Skip to main content

Home/ Groups/ Information Security
Rss Feed
Sort By: Most Recent | Popular Filter: All | Bookmarks | Topics Simple Middle
Rich Hintz

HITECH Act Enforcement Interim Final Rule - 0 views

www.hhs.gov/...hitechenforcementifr.html

hipaa security

shared by Rich Hintz on 16 Mar 10 - Cached
  • Rich Hintz on 16 Mar 10
     
    HITECH HIPAA
Seçkin Anıl Ünlü

Plugging the CSS History Leak at Mozilla Security Blog - 0 views

blog.mozilla.com/...plugging-the-css-history-leak

security web history mozilla online browsers privacy bugfix

shared by Seçkin Anıl Ünlü on 17 Apr 10 - Cached
  • History Sniffing
  • Links can look different on web sites based on whether or not you’ve visited the page they reference.
  • The problem is that appearance can be detected by the page showing you links, cluing the page into which of the presented pages you’ve been to. The result: not only can you see where you’ve been, but so can the web site!
  • ...18 more annotations...
  • The most obvious fix is to disable different styles for visited versus unvisted links, but this would be employed at the expense of utility: while sites can no longer figure out which links you’ve clicked, neither can you.
  • David Baron has implemented a way to help keep users’ data private while minimizing the effect on the web, and we are deploying it to protect our users.
  • The biggest threats here are the high-bandwidth techniques, or those that extract lots of information from users’ browsers quickly.
  • The JavaScript function getComputedStyle() and its related functions are fast and can be used to guess visitedness at hundreds of thousands of links per minute.
  • we’re approaching the way we style links in three fairly subtle ways:
  • Change 1: Layout-Based Attacks
  • First of all, we’re limiting what types of styling can be done to visited links to differentiate them from unvisited links.
  • can only be different in color
  • the CSS 2.1 specification takes into consideration how visited links can be abused:
  • implement other measures to preserve the user’s privacy while rendering visited and unvisited links differently
  • Change 2: Some Timing Attacks
  • we are changing some of the guts of our layout engine to provide a fairly uniform flow of execution to minimize differences in layout time for visited and unvisited links.
  • when the link is styled, the appropriate set of styles is chosen making the code paths for visited and unvisited links essentially the same length.
  • Change 3: Computed Style Attacks
  • JavaScript is not going to have access to the same style data it used to.
  • Firefox will give it unvisited style values.
  • it’s the right trade-off to be sure we protect our users’ privacy.
  • fixing CSS history sniffing will not block all of these leaks. But we believe it’s important to stop the scariest, most effective history attacks any way we can since it will be a big win for users’ privacy.
Rich Hintz

Download PDF Password Remover 3.0 Free Trial - The PDF Password Remover can be used to ... - 0 views

www.softpedia.com/...PDF-Password-Remover.shtml

decrypt pdf software utilities security

shared by Rich Hintz on 27 Oct 08 - Cached
  • PDF Password Remover
  • Rich Hintz on 27 Oct 08
     
    decrypt protected Adobe Acrobat PDF files, which have "owner" password set, preventing the file from editing (changing), printing, selecting text and graphics (and copying them into the Clipboard), or adding/changing annotations and form fields. Decryption is being done instantly. Decrypted file can be opened in any PDF viewer (e.g. Adobe Acrobat Reader) without any restrictions -- i.e. with edit/copy/print functions enabled. All versions of Adobe Acrobat (including 7.x, which features 128-bit encryption) are supported.
Carlos Gomes

DRM-roll for consumer privacy protection - Network World - 0 views

www.networkworld.com/...0724sec2.html

assurance copyrights drm intellectual-property misa security

shared by Carlos Gomes on 13 Mar 07 - Cached
  • Through DRM technologies, consumers engaging in electronic commerce could grant vendors and suppliers a license to access and utilize certain aspects of the consumers’ data. This would enable a consumer to grant a read/write license to some creditors, perhaps as a function of a mortgage agreement, and provide a read-only license to a limited subset of the data for simple transactions such as shipping agreements and online orders. Such a license would empower consumers to prevent entities from misusing or reselling consumer information.
Carlos Gomes

OpenTC and Trusted Computing at the IBM Zurich Research lab - 0 views

www.trl.ibm.com/...TC_Outlook-v02.pdf

assurance opentc research security trusted-computing

shared by Carlos Gomes on 13 Mar 07 - No Cached
  • Carlos Gomes on 13 Mar 07
     

Carlos Gomes

IT Controls: How and Where Do You Start? - 0 views

www.itsmwatch.com/...3505171

assurance controls itil msia quotes security

shared by Carlos Gomes on 13 Mar 07 - Cached
  • As Stephen Katz, former CISO of Citibank, once said, "Controls don't slow the business down; like brakes on a car, controls allow you to go faster."
Rich Hintz

Infoblox Network Identity Appliances - DNS, DHCP, RADIUS - 0 views

www.infoblox.com/

authentication dhcp dns network radius

shared by Rich Hintz on 27 Oct 08 - Cached
  • Rich Hintz on 27 Oct 08
     
    appliances provide the essential foundation for identity-driven networks (IDNs), delivering reliable, scalable, and secure network identity services including DNS, DHCP, IPAM, and RADIUS.
Carlos Gomes

myNetWatchman - Network Intrusion Detection and Reporting - 0 views

www.mynetwatchman.com/faq.asp

assurance log loganalysis msia security

shared by Carlos Gomes on 13 Mar 07 - Cached
  • Q: What is myNetWatchman? A: myNetWatchman collects, analyzes and reports malicious access attempts to ISPs, who can then take action against the offending machines. [Back to top] Q: How does it work? A: A small client-side application runs as a background application on your system; reading your firewall logs, and creating near-real-time reports that are relayed to the myNetwatchman servers for analysis. [Back to top]
Carlos Gomes

http://theory.lcs.mit.edu/~rivest/ducttape.txt - 0 views

theory.lcs.mit.edu/...ducttape.txt

assurance cryptography msia quotes security

shared by Carlos Gomes on 13 Mar 07 - Cached
  • Carlos Gomes on 13 Mar 07
     

‹ Previous 21 - 40 Next › Last »
Showing 20 items per page