General
From the Web
HTTP Strict Transport Security
October 06, 2010 from: Mozilla Security Blog
A while ago, we talked about Force-TLS that lets sites say “hey, only access me over HTTPS in the future” and the browser listens. Well, this idea has been solidifed into a draft spec for HTTP Strict Transport Security (HSTS) and we’ve landed support for it into our source tree. This means that HSTS will be shipped with Firefox 4, and will be deployed as soon as the next beta release.
Comments (0)
From the Web
Prior Knowledge Of Users Cert Warning Behavior
September 02, 2010 from: Rsnake's blog at ha.ckers.org
One of the issues Josh and I talked about at Blackhat was how the SSL certificate warning message can be used to gain information about a user’s behavior and how that can be used against the user. Let’s say a man in the middle causes an error via proxying a well-known owner/subsidiary.
Comments (0)
From the Web
Some Possible Insights into Geo-Economics of Security
July 21, 2010 from: Rsnake's blog at ha.ckers.org
Buying a certificate to allow for transport security is a good idea if you’re worried about man in the middle attacks. But when you’re in another country where the cost of running your website is a significant investment compared to the United States, suddenly the fees associated with the risks are totally lopsided...
Comments (0)
From the Web
Analyst Study Shows Employees Continue to Put Data at Risk
March 10, 2010 from: Office of Inadequate Security
...the results from the annual "Human Factor in Laptop Encryption" study performed by Absolute Software and the Ponemon Institute reveal some very interesting metrics about the use/adoption of encryption software and the risk posed to businesses from the loss of unencrypted media.
Comments (1)
From the Web
Taken to the Cleaners
January 20, 2010 from: Office of Inadequate Security
Earlier this month, CSO reported on a worldwide recall on several hardware-encrypted USB sticks from multiple vendors because they contain a flaw which could allow hackers to easily gain access to the sensitive information contained on the device. With the quality of security questionable in many USB drives, it would stand to reason that losing any stick carrying sensitive information now carries ...
Comments (0)
From the Web
Code That Protects Most Cellphone Calls Is Divulged
December 28, 2009 from: Office of Inadequate Security
A German computer engineer said Monday that he had deciphered and published the secret code used to encrypt most of the world’s digital mobile phone calls, in what he called an attempt to expose weaknesses in the security of the world’s wireless systems.
Comments (0)
From the Web
Highmark changes it procedures in wake of BCBS breach
October 07, 2009 from: Office of Inadequate Security
that their Social Security numbers or tax ID numbers were on the stolen laptop containing their unencrypted data. A BCBS employee had reportedly breached policy by downloading the unencrypted database to a personal computer that was later stolen from the employee’s vehicle.
Comments (0)
From the Web
Royal Bank glitch allowed Visa customers to view others’ transactions
October 03, 2009 from: Office of Inadequate Security
The Royal Bank says it has fixed a computer security glitch that allowed some of its West Coast Visa customers to view transactions made by other cardholders.
Comments (0)
From the Web
Digital Direct reports breach
September 05, 2009 from: Office of Inadequate Security
Chris Cooper of Bloomberg.com reports that Digital Direct, Inc., a unit of Mitsubishi Corp., had a breach of their e-commerce web site that resulted in the compromise of 52,000 customers’ credit card numbers.
Comments (0)
From the Web
TJX settles banks’ lawsuit
September 02, 2009 from: Office of Inadequate Security
The Associated Press reports that TJX has settled TJX said it has paid $525,000 to settle claims by some banks about costs they incurred as a result of the retailer’s massive data breach. Other banks — AmeriFirst Bank, HarborOne Credit Union, SELCO Community Cre...
Comments (0)
From the Web
U. Vermont announces credit card breach
September 02, 2009 from: Office of Inadequate Security
Unversity of Vermont recently discovered that the security of up to 242 university-funded credit cards has been compromised. Ann Naylor of UVM Procurement services said in a statement that UVM is unaware of how the breach occured.
Comments (0)
From the Web
Biggest Breaches of 2009
August 28, 2009 from: Office of Inadequate Security
Linda McGlasson of BankInfoSecurity.com provides an analysis and commentary, based on ITRC’s statistics for this year.
Comments (0)
From the Web
Gonzalez pleads guilty, sentenced to 15-25 years
August 28, 2009 from: Office of Inadequate Security
Under a plea agreement with federal prosecutors filed in Boston on Friday, Albert Gonzalez would serve a sentence of 15 to 25 years after pleading guilty to a 19-count indictment. He would also forfeit some $2.8 million in cash, a Miami condo, a car and expensive frakelry.
Comments (0)
From the Web
School district hiding behind a criminal investigation - parent
August 26, 2009 from: Office of Inadequate Security
On the principle of “no good deed goes unpunished,” some of those who have discovered and reported breaches have been terminated or prosecuted for their actions...
Comments (0)
From the Web
Google Safe-Browsing and Chrome Privacy Leak
August 24, 2009 from: Rsnake's blog at ha.ckers.org
Some more advice from Robert "RSnake" Hansen on why you shoulld be careful if using Google's Chrome browser.
Comments (0)
From the Web
‘One Tree Hill’ actor admits role in ID scam
August 21, 2009 from: Office of Inadequate Security
Actor Antwon Tanner, a regular on the popular teen drama “One Tree Hill,” faces up to 10 years in jail after pleading guilty in Brooklyn federal court today to illegally selling Social Security numbers for $10,000.
Comments (0)
- University of Arizona Researchers Going on Offense and Defense in Battle Against Hackers
- Securing the Internet of Things (IoT) in Today's Connected Society
- What Is Next Generation SIEM? 8 Things to Look For
- Cybersecurity and Online Trading: An Overview
- Artificial Intelligence: The Next Frontier in Information Security
- Five Main Differences between SIEM and UEBA
- For Cybersecurity, It’s That Time of the Year Again
- Myth Busters: How to Securely Migrate to the Cloud
- Microsoft Makes OneDrive Personal Vault Available Worldwide
- Human-Centered Security: What It Means for Your Organization