Group items tagged

Over the past couple of years, cybercriminals have increasingly focused on finding ways to inject malicious code into legitimate websites. Typically they've done this by embedding code in an editable part of a page and using this code to serve up harmful content from another part of the Web. But this activity can be difficult to spot because websites also increasingly pull in legitimate content, such as ads, videos, or snippets of code, from outside sites.

It's fun to brag when you're at a great bar or going off on vacation. Social networking sites and location-based apps have made it easy to broadcast that kind of information to your friends. The problem is that you may not just be making your friends jealous, but supplying criminals with useful information as well. A new Web site called PleaseRobMe.com has drawn attention to the issue by repurposing posts from foursquare, a social networking site that lets people share the latest about their whereabouts. PleaseRobMe demonstrates that it's easy for anyone to find out you're not at home - and therefore, are presenting an "opportunity" for burglary. "There are physical and economic safety risks when you're publicizing to the world where you are," says Kevin Bankston, a senior staff attorney with the Electronic Frontier Foundation. "It's obviously a treasure trove of information for criminals. PleaseRobMe is a good demonstration of how easy it is."

Article Writing & Guestpost You Can Join this Site for Your Article & guest post, Just Easy way to join this site & total free Article site. This site article post to totally free Way. Guest Post & Article Post live to Life time only for Current & this time new User. http://guestpostonline.com

Simply joining a few groups at social networking sites may reveal enough information for hackers to personally identify you, according to some recent computer science research. In a paper that will be presented at a security conference later this year, an international team of academics describes how they were able to build membership sets using information that social networking sites make available to the public, and then leverage an existing attack on browsing history to check for personal identity. That information, they argue, can then be combined with other data to create further security risks, such as a personalized phishing attack.

"Google engineers are experimenting with new ways to replace user passwords, including a tiny YubiKey cryptographic card that would automatically log people into Gmail, according to a report published Friday. In the future, engineers at the search giant hope to find even easier ways for people to log in not just to Google properties, but to sites across the Web. They envision a single smartphone or smartcard device that would act like a house or car key, allowing people access to all the services they consume online. They see people authenticating with a single device and then using it everywhere."

Cuando usted está tratando de construir un sitio web seguro o una aplicación web, que ayuda a ver el problema a través de los ojos del adversario, para comprender las debilidades que pueden ser utilizados para atacar a un sitio web. A través de ejercicios prácticos de curso de seguridad en redes, este curso de vídeo 3 horas que le mostrará varias de las deficiencias más comunes y cómo pueden ser explotadas por un atacante - en este caso, usted. Después de aprender esto de international institute of cyber security, usted estará mejor preparado para proteger sus propios, sus clientes o sitios web de su empleador de este tipo de ataques. Durante el curso de seguridad en redes echamos un vistazo más de cerca a la Burp Suite Ubicación del sitio y la araña. Este módulo cubre luego pasar por los controles del lado del cliente, Cross-Site Scripting (XSS), y cómo utilizar XSS almacenado desfigurar un sitio web. En este punto, usted ha aprendido acerca de la explotación. En este módulo se discute cómo encontrar realmente estas vulnerabilidades, ofreciendo un sencillo proceso paso a paso.

SeatBelt is a Firefox plug-in that assists you when signing in to OpenID sites with your Personal Identity Provider (PIP) URL.

computer forensic resources specific to ediscovery; EnCase Certification Experience

A coalition of security experts from more than 30 organizations is urging enterprises to exert more pressure on software vendors to ensure that they use secure code development practices. The group, led by the SANS Institute and Mitre Corp., offered enterprises recent hacks of Google draft contract language that would require vendors to adhere to a strict set of security standards for software development. In essence, the terms would make vendors liable for software defects that lead to security breaches. "Nearly every attack is enabled by [programming] mistakes that provide a handhold for attackers," said Alan Paller, director of research at SANS, a security training and certification group.

Of course, a more general way to address this and other "business" generated problems / abuses (like expensive required "arbitration" by companies owned and in bed with the companies requiring the arbitration!), is to FORBID contract elements that effectively strip any party of certain "rights" (like the right to sue for defectives; the right to freedom of speech; the right to warranty protections; the right to hold either party to public or published promises / representations, etc.). Basically, by making LYING and DECEIT and NEGLIGENCE liability and culpability unrestricted. Or will we hear / be told that being honest and producing a quality product is "anti-business"? What!? Is this like, if I can't lie and cheat being in business isn't worth it!? If that is true, then those parties and businesses could just as well "go away"! Just as "conservatives" say other criminals like that should. One may have argued that the software industry would never have "gotten off the ground" (at least, as fast as it did) if such strict liability had been enforced (as say, was eventually and is more often applied to physical building and their defects / collapses). That is, that the EULAs and contracts typically accompanying software ("not represented as fit for any purpose" more or less!) had been restricted. On the other hand, we might have gotten software somewhat slower but BETTER - NOT being associated with or causing the BILLIONS of dollars in losses due to bugs, security holes, etc. Others will rail that this will merely "make lawyers richer". So what if it will? As long as government isn't primarily "on the side" of the majority of the people (you know, like a "democracy" should be), then being able to get a individual "hired gun" is one of the only ways for the "little guy" to effectively defend themselves from corporate criminals and other "special interest" elites.