Group items tagged

A coalition of security experts from more than 30 organizations is urging enterprises to exert more pressure on software vendors to ensure that they use secure code development practices. The group, led by the SANS Institute and Mitre Corp., offered enterprises recent hacks of Google draft contract language that would require vendors to adhere to a strict set of security standards for software development. In essence, the terms would make vendors liable for software defects that lead to security breaches. "Nearly every attack is enabled by [programming] mistakes that provide a handhold for attackers," said Alan Paller, director of research at SANS, a security training and certification group.

Of course, a more general way to address this and other "business" generated problems / abuses (like expensive required "arbitration" by companies owned and in bed with the companies requiring the arbitration!), is to FORBID contract elements that effectively strip any party of certain "rights" (like the right to sue for defectives; the right to freedom of speech; the right to warranty protections; the right to hold either party to public or published promises / representations, etc.). Basically, by making LYING and DECEIT and NEGLIGENCE liability and culpability unrestricted. Or will we hear / be told that being honest and producing a quality product is "anti-business"? What!? Is this like, if I can't lie and cheat being in business isn't worth it!? If that is true, then those parties and businesses could just as well "go away"! Just as "conservatives" say other criminals like that should. One may have argued that the software industry would never have "gotten off the ground" (at least, as fast as it did) if such strict liability had been enforced (as say, was eventually and is more often applied to physical building and their defects / collapses). That is, that the EULAs and contracts typically accompanying software ("not represented as fit for any purpose" more or less!) had been restricted. On the other hand, we might have gotten software somewhat slower but BETTER - NOT being associated with or causing the BILLIONS of dollars in losses due to bugs, security holes, etc. Others will rail that this will merely "make lawyers richer". So what if it will? As long as government isn't primarily "on the side" of the majority of the people (you know, like a "democracy" should be), then being able to get a individual "hired gun" is one of the only ways for the "little guy" to effectively defend themselves from corporate criminals and other "special interest" elites.

President Obama has identified cybersecurity as one of the most serious economic and national security challenges we face as a nation, but one that we as a government or as a country are not adequately prepared to counter. Shortly after taking office, the President therefore ordered a thorough review of federal efforts to defend the U.S. information and communications infrastructure and the development of a comprehensive approach to securing America's digital infrastructure. In May 2009, the President accepted the recommendations of the resulting Cyberspace Policy Review, including the selection of an Executive Branch Cybersecurity Coordinator who will have regular access to the President. The Executive Branch was also directed to work closely with all key players in U.S. cybersecurity, including state and local governments and the private sector, to ensure an organized and unified response to future cyber incidents; strengthen public/private partnerships to find technology solutions that ensure U.S. security and prosperity; invest in the cutting-edge research and development necessary for the innovation and discovery to meet the digital challenges of our time; and begin a campaign to promote cybersecurity awareness and digital literacy from our boardrooms to our classrooms and begin to build the digital workforce of the 21st century. Finally, the President directed that these activities be conducted in a way that is consistent with ensuring the privacy rights and civil liberties guaranteed in the Constitution and cherished by all Americans.

Database administrators are all too familiar with the issues outlined in Application Security Inc.'s new Top 10 database vulnerabilities list. From the use of default passwords to patching issues, database management systems have been known to be plagued with issues making them vulnerable to attack.

Bruce Schneier's comments on the first Workshop in Security and Human Behavior. Examples of the New School of Information Security.

Security cameras come many types and have seemingly endless feature options. With so many different kinds of home security cameras available, deciding which one makes sense for your home can be a daunting task.Commonly there are two types of security cameras indoor cameras, and outdoor cameras.Both types of cameras are available as standalone units with monitoring apps or as part of a subscription-based home security monitoring system.

Improve the security of your router with router VPN & get more security tips. Bypass geo-restrictions & surf the internet anonymously with router VPN.

Identity and Access Management is an information security framework which focuses on the security of the digital identities in a workplace and enables an administrator to maintain control over the access to the company resources, both physical and digital

Wireless security systems in Edmonton, similar to those recommended by Select Security, incorporate incredible elements and numerous favorable circumstances over their wired partners. Look at one today and ensure your home and family with cutting edge wireless innovation.

This white paper will discuss in detail why application security throughout the entire software development lifecycle is necessary for businesses of all shapes and sizes to prevent web security breaches and how it helps cut down business cost and increase the level of organizational information security.

" Astaro Security Appliance"

To meet the constantly changing threat landscape, IT organizations have implemented 'best in class' security technologies. As a result, IT infrastructures have become increasingly complex with differing security platforms, management consoles, rule sets, change management processes and reporting systems.

Interesting post by Lenny Zeltser entitled "How to Suck at Security."

Simply joining a few groups at social networking sites may reveal enough information for hackers to personally identify you, according to some recent computer science research. In a paper that will be presented at a security conference later this year, an international team of academics describes how they were able to build membership sets using information that social networking sites make available to the public, and then leverage an existing attack on browsing history to check for personal identity. That information, they argue, can then be combined with other data to create further security risks, such as a personalized phishing attack.

After a rather long day, night and morning of studying the news, researching and hunting the #WannaCry ransomware worm there are some discoveries to be shared.. This includes Host and Network IOCs, their analysis obtained with help of fellow security researchers and practitioners, review of C2 infrastructure and its interactions with Tor. Last but not least are some free SIEM use cases. What else should a security practitioner know for their handling of WannaCry?

Let's face it - with the proliferation of company "microsites," it's awfully hard to find an unbiased review of a product or service these days. The same goes for home security systems, as most of them are run by the alarm companies themselves. If you search for "best home security system" how do you know half the results aren't run by a giant alarm company (hint: they are)? Here at A Secure Life, it all began when our analyst's neighbor's house was broken into. Their neighborhood had become increasingly insecure, so we began our search for a solid alarm system provider. http://www.asecurelife.com/best-home-alarm-system

This blog post speaks about the misconceptions people are having about the USA Patriot Act and Data Security, especially in the cloud sector.

What amazes me though is how many patents I encounter that have been granted for some of the most obvious, well-known and ordinary techniques we use in the authentication process. In fact, every imaginable aspect of password selection, authentication, storage, and recovery seems to be covered by one or more patents.As the title says, the process of checking for common or weak passwords is patented. In fact, it is covered by quite a few patents: 1.System for controlling access to a secure system by verifying acceptability 2.Specifying a set of forbidden passwords 3.Preventing trivial character combinations 4.Password strength checking method and apparatus… 5.Method and system for proactive password validation 6.Method, system, and storage medium for determining trivial keyboard sequences of proposed passwords 7.Apparatus and method for indicating password quality and variety

Six failsafe ways to stop online tracking for good. Follow these steps; stay secure and anonymous at all times.

Six failsafe ways to stop online tracking for good. Follow these steps; stay secure and anonymous at all times.