Search results for: zero trust

Checklist to accelerate your software security efforts

In recent years, Software-as-a-Service (SaaS) has emerged as a viable application delivery method, and most enterprises are now including some SaaS software in their portfolios. SaaS saves IT infrastructure and maintenance costs, not to mention the hassle of initial deployment, integration and customization common with licensed software. Organizational functions such as sales, marketing, customer service, HR and others may request to subscribe to hosted software. If you have concerns around the security of cloud computing, … More

Week in review: Aurora malware, cyber war games and 0-day vulnerabilities for sale

Here’s an overview of some of last week’s most interesting news and articles: Biggest Chinese hacker training site taken down Black Hawk Safety Net, which offered attacking programs and malicious software to its subscribers, has been shut down by the police. Sensitive information retrieved from P2P networks Security researchers demonstrated the amazing variety of sensitive information that people send out out over peer-to-peer networks. Zero-day vulnerabilities on the market Zero-day vulnerabilities have become prized possessions … More

Top 10 information security threats for 2010

“The start of a new year is a great time for companies to evaluate their information security practices and begin thinking about what threats they’ll be facing in the coming year,” said Kevin Prince, CTO, Perimeter E-Security. “As these security threats are becoming more serious and difficult to detect, it is vital for companies to understand what they can do to best protect their systems and information. Top 10 information security threats for 2010 according … More

Malware in rich media and content

Cybercriminals most commonly used PDF and Shockwave Flash rich-media formats during the first half of 2009. In their State of the Internet 2009 report, CA discusses how exploited PDFs were first used for targeted attacks and adopted by organized cybercriminals for massive distribution of malware infection. These attackers implemented server-side automation to evade security scanner detection, and as a result, a malicious server generates a new file per request. Attackers also misused Shockwave Flash files … More

Latest 0-day Internet Explorer exploit

A new exploit made public by an unknown individual on the BugTraq mailing list on Friday could be soon used for attacking unsuspecting surfers that use Internet Explorer 6 and 7. The two versions of the browser are used by 40% of Internet users. The code was tested by Symantec and is currently detected with the Bloodhound.Exploit.129 antivirus signature. Symantec says that the code doesn’t always work as intended, but that it is likely it … More

Zero-day vulnerabilities in Firefox extensions discovered

One of the reasons behind Firefox’s popularity is the availability of a vast library of extensions. Users use them to modify the browser to their liking and make their browsing experience easier and more pleasant. The problem is, unbeknown to them, these extensions are exposing them to risk. At the SecurityByte & OWASP AppSec Conference in India, Roberto Suggi Liverani and Nick Freeman, security consultants with security-assessment.com, offered insight into the substantial danger posed by … More

Snow Leopard 10.6.2 updates security

The 10.6.2 update is recommended for Mac OS X 10.6 Snow Leopard users and includes general operating system fixes that enhance the stability, compatibility, and security of your Mac. AFP Client Multiple memory corruption issues exist in AFP Client. Connecting to a malicious AFP Server may cause an unexpected system termination or arbitrary code execution with system privileges. This update addresses the issues through improved bounds checking. These issues do not affect Mac OS X … More

Q&A: Penetration testing

Thomas Wilhelm is an associate professor at Colorado Technical University and also employed at a Fortune 20 company performing penetration testing and risk assessments and has spent over 15 years in the Information System career field. In this interview he discusses the interesting world of penetration testing as well as his latest book – Professional Penetration Testing: Creating and Operating a Formal Hacking Lab. Many entering the field of computer security are fascinated with the … More

Q&A: The Kantara Initiative and the global identity landscape

Roger Sullivan serves as president of the Kantara Initiative Board of Trustees and president of the Liberty Alliance Management Board. He is vice president, Oracle Identity Management where most of his time is spent with Oracle’s premier customers. In this interview he discusses the Kantara Initiative in detail. How was the idea born and what’s the main goal of the Kantara Initiative? The launch of Kantara Initiative comes after more than a year of planning … More

Secure Web applications with zero footprint

Mykonos Software released a new version of their flagship product Mykonos. Version 1.2 contains significant new enhancements that help extend enterprise security measures to the AJAX client. The application addresses the gap between server-side authorization, access control, and logging solutions, and a full client-side presentation layer that rarely refreshes a Web page. Key new security features include: User-based Access Control Developers can apply access control rules from existing Web Access Management solutions directly to the … More

Kantara Initiative reshapes global identity landscape

Members of the global identity and Internet communities today announced the launch of Kantara Initiative, a new global organization formed to bridge enterprise, Web 2.0 and Web-based identity initiatives. The initiative has been founded by the Concordia Project, Data Portability Project, Information Card Foundation, Internet Society, Liberty Alliance, OpenLiberty.org and XDI.org to collaborate on eliminating the “walled gardens” that exist in the global identity sector. With zero barriers to participation and founding principles based on … More

A long list of Safari 4.0 security fixes

Apple has released Safari 4.0, the latest version of its popular web browser. Besides all the new functionalities, this release includes a long list of security fixes. Details on the security issues can be found below. CFNetwork CVE-ID: CVE-2009-1704 Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.7, Mac OS X Server v10.5.7, Windows XP or Vista Impact: Downloaded image files may be misidentified as HTML, leading to JavaScript … More