobs.com/revue/news/445707.shtmlhttp://www.secuobs.com/revue/news/445707.shtml 2013-05-15 20:22:11 - Network World on Security : Misbehaving adware buried inside mobile apps has turned into such a problem that security vendor Lookout Mobile Security has published a deadline for networks to change their behaviour or face being blacklisted http://www.secuobs.com/revue/news/445688.shtmlhttp://www.secuobs.com/revue/news/445688.shtml 2013-05-15 18:07:00 - Dark Reading All Stories : Maestro is built in a custom private cloud for consumption of the public cloud of advisory tools and services http://www.secuobs.com/revue/news/445586.shtmlhttp://www.secuobs.com/revue/news/445586.shtml 2013-05-15 17:37:06 - Security Bloggers Network : IMAGE http://www.secuobs.com/revue/news/445584.shtmlhttp://www.secuobs.com/revue/news/445584.shtml 2013-05-15 16:40:58 - Security Bloggers Network : HeistMain-resize-380x300Yesterday's news brought us yet another reason why companies of all sizes need to take network security seriously This is no place for companies to cut cost and hope the headlines will not be flashing their names, because this approach will more likely than not lead to trouble Read more The post Don't Gamble When it Comes to Information Security appeared first on Security Management at the Speed of Business - AlgoSec Blog http://www.secuobs.com/revue/news/445567.shtmlhttp://www.secuobs.com/revue/news/445567.shtml 2013-05-15 15:46:29 - Security Bloggers Network : What are you doing to make the integrity of your corporate email messaging an integral part of your information security policy If you don t have a definitive answer for this question, then read on I ve got some great advice from experts on the topic that you can take action on today to protect your company s brand I recently interviewed Alec Peterson, Read more IMAGE http://www.secuobs.com/revue/news/445560.shtmlhttp://www.secuobs.com/revue/news/445560.shtml 2013-05-15 15:26:15 - LinuxSecurity.com Latest News : LinuxSecuritycom A new wave of cyberattacks is hitting American companies at a particularly vulnerable time for the Department of Homeland Security, the federal agency charged with fending them off http://www.secuobs.com/revue/news/445552.shtmlhttp://www.secuobs.com/revue/news/445552.shtml 2013-05-15 14:36:34 - Network World on Security : Adobe has released scheduled security updates for its Reader, Acrobat, Flash Player and ColdFusion products on Tuesday in order to fix many critical vulnerabilities, including one that is already actively exploited by attackers http://www.secuobs.com/revue/news/445535.shtmlhttp://www.secuobs.com/revue/news/445535.shtml 2013-05-15 14:02:00 - Help Net Security News : The information security job market continues to expand In fact, according to a report by Burning Glass Technologies, over the past five years demand for cybersecurity professionals grew 35 times fa http://www.secuobs.com/revue/news/445527.shtmlhttp://www.secuobs.com/revue/news/445527.shtml 2013-05-15 12:11:20 - Netsparker Web Application Security Scanner : A false positive is like a false alarm your house alarm is triggered and there is no burglar In web application security a false positive is when a web application security scanner indicates that your website is vulnerable to a web vulnerability such as SQL Injection, while in reality it is not Web security experts and penetration testers use automated tools such as web application security scanners to ease the job of a web application penetration testing Web application security scanners are used to ensure that all of the web application s input vectors are tested properly in a fashionable amount of time Unaffordable Web Application Security because of False Positives ---------------------------------------------------------------- Web application security scanners are known to report false positives, hence a web application penetration test consumes a considerable amount of time because the penetration testers has to go through all the reported vulnerabilities and verify them by trying to exploit them manually Because of this, web application security is unaffordable for many businesses Unfortunately people working in the web application security industry are accepting the fact that web application security scanners tend to report false positives So they are trying to learn to live with them rather than pushing security software vendors to develop better web vulnerability scanners Apart from costs, false positives bring around new problems Ignoring the Real Web Application Vulnerabilities ------------------------------------------------- By nature, we humans tend start ignoring false alarms rather quickly Penetration testers are doing the same in a web application penetration test For example if a web application security scanner detects 200 cross-site scripting vulnerabilities, if the first 10 variants are false positives the penetration tester assumes that all others are as well and ignores all the rest By doing so, there chances that a real web application vulnerability is missed are quite high Lack of knowledge from Pen Testers means Scanners Report a lot of False Positives ----------------------------------------------------------------- The penetration test of your web applications depends on the knowledge of the penetration tester you hired rather than the capabilities of the web application security scanner As we have already seen, since penetration testers do not trust web application security scanners they verify every reported web vulnerability the web scanner detects If the penetration tester, or the employee using the web security scanner is unable to exploit a particular web application vulnerability due to lack of knowledge or experience, such vulnerability is classified as false positive and will never be fixed Web Application Security Scanner vs Penetration Tester ------------------------------------------------------ Web application security scanners are not exactly the cheapest software you can buy, but neither are professional penetration testers Business owners and Chief Security Officer might be wondering which is the best option to secure their web applications invest in a web application security scanner that can be used by own employees or hire a professional penetration tester And if we invests in a web application security scanner, do we have the right employee to verify its findings False Positive Free Web Application Security Scanner ---------------------------------------------------- The most productive and cost effective web application security solution is a false positive free web application security scanner which can be used by any of your technical employees The benefits of having such a scanner is that web application penetration tests will consume much less time and your employees do not need to have years of hacking experience to verify the results Netsparker is the first web application security scanner on the market that is shipped with an exploitation engine which is automatically triggered when a web application vulnerability is detected Exploitation is safe and read-only, so there is no chance of corrupting data or disrupting the website service because of it Upon finding a vulnerability Netsparker automatically tries to exploit it and if it manages, it means that the vulnerability is definitely not a false positive Netsparker will clearly report it to the user, so user can trust the results and doesn t need to spend time to confirm it manually With this type of proactive and heuristic web application security scanning businesses do not need to hire expensive penetration testers to verify the findings of a web application security scan Any developer taking care of your websites and web applications can quickly launch a web application security scan with Netsparker, analyse the findings and fix vulnerabilities IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/445495.shtmlhttp://www.secuobs.com/revue/news/445495.shtml 2013-05-15 09:44:25 - Computer Security News : A local dentist's office is working to ensure its patients' records are secure after a virus attacked the office's computer system in March http://www.secuobs.com/revue/news/445477.shtmlhttp://www.secuobs.com/revue/news/445477.shtml 2013-05-15 09:07:32 - SecurityTube.Net : In this video Darek Dabbs, CISSP PCI-QSA, VP of Information Security at Sera-Brynn discuss the latest known security threats and incident response methods He will talk about Cyber Security Threats and Incident Response The loss of industrial information and intellectual property through cyber espionage constitutes the greatest transfer of wealth in history Every major company in the United States has already been penetrated by China IMAGE http://www.secuobs.com/revue/news/445473.shtmlhttp://www.secuobs.com/revue/news/445473.shtml 2013-05-15 09:07:32 - SecurityTube.Net : In this video Adam Goslin, Chief Operations Officer talks about PCI Mobile Payments Acceptance Security Mobile Challenges Consumer Devices haven't held to same Security Standard Consumer Mobile device applications could access stored in transmitting card data Across manufacturers of devices, developers of operating systems, application designers, network carriers and the use of various protocols to connect these different entities Mobile application developers typically different personnel than web platforms, reducing both awareness and secure coding capabilities IMAGE http://www.secuobs.com/revue/news/445472.shtmlhttp://www.secuobs.com/revue/news/445472.shtml 2013-05-15 03:13:52 - Security Bloggers Network : info-blog-iconjpg Adobe shares cyber security lessons http blogswsjcom riskandcompliance 2013 05 14 adobe-shares-cybersecurity-lessons Allan Paller It s hard to build a good reputation when you ve been the cause of so much damage info-blog-iconjpg On cyber security the nation needs meta leadership http wwwpoliticocom story 2013 05 on-cybersecurity-nation-needs-meta-leadership-91278html hp l8 Will information sharing only come as a response to a major attack resulting in a plan will be assembled quickly and haphazardly after the fact info-blog-iconjpg Android threats growing in number and complexity, report says http wwwcomputerworldcom s article 9239188 Android_threats_growing_in_number_and_complexity_report_says taxonomyId 17 FSecure While the raw amount of Android malware continues to rise significantly, it is the increased commoditization of those malware that is the more worrying trend, info-blog-iconjpg It s better to call ahead when sending malware, Symantec finds http wwwcomputerworldcom s article 9239168 It_39_s_better_to_call_ahead_before_sending_malware_Symantec_finds taxonomyId 17 Symantec describes as a sophisticated social engineering campaign aimed at French-speaking accounting and finance department employees The victim is called and asked in French if they can process an invoice sent by email info-blog-iconjpg New York student aims to sell his own personal data on Kickstarter http wwwslatecom blogs future_tense 2013 05 13 federico_zannier_is_selling_his_own_personal_data_on_kickstarterhtml Turning the online privacy equation on its head, this student aims to take control of his personal data by selling it himself info-blog-iconjpg 3 Big Mistakes In Incident Response http wwwdarkreadingcom management 3-big-mistakes-in-incident-response 240154817 Remember Overreaction can cause you to miss the key details info-blog-iconjpg Windows Malware Techniques Spread to Android http securitywatchpcmagcom mobile-security 311417-windows-malware-techniques-spread-to-android Over 75pourcents of current Android threats exist to make money for their creators info-blog-iconjpg Email Even The CIA Uses It Time To Get Serious About Its Legal Protections http wwwforbescom sites erikamorphy 2013 05 14 email-even-the-cia-uses-it-time-to-get-serious-about-its-legal-protections Everyone is impacted by weak email security http://www.secuobs.com/revue/news/445447.shtmlhttp://www.secuobs.com/revue/news/445447.shtml 2013-05-15 02:22:15 - Network Security Blog : Rich is dealing with some sick babies, so Martin and Zach inadvertently make the show about corporate and government not just the US this time surveillance Network Security Podcast, Episode 312, May14, 2013 Time 38 26 Show notes How the Syrian Electronic Army Hacked The Onion US Weighs Wide Overhaul of Wiretap Laws FBI s Latest Proposal http://www.secuobs.com/revue/news/445444.shtmlhttp://www.secuobs.com/revue/news/445444.shtml 2013-05-15 01:36:25 - Security Bloggers Network : Not to be outdone by Microsoft and Adobe's Patch Tuesday releases, Mozilla pushed out its latest browser and email client updates today There are no bated-breath patches for in-the-wild exploits, but 3 of the 8 security fixes are deemed critical http://www.secuobs.com/revue/news/445438.shtmlhttp://www.secuobs.com/revue/news/445438.shtml 2013-05-15 00:43:43 - SAFECode : Today has been a really exciting day for SAFECode I am writing from our table at the Security Development Conference, a great event focused on implementing the latest in security development techniques and processes Howard had the honor of helping kick off the conference with one of the morning keynotes, and discussed the important role http://www.secuobs.com/revue/news/445425.shtmlhttp://www.secuobs.com/revue/news/445425.shtml 2013-05-15 00:03:09 - SANS Internet Storm Center InfoCON green : Microsoft today also release http://www.secuobs.com/revue/news/445421.shtmlhttp://www.secuobs.com/revue/news/445421.shtml 2013-05-14 22:41:01 - Dark Reading All Stories : Lumension Security report examines how companies are responding to the security threats presented by the influx of mobile devices on the company networ http://www.secuobs.com/revue/news/445403.shtmlhttp://www.secuobs.com/revue/news/445403.shtml 2013-05-14 22:11:30 - Security Bloggers Network : It seems that not a week goes by without another spate of articles about the mounting threat of account hijacking and cybercrime Last week, The Onion revealed how the Syrian Electronic Army SEA gained access to their social media accounts, and just this past weekend, The New York Times reported that a new wave of cyberattacks against utility companies recently prompted a warning from the Department of Homeland Security On the other side of the coin, Google just announced its five year roadmap for stronger account security and Paypal which, along with Google and others is a member of the Fast Identity Online Alliance FIDO , revealed its goal to obliterate the password Google s roadmap calls for a much more aggressive two-factor authentication log-in scheme linked to a user s cell phone or other Android device Although the initial challenge to log in will be more rigorous, the idea is that it s a one-time thing Once people sign in on their device, that device can be used to authorize other services and other devices through near-field communication over a phishing-proof protocol This proposal represents a big step forward in account security, and if everything works out the way the authors envisage, we d The post Google, FIDO and the Future of Account Security appeared first on Impermium http://www.secuobs.com/revue/news/445400.shtmlhttp://www.secuobs.com/revue/news/445400.shtml 2013-05-14 21:09:42 - Security Bloggers Network : As a Technical Security Engineer at our client you will be responsible for the network security elements of our global backbone, production datacenters and corporate infrastructure You will be asked to protect our websites and offices so that our 150 million unique visitors can get to the content they seek 24x7xForever Technology responsibilities include network anomaly detection and analysis including Internet based attack mitigation, router switch security, network architecture and design, configure manage production and corporate VPNs and firewalls, policy management, and risk analysis You will be a key contributor to the security and optimization of our infrastructure, overall system design, and managing the day-to-day network securityinfrastructure The NetSec team is looking for a person who brings outside experience and fresh ideas Our sites must be up 24x7xForever, as such you will be an escalation point for our Tier 1 and Tier 2 NOCs Read on for some of the specifics And don t forget if your organization is interested in posting their career opportunities here, head on over to our Job Board page for all the details Well anyway on to the job post Title Technical Security Engineer Position Location Dulles, VA Company Name CTC, Inc Job Description Responsibilities Collaborates on the security and design of internal products Researches and investigates reported network security related issues Utilizes http://www.secuobs.com/revue/news/445393.shtmlhttp://www.secuobs.com/revue/news/445393.shtml 2013-05-14 21:09:42 - Security Bloggers Network : Episode 0 29 Not just CrO2, but now with Dolby Does anyone read show notes So last week had a really annoying failure in the workflow that gets this podcast from a bad Skype conference call to your ears oh precious listener In this case, it was the failure to apply the noise canceller magic http://www.secuobs.com/revue/news/445391.shtmlhttp://www.secuobs.com/revue/news/445391.shtml 2013-05-14 20:15:00 - Security Bloggers Network : This morning at the Security Development Conference in San Francisco, I am joined by hundreds of organizations that have traveled from all over the world to learn more about proven practices in security development that can help reduce an organization http://www.secuobs.com/revue/news/445379.shtmlhttp://www.secuobs.com/revue/news/445379.shtml 2013-05-14 20:15:00 - Security Bloggers Network : Basic advice on cyber security survival for businesses is presented as a 6-step roadmap, along with links to free resources that can be useful in your efforts to defend your business The post Cyber security road map for businesses appeared first on We Live Security http://www.secuobs.com/revue/news/445378.shtmlhttp://www.secuobs.com/revue/news/445378.shtml 2013-05-14 20:15:00 - Security Bloggers Network : By Steve Lipner, partner director of Software Security, Trustworthy Computing Security, MicrosoftToday marks the first day of the Security Development Conference 2013 Security professionals from companies, government agencies and academic instit http://www.secuobs.com/revue/news/445377.shtmlhttp://www.secuobs.com/revue/news/445377.shtml 2013-05-14 19:54:10 - Network World on Security : China's reputation for security may have been marred by recent US accusations of state-sponsored hacking but the nation is still a safe place as a tech subcontractor for foreign businesses, according to one of China's largest IT outsourcing vendors http://www.secuobs.com/revue/news/445364.shtmlhttp://www.secuobs.com/revue/news/445364.shtml 2013-05-14 19:54:10 - Network World on Security : Bryan Sartin is director of Verizon's RISK Team, the communications provider's computer forensics practice, which is also the group that helps create the annual Data Breach Investigations Report DBIR Network World Editor in Chief John Dix caught up with Sartin to learn more about the RISK Team, get his take on the state of enterprise security, and discuss new findings from the recently published DBIR report http://www.secuobs.com/revue/news/445363.shtmlhttp://www.secuobs.com/revue/news/445363.shtml 2013-05-14 19:40:55 - MSI State of Security : Our good friend, Aaron Bedra, posted a fantastic piece at the Braintree Blog this morning about building a security culture I thought the piece was so well done that I wanted to share it with you Click here to go Continue reading The post Aaron Bedra on Building Security Culture appeared first on MSI State of Security http://www.secuobs.com/revue/news/445356.shtmlhttp://www.secuobs.com/revue/news/445356.shtml 2013-05-14 18:51:18 - Dark Reading All Stories : McAfee LiveSafe uses facial and voice recognition technology http://www.secuobs.com/revue/news/445350.shtmlhttp://www.secuobs.com/revue/news/445350.shtml 2013-05-14 18:22:29 - Security Bloggers Network : Of 200 enterprise security professionals recently surveyed by Enterprise Strategy Group, 79 percent report Web application security attacks in the past year In a late April Network World blog on the topic, Jon Oltsik, a principal analyst at ESG, said the study also found thieves attacked Web application features and functions such as application authentication, configuration management, application authorization and session management Oltsik says the good news is that there s more em http://www.secuobs.com/revue/news/445342.shtmlhttp://www.secuobs.com/revue/news/445342.shtml 2013-05-14 17:29:52 - Security Bloggers Network : Popular daily deal website LivingSocial became the latest company to fall afoul of hackers when its servers were recently breached The company had to undertake the unenviable task of informing some 50 million users that they needed to reset their passwords following the cyber-attack Of course, LivingSocial is hardly alone Evernote suffered a similar attack in recent weeks, and countless other companies that have discovered that their security posture is not up to defending against modern threats These breaches demonstrate The post Server Security Issues Plague LivingSocial appeared first on Data Security Blog Vormetric http://www.secuobs.com/revue/news/445328.shtmlhttp://www.secuobs.com/revue/news/445328.shtml 2013-05-14 17:24:01 - Fortinet Blog News and Threat Research All Posts : Of 200 enterprise security professionals recently surveyed by Enterprise Strategy Group, 79 percent report Web application security attacks in the past year In a late April Network World blog on the topic, Jon Oltsik, a principal analyst at ESG, said the study also found thieves attacked Web application features and functions such as application authentication, configuration management, application authorization and session management Oltsik says the good news is that there s more em http://www.secuobs.com/revue/news/445324.shtmlhttp://www.secuobs.com/revue/news/445324.shtml 2013-05-14 16:39:07 - Help Net Security News : McAfee announced McAfee LiveSafe, an unlimited cross-device security service that uses facial and voice recognition technology to protect users digital lives The service will be offered at an introd http://www.secuobs.com/revue/news/445316.shtmlhttp://www.secuobs.com/revue/news/445316.shtml 2013-05-14 16:37:09 - GDS Blog : Note This post has been crossposted from the SendSafely blog You can find the original post at http blogsendsafelycom post 50303516209 retrofitting-code-for-content-security-policy In a previous blog post we shared how SendSafely uses Content Security Policy to minimize the risk of Cross-Site Scripting, commonly referred to as XSS if you didn t catch this post, you can check it out here While it would have been easiest to design our site to use CSP from the beginning, the initial version of our website grew out of an internal research project and was not so fortunate As a result, we needed to refactor a lot of our UI code to comply with a strict CSP Specifically, we needed to get rid of the following two patterns that were fairly pervasive in our code Inline scripting A sound CSP does not allow HTML and JavaScript to co-exist in the same document Prior to CSP, we had a lot of in-line scripts Script code served from the same host CSP best practices dictate that scripts should only run from a dedicated sub-domain that serves static content This means that JavaScript not only needs to be in separate files, but also served from a completely different host Given the above requirements, we needed to figure out an efficient way to convert our existing UI code As it turned out, our code followed a few simple patterns Once we came up with a methodical way to convert each pattern, we had a game plan for moving forward with the site-wide conversion Common Code Patterns When we analyzed HTML our code to see how we were using Javascript, we were broadly able to categorize about 90pourcents of our use cases into two buckets Links or tag events that called no-arg functions Do something Links or tag events that called functions with one or more arguments The first case was simple For elements that previously called a function on a specific event or on a click, we started by giving them a unique element id Then, in the JavaScript code that loads from our static domain, we have a routine that always fires and looks specifically for each relevant id and programmatically registers the event on that element So, for example, the first sample we showed you above would get converted to the following HTML on our dynamic domain and JavaScript loaded from the static domain HTML Do something JavaScript var link documentgetElementById my-link linkaddEventListener click , doSomething, false If you use JQuery like we do it can be done in a slightly more elegant fashion my-link click function doSomething The second case is not quite as simple, but still relatively straightforward The main difference between the first and second case is that we need to pass arguments into the JavaScript function One of the most widely supported and earliest adopted parts of the HTML5 spec across all browsers is the data- element It s supported by all major browsers and has been for some time http caniusecom feat dataset This allows us to declare data attributes on a given HTML element that can be referenced elsewhere by JavaScript, so they are perfect for holding the values we were previously passing in as function arguments We use the same technique as before to register the click event, but also include references to the data- attributes in the function call So, going back to our example, the second sample we showed you would get converted to the following HTML on our dynamic domain and JavaScript loaded from the static domain HTML JavaScript JQuery my-email-field keyup function doSomethingElse thisgetAttribute data-arg-one , thisgetAttribute data-arg-two Web Workers Unfortunately not all of our JavaScript was covered by the above two examples One of the more notable exceptions to this was how to incorporate HTML5 Web Workers into our policy We use web workers when we encrypt and decrypt files using JavaScript since CPU intensive operations like that would cause the entire browser UI to freeze-up during the process which can take anywhere from a few seconds to several minutes As it currently stands, most browsers require that web workers execute from JavaScript on the same domain that the page is loaded from So, in the case of our website, pages loaded from wwwsendsafelycom cannot run a web worker loaded from staticsendsafelycom This is less than ideal from a security perspective since it requires an exception to our otherwise tight CSP In order to minimize the places where this exception is allowed, we defined a slightly looser policy for the two URLS that we use for sending encrypting and receiving decrypting files Unlike other URLs on our site, these two pages allow scripts originating from the dynamic server to execute We still don t allow in-line scripting, so the exposure on these pages is still somewhat minimal since a separate file still needs to be loaded from the same server For now it seems we will need to live with this approach until a solution for loading web workers from a separate domain is possible Third Party Scripts reCAPTCHA Like many sites, SendSafely uses reCAPTCHA to prevent bots and other automated processes from interacting with certain parts of our application The reCAPTCHA AJAX API requires us to load certain scripts and images from Google servers specifically from wwwgooglecom recaptcha , which forced us to include wwwgooglecom in our CSP refer to the previous post to see how we ve done that In an ideal world, that would be the only change needed, but life is rarely that simple Unfortunately, it doesn t look like the reCAPTCHA AJAX API plays nicely with CSP since it doesn t run without the inline-scripts and unsafe-eval directives Out of all the CSP directives to allow, these two create a huge increase in attack surface since they expose a wide variety of XSS attack variants To better understand why the reCAPTCHA AJAX API requires these directives, let s take a closer look at the two steps needed to implement the API taken fromhttps developersgooglecom recaptcha docs display Step 1 Load the API JavaScript from Google Step 2 Display the CAPTCHA using the following code Recaptchacreate your_public_key , element_id , theme red , callback Recaptchafocus_response_field At their surface, both steps seem easy to run with CSP The problem, however, lies in the contents ofrecaptcha_ajaxjs Specifically, the following three code patterns are present in this file and unless re-factored require inline-scripts and unsafe-eval permissions Inline Event Handler Definitions Inline Script within HREF Attributes Use of String-to-Code in Function Calls After some research and initial attempts to unsuccessfully contact the reCAPTCHA team at Google, we decided to take a stab at re-factoring some of the code to make it CSP friendly Refactoring third party code is never ideal, but if we could restrict our changes to just presentation-level code and not touch the code that invokes the server API, we minimize the risk of introducing any breaking changes going forward As it turns out, the changes to recaptcha_ajaxjs required are very minimal and self-contained in that single JS file Once updated, all we needed to do was load the re-factored JS file from our server instead of remotely from the Google servers Let s take a close look at what was changed Inline Event Handler Definitions Many of the reCAPTCHA HTML elements use in-line handler definitions for the onclick event In order to comply with CSP, the handler definition must be rewritten in terms of addEventListener as shown below the a function is used to dynamically generate an HTML a tag with the specified ID Very easy Before a recaptcha_whatsthis_btn onclick function Recaptchashowhelp return 1 After documentgetElementById recaptcha_whatsthis_btn addEventListener click , function Recaptchashowhelp return 1 Inline Script within HREF Attributes reCAPTCHA uses a custom function to dynamically build certain document elements The last argument for one of these functions named c is assigned to the HREF attribute of the element, which in some cases includes JavaScript For these cases, the function call was modified to remove the last argument, and instead bind the argument value programmatically to the onclick event using addEventListener as in the previous example Before c recaptcha_reload , refresh , refresh_btn , javascript Recaptchareload After c recaptcha_reload , refresh , refresh_btn documentgetElementById recaptcha_reload_btn addEventListener click , function Recaptchareload Use of String-to-Code in Function Calls Some JavaScript functions, like eval for example, allow you to specify a function as input or alternatively let you pass string content that will get treated and executed as code often referred to as string-to-code Passing a string argument to any of these functions eval, setinterval, etc requires the unsafe-eval directive, which is definitely something we do not want to allow In this case, as shown below, the code is relatively painless to convert since the string value is not dynamic in nature This was the simplest change of all Before Recaptchatimer_id setInterval Recaptchareload t , a After Recaptchatimer_id setInterval function Recaptchareload t , a By changing those three subtle patterns, we were able to safely run the reCaptcha AJAX API without loosening our CSP We welcome anyone in the same boat to leverage our re-factored JS code to run reCAPTCHA with CSP on your own site As mentioned, we attempted to contact the reCAPTCHA team at Google during this effort with no success Hopefully our changes will one day get reflected in the ReCaptcha AJAX API code IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/445314.shtmlhttp://www.secuobs.com/revue/news/445314.shtml 2013-05-14 14:38:09 - LinuxSecurity.com Latest News : LinuxSecuritycom Facebook will host a Capture the Flag competition to find the next generation of cyber security experts The competition includes a total prize fund of 3,500 available for first, second and third place winners http://www.secuobs.com/revue/news/445286.shtmlhttp://www.secuobs.com/revue/news/445286.shtml 2013-05-14 14:33:22 - Dark Reading All Stories : Virtualized containers expected to catch on in the enterprise, but the technology has its weaknesses, too http://www.secuobs.com/revue/news/445284.shtmlhttp://www.secuobs.com/revue/news/445284.shtml 2013-05-14 13:49:55 - Network World on Security : Back in 2007 Johnny Long came to a fork in the road An accomplished IT security pro with 13 years working at one of the big names, he had a great career and family, but he didn't feel fulfilled And he had no idea why not http://www.secuobs.com/revue/news/445271.shtmlhttp://www.secuobs.com/revue/news/445271.shtml 2013-05-14 13:44:35 - Dark Reading All Stories : Free curriculum will help businesses build software security training programs in-house, SAFECode says http://www.secuobs.com/revue/news/445264.shtmlhttp://www.secuobs.com/revue/news/445264.shtml 2013-05-14 13:15:38 - Help Net Security Articles : Despite the pervasiveness of cyber-attacks threatening the enterprise security today, many organizations are still not taking advantage of their most widely deployed security asset people Adversa http://www.secuobs.com/revue/news/445254.shtmlhttp://www.secuobs.com/revue/news/445254.shtml 2013-05-14 13:15:26 - Help Net Security News : The G20 should tackle the vastly important issue of Internet security and articulate a vision for shaping the Internet economy for the next five to 10 years, a new commentary issued by The Centre fo http://www.secuobs.com/revue/news/445253.shtmlhttp://www.secuobs.com/revue/news/445253.shtml 2013-05-14 13:15:26 - Help Net Security News : Despite the pervasiveness of cyber-attacks threatening the enterprise security today, many organizations are still not taking advantage of their most widely deployed security asset people Adversa http://www.secuobs.com/revue/news/445252.shtmlhttp://www.secuobs.com/revue/news/445252.shtml 2013-05-14 09:00:06 - Computer Security News : Can quantum computing be the key to a much safer power grid A California startup, GridCOM, plans to show just how quantum encryption could be a nearly fail-proof shield against cybersecurity breaches http://www.secuobs.com/revue/news/445216.shtmlhttp://www.secuobs.com/revue/news/445216.shtml 2013-05-14 07:37:33 - Security Bloggers Network : Security thought leaders Brian Honan, Alea Fairchild, Dwayne Melancon, Nigel Stanley, Gavin Millard, and Amar Singh discuss how the modern CISO needs to address risk differently than ever before in order to position the security team as a primary business enabler for the organization Special thanks to twistandshoutUK for video production Image courtesy of Read More IMAGE IMAGE http://www.secuobs.com/revue/news/445211.shtmlhttp://www.secuobs.com/revue/news/445211.shtml 2013-05-14 07:15:34 - Dark Reading All Stories : Or will kernel vulnerabilities rain on the application sandboxing parade http://www.secuobs.com/revue/news/445209.shtmlhttp://www.secuobs.com/revue/news/445209.shtml 2013-05-14 02:53:55 - Office of Inadequate Security : ElectraCard Services was one of two payment processors in India named in conjunction with that massive 45M cyberheist http://www.secuobs.com/revue/news/445172.shtmlhttp://www.secuobs.com/revue/news/445172.shtml 2013-05-14 01:26:22 - Security Bloggers Network : info-blog-iconjpg Cyberattacks Against US Corporations Are on the Rise http wwwnytimescom 2013 05 13 us cyberattacks-on-rise-against-us-corporationshtml Energy companies are targeted, attacks may be coming from the Middle East info-blog-iconjpg Should companies by required to meet certain cyber security standards http streamwsjcom story latest-headlines SS-2-63399 SS-2-230630 The debate on national cyber security regulation rages on info-blog-iconjpg SEC Chairman reviewing company cyber security disclosures http wwwbloombergcom news 2013-05-13 sec-chairman-reviewing-company-cybersecurity-disclosureshtml US Securities and Exchange Commission Chairman Mary Jo White has asked her staff to review whether publicly traded companies should be prodded to disclose more information about cyberattacks on their computer networks info-blog-iconjpg Saudi Telco asks researcher Moxie Marlinkspike to help spy on residents http wwwscmagazinecom saudi-telco-asks-researcher-moxie-marlinspike-to-help-it-spy-on-residents article 293177 it was seeking Marlinspike's assistance in a government-sponsored surveillance project that was seeking to intercept mobile application data belonging to Twitter, WhatsApp, Viber and Line users info-blog-iconjpg Court Data Breach Could Affect Up To 1 Million In Washington State http wwwseattlemediumcom News article articleasp NewsID 115189 sID 4 The Washington State Administrative Office of the Courts AOC announced a data breach on its public website Potentially up to 160,000 social security numbers and 1 million driver license numbers may have been accessed info-blog-iconjpg Tough times at Homeland Security http bitsblogsnytimescom 2013 05 13 tough-times-at-homeland-security You think you have hiring problems, DHS has been grappling with the departures of its top cybersecurity officials info-blog-iconjpg Five Useless Tips From the NSA s Quaint, Hopelessly Outdated Guide to Internet Research http wwwslatecom blogs future_tense 2013 05 10 nsa_s_hopelessly_outdated_guide_to_internet_researchhtml Remember, your password should be at least 8 characters long http://www.secuobs.com/revue/news/445170.shtmlhttp://www.secuobs.com/revue/news/445170.shtml