Skip to main content

Home/ Information Security/ Group items tagged ways

Rss Feed Group items tagged

Filter: All | Bookmarks | Topics Simple Middle
Sally Croft

How to Stop Online Tracking Six Failsafe Ways - 0 views

onlinesecurityblog.weebly.com/...ine-tracking-six-failsafe-ways

security online tracking ways how to

shared by Sally Croft on 09 Jun 15 - No Cached
  • Sally Croft on 09 Jun 15
     
    Six failsafe ways to stop online tracking for good. Follow these steps; stay secure and anonymous at all times.
  • Sally Croft on 09 Jun 15
     
    Six failsafe ways to stop online tracking for good. Follow these steps; stay secure and anonymous at all times.
Kiran Kuppa

Google looks to kill the password using tiny cryptographic card | Ars Technica - 0 views

arstechnica.com/...-using-the-ring-on-your-finger

google smartcard smartphone security password identity

shared by Kiran Kuppa on 29 Jul 13 - No Cached
  • Kiran Kuppa on 29 Jul 13
     
    "Google engineers are experimenting with new ways to replace user passwords, including a tiny YubiKey cryptographic card that would automatically log people into Gmail, according to a report published Friday. In the future, engineers at the search giant hope to find even easier ways for people to log in not just to Google properties, but to sites across the Web. They envision a single smartphone or smartcard device that would act like a house or car key, allowing people access to all the services they consume online. They see people authenticating with a single device and then using it everywhere."
Seçkin Anıl Ünlü

Plugging the CSS History Leak at Mozilla Security Blog - 0 views

blog.mozilla.com/...plugging-the-css-history-leak

security web history mozilla online browsers privacy bugfix

shared by Seçkin Anıl Ünlü on 17 Apr 10 - Cached
  • History Sniffing
  • Links can look different on web sites based on whether or not you’ve visited the page they reference.
  • The problem is that appearance can be detected by the page showing you links, cluing the page into which of the presented pages you’ve been to. The result: not only can you see where you’ve been, but so can the web site!
  • ...18 more annotations...
  • The most obvious fix is to disable different styles for visited versus unvisted links, but this would be employed at the expense of utility: while sites can no longer figure out which links you’ve clicked, neither can you.
  • David Baron has implemented a way to help keep users’ data private while minimizing the effect on the web, and we are deploying it to protect our users.
  • The biggest threats here are the high-bandwidth techniques, or those that extract lots of information from users’ browsers quickly.
  • The JavaScript function getComputedStyle() and its related functions are fast and can be used to guess visitedness at hundreds of thousands of links per minute.
  • we’re approaching the way we style links in three fairly subtle ways:
  • Change 1: Layout-Based Attacks
  • First of all, we’re limiting what types of styling can be done to visited links to differentiate them from unvisited links.
  • can only be different in color
  • the CSS 2.1 specification takes into consideration how visited links can be abused:
  • implement other measures to preserve the user’s privacy while rendering visited and unvisited links differently
  • Change 2: Some Timing Attacks
  • we are changing some of the guts of our layout engine to provide a fairly uniform flow of execution to minimize differences in layout time for visited and unvisited links.
  • when the link is styled, the appropriate set of styles is chosen making the code paths for visited and unvisited links essentially the same length.
  • Change 3: Computed Style Attacks
  • JavaScript is not going to have access to the same style data it used to.
  • Firefox will give it unvisited style values.
  • it’s the right trade-off to be sure we protect our users’ privacy.
  • fixing CSS history sniffing will not block all of these leaks. But we believe it’s important to stop the scariest, most effective history attacks any way we can since it will be a big win for users’ privacy.
Skeptical Debunker

Hold vendors liable for buggy software, group says - 0 views

www.computerworld.com/...dors_Liable_for_Buggy_Software

vendor liability software security

shared by Skeptical Debunker on 09 Mar 10 - Cached
  • "The only way programming errors can be eradicated is by making software development organizations legally liable for the errors," he said. SANS and Mitre, a Bedford, Mass.-based government contractor, also released their second annual list of the top 25 security errors made by programmers. The authors said those errors have been at the root of almost every major type of cyberattack, including the recent hacks of Google and numerous utilities and government agencies. According to the list, the most common mistakes continue to involve SQL injection errors, cross-site scripting flaws and buffer overflow vulnerabilities. All three have been well-known problems for
  • Skeptical Debunker on 09 Mar 10
     
    A coalition of security experts from more than 30 organizations is urging enterprises to exert more pressure on software vendors to ensure that they use secure code development practices. The group, led by the SANS Institute and Mitre Corp., offered enterprises recent hacks of Google draft contract language that would require vendors to adhere to a strict set of security standards for software development. In essence, the terms would make vendors liable for software defects that lead to security breaches. "Nearly every attack is enabled by [programming] mistakes that provide a handhold for attackers," said Alan Paller, director of research at SANS, a security training and certification group.
  • Skeptical Debunker on 09 Mar 10
     
    Of course, a more general way to address this and other "business" generated problems / abuses (like expensive required "arbitration" by companies owned and in bed with the companies requiring the arbitration!), is to FORBID contract elements that effectively strip any party of certain "rights" (like the right to sue for defectives; the right to freedom of speech; the right to warranty protections; the right to hold either party to public or published promises / representations, etc.). Basically, by making LYING and DECEIT and NEGLIGENCE liability and culpability unrestricted. Or will we hear / be told that being honest and producing a quality product is "anti-business"? What!? Is this like, if I can't lie and cheat being in business isn't worth it!? If that is true, then those parties and businesses could just as well "go away"! Just as "conservatives" say other criminals like that should. One may have argued that the software industry would never have "gotten off the ground" (at least, as fast as it did) if such strict liability had been enforced (as say, was eventually and is more often applied to physical building and their defects / collapses). That is, that the EULAs and contracts typically accompanying software ("not represented as fit for any purpose" more or less!) had been restricted. On the other hand, we might have gotten software somewhat slower but BETTER - NOT being associated with or causing the BILLIONS of dollars in losses due to bugs, security holes, etc. Others will rail that this will merely "make lawyers richer". So what if it will? As long as government isn't primarily "on the side" of the majority of the people (you know, like a "democracy" should be), then being able to get a individual "hired gun" is one of the only ways for the "little guy" to effectively defend themselves from corporate criminals and other "special interest" elites.
Skeptical Debunker

Technology Review: Mapping the Malicious Web - 0 views

www.technologyreview.com/...24705

Fireshark security monitoring software web connections

shared by Skeptical Debunker on 11 Mar 10 - Cached
  • Now a researcher at Websense, a security firm based in San Diego, has developed a way to monitor such malicious activity automatically. Speaking at the RSA Security Conference in San Francisco last week, Stephan Chenette, a principal security researcher at Websense, detailed an experimental system that crawls the Web, identifying the source of content embedded in Web pages and determining whether any code on a site is acting maliciously. Chenette's software, called FireShark, creates a map of interconnected websites and highlights potentially malicious content. Every day, the software maps the connections between nearly a million websites and the servers that provide content to those sites. "When you graph multiple sites, you can see their communities of content," Chenette says. While some of the content hubs that connect different communities could be legitimate--such as the servers that provide ads to many different sites--other sources of content could indicate that an attacker is serving up malicious code, he says. According to a study published by Websense, online attackers' use of legitimate sites to spread malicious software has increased 225 percent over the past year.
  • Skeptical Debunker on 11 Mar 10
     
    Over the past couple of years, cybercriminals have increasingly focused on finding ways to inject malicious code into legitimate websites. Typically they've done this by embedding code in an editable part of a page and using this code to serve up harmful content from another part of the Web. But this activity can be difficult to spot because websites also increasingly pull in legitimate content, such as ads, videos, or snippets of code, from outside sites.
anonymous

Why should Penetration Testing be conducted frequently - 0 views

goo.gl/lS5mdf

information informaion security infosec information technology penetration testing pen testing technology tech internet

shared by anonymous on 13 Jan 17 - No Cached
  • anonymous on 13 Jan 17
     
    The popularity of cloud computing and BYOD really brought information security to the forefront. The intruders also got smarter and more intelligent in finding new ways and new loopholes to attack. In order to deal with the future attacks, what a business…
mesbah095

Guest Post Online - 0 views

guestpostonline.com

security assurance web software msia privacy research cryptography identity computer

shared by mesbah095 on 03 Apr 14 - No Cached
  • mesbah095 on 03 Apr 14
     
    Article Writing & Guestpost You Can Join this Site for Your Article & guest post, Just Easy way to join this site & total free Article site. This site article post to totally free Way. Guest Post & Article Post live to Life time only for Current & this time new User. http://guestpostonline.com
Jonas Patrick

Ways to Prevent Identity Theft - 0 views

howprotectmyid.wordpress.com/...ways-to-prevent-identity-theft

theft protection identity prevention protect my id services fraud scam and

shared by Jonas Patrick on 20 Jun 13 - No Cached
  • Jonas Patrick on 20 Jun 13
     
    It is always said that prevention is better than cure. By using KeepmyID, you can save yourself from being a victim. Prevent and protect your ID from theft before it's too late.
Tsudo

Phoenix Labs » PeerGuardian 2 - 0 views

phoenixlabs.org/pg2

security firewall

shared by Tsudo on 17 Jun 09 - Cached
  • Tsudo on 17 Jun 09
     
    Phoenix Labs' premier IP blocker for Windows.Integrates support for multiple lists, list editing, automatic updates, and blocking all of IPv4 (TCP, UDP, ICMP, etc), making it the safest and easiest way to protect your privacy on P2P.
Skeptical Debunker

The Comprehensive National Cybersecurity Initiative | The White House - 0 views

www.whitehouse.gov/...ional-cybersecurity-initiative

President Obama cybersecurity initiative

shared by Skeptical Debunker on 03 Mar 10 - Cached
  • The CNCI consists of a number of mutually reinforcing initiatives with the following major goals designed to help secure the United States in cyberspace: To establish a front line of defense against today’s immediate threats by creating or enhancing shared situational awareness of network vulnerabilities, threats, and events within the Federal Government—and ultimately with state, local, and tribal governments and private sector partners—and the ability to act quickly to reduce our current vulnerabilities and prevent intrusions. To defend against the full spectrum of threats by enhancing U.S. counterintelligence capabilities and increasing the security of the supply chain for key information technologies. To strengthen the future cybersecurity environment by expanding cyber education; coordinating and redirecting research and development efforts across the Federal Government; and working to define and develop strategies to deter hostile or malicious activity in cyberspace.
  • Skeptical Debunker on 03 Mar 10
     
    President Obama has identified cybersecurity as one of the most serious economic and national security challenges we face as a nation, but one that we as a government or as a country are not adequately prepared to counter. Shortly after taking office, the President therefore ordered a thorough review of federal efforts to defend the U.S. information and communications infrastructure and the development of a comprehensive approach to securing America's digital infrastructure. In May 2009, the President accepted the recommendations of the resulting Cyberspace Policy Review, including the selection of an Executive Branch Cybersecurity Coordinator who will have regular access to the President. The Executive Branch was also directed to work closely with all key players in U.S. cybersecurity, including state and local governments and the private sector, to ensure an organized and unified response to future cyber incidents; strengthen public/private partnerships to find technology solutions that ensure U.S. security and prosperity; invest in the cutting-edge research and development necessary for the innovation and discovery to meet the digital challenges of our time; and begin a campaign to promote cybersecurity awareness and digital literacy from our boardrooms to our classrooms and begin to build the digital workforce of the 21st century. Finally, the President directed that these activities be conducted in a way that is consistent with ensuring the privacy rights and civil liberties guaranteed in the Constitution and cherished by all Americans.
Skeptical Debunker

Huge 'botnet' amputated, but criminals reconnect - washingtonpost.com - 0 views

www.washingtonpost.com/...AR2010031003890.html

botnet maleware ZeuS reconnected

shared by Skeptical Debunker on 11 Mar 10 - Cached
  • Skeptical Debunker on 11 Mar 10
     
    "The sudden takedown of an Internet provider thought to be helping spread one of the most promiscuous pieces of malicious software out there appears to have cut off criminals from potentially millions of personal computers under their control. But the victory was short-lived. Less than a day after a service known as "AS Troyak" was unplugged from the Internet, security researchers said Wednesday it apparently had found a way to get back online, and criminals were reconnecting with their unmoored machines. "
Zaid Mark

Fix Error Code 2 - Unable to install applications on your system - 0 views

www.ign.com/...ll-applications-on-your-system

FixErrorCode2 ApplicationsErrors WindowsApps FixPCErrors

shared by Zaid Mark on 02 Oct 13 - No Cached
  • Zaid Mark on 02 Oct 13
     
    If you are failed to install an application, then you are likely to see error code 2 on your system. Luckily, there is a way out of it. You can fix Error code 2 by implementing the solutions provided in the video embedded below
Zaid Mark

How to enable the F8 key to start Safe Mode in Windows 8 - 0 views

christina-a-john.kinja.com/afe-mode-in-windows-1442858081

EnableF8KeyinWindows8 Win8 SafeModeinWindows8

shared by Zaid Mark on 10 Oct 13 - No Cached
  • Zaid Mark on 10 Oct 13
     
    Since Windows 8 does not allow users to boot into safe mode or load advanced Startup options by pressing F8, users are finding it difficult in troubleshoot Windows 8. If you are one out of many people looking for a way to enable Advanced Startup Options using F8 key, you have landed on the right webpage.
Carlos Gomes

Welcome to CAcert.org - 1 views

www.cacert.org/index.php

assurance cryptography msia pki security

shared by Carlos Gomes on 13 Mar 07 - Cached
  • CAcert.org is a community driven, Certificate Authority that issues certificates to the public at large for free. CAcert's goal is to promote awareness and education on computer security through the use of encryption, specifically with the X.509 family of standards. We have compiled a document base that has helpful hints and tips on setting up encryption with common software, and general information about Public Key Infrastructures (PKI). For the enthusiast looking to dip their toe in the water, we have an easy way of obtaining certificates you can use with your email program. You can use these not only to encrypt, but to prove to your friends and family that your email really does come from you. For administrators looking to protect the services they offer, we provide host and wild card certificates which you can issue almost immediately. Not only can you use these to protect websites, but also POP3, SMTP and IMAP connections, to list but a few. Unlike other certificate authorities, we don't limit the strength of the certificates, or the use of wild card certificates. Everyone should have the right to security and to protect their privacy, not just those looking to run ecommerce sites. If you're extremely serious about encryption, you can join CAcert's Assurance Programme and Web of Trust. This allows you to have your identity verified to obtain added benefits, including longer length certificates and the ability to include your name on email certificates. CAcert Inc. is a non-profit association, incorporated in New South Wales Australia.
Skeptical Debunker

Microsoft Recruited Top Notch Guns for Waledac Takedown - CIO.com - Business Technology... - 0 views

www.cio.com/...otch_Guns_for_Waledac_Takedown

Microsoft VeriSign Waledac botnet counterattack

shared by Skeptical Debunker on 25 Feb 10 - Cached
  • Microsoft revealed on Wednesday that it gained a court order that compelled VeriSign, the .com registry, to remove 277 ".com" names from its rolls, effectively cutting off communication between the Waledac's controllers and their infected machines. The legal action is unprecedented at the domain name level, said Andre' M. DiMino, co-founder of The Shadowserver Foundation, a group that tracks botnets and helped take down Waledac. In June 2009, a federal court ordered the shutdown of 3FN, a rogue ISP supplying connectivity to botnets such as Pushdo and Mega-D, but this appears to be the first major action at the domain-name level. "It's definitely pretty groundbreaking," DiMino said. "To disable and disrupt a botnet at this level is really pulling the weed out by the root." But behind the scenes, Microsoft's legal action was just one component of a synchronized campaign to bring down Waledac. Last year, researchers with the University of Mannheim in Germany and Technical University Vienna in Austria published a research paper showing how it was possible to infiltrate and control the Waledec botnet. They had studied Waledac's complicated peer-to-peer communication mechanism. Microsoft -- which was annoyed by Waledec due to its spamming of Hotmail accounts -- contacted those researchers about two weeks ago to see if they could perform their attack for real, according one of the University of Mannheim researchers, who did not want to be identified. "They asked me if there was also a way besides taking down those domains of redirecting the command-and-control traffic," said the Mannheim researcher. Waledac distributes instructions through command-and-control servers that work with a peer-to-peer system. Led by a researcher who did his bachelor thesis on Waledac, the action began early this week. "This was more or less an aggressive form of what we did before," the Mannheim researcher said. "We disrupted the peer-to-peer layer to redirect traffic not to botmaster servers but to our servers." At the same time, Microsoft's legal efforts brought down domain names that were used to send new instructions to drones. The result has been dramatic: Up to 90 percent of the infected machines, which amount to at least 60,000 computers, are now controlled by researchers, half of which are in the U.S. and Europe and the rest scattered around the globe.
  • Skeptical Debunker on 25 Feb 10
     
    Four days ago, top-notch computer security researchers launched an assault on Waledac, a highly sophisticated botnet responsible for spreading spam and malicious software. As of Thursday, more than 60,000 PCs worldwide that have been infected with malicious code are now under the control of researchers, marking the effort one of the most highly successful coordinated against organized cybercrime.
sally pearson

Renewing My Remote Computer Help Subscription - 3 views

My friend recommended ComputerHelpFastOnline - an emerging team of computer savvy tech support professionals - to provide computer help for my business. Thank God I heeded his words because since I...

computer help

started by sally pearson on 06 Jun 11 no follow-up yet
1 - 16 of 16
Showing 20 items per page