Security Bloggers Network
ICANN blog
TeamSHATTER
Cryptography News
Ms. Smith
SANS Internet Storm Center, InfoCON: green
May 2013
Search
2013.04.29
Monitoring? We Don't Need No Stinkin' Monitoring...
Interesting commentary by Adrian Lane, Analyst and CTO of Securosis, writing at DarkReading, and targeting the truncated utilization of DAM, the acronym for Database Activity Monitoring. In this case, the widespread lack of proper deployment and implementation of the query blocking mechanisms inherent to nearly all DAM products.
Coupled with the apparent lack of core competency in the DAM arena, clients of the software manufacturers flogging theses products are probably also deficient in at least three other fundamental aspects of DBMS security activity monitoring products: [1] Education / Training within the scope of the products, [2] Scrutiny of the Monitoring Log Output, and [3] probably the key to everything - the ability to read SQL statements.
2013.04.26
Non Sequitur, Laws
via the superbly sarcastic cartoon genius of Wiley Miller at Non Sequitur.
NCCoE's First FFRDC
The National Institute of Standards and Technology's (NIST) National Cybersecurity Center of Excellence (NCCoE) within the mandated scope of the Center's efforts to address industry's needs, has announced its intention to sponsor the first Federally Funded Research and Development Center (FFRDC) dedicated to the Center's work. Outstanding.
2013.04.25
Non Sequitor, Global Warming...
via the brilliant comic genius of Wiley Miller at Non Sequitor.
Was Aurora Really Counter-Intel?
The lastest scuttlebutt points to the recent, so-called 'Aurora' electronic network attacks as counter-intelligence . Really? You be the judge.
2013.04.24
Mailbox, The Fail
via 925Mac, and discovered by Subhransu Behera, comes news of a data security failure in the Mailbox Apple Inc. (NasdaqGS: AAPL) iOS application, recently purchased by Dropbox (also not known for their attention to detail in the security arena). The exploit revealed by Behera requires physical access to the device.
Google Fined, Ordered To Cough Up €145K
Reported by Bloomberg's Karin Matusek and edited by Anthony Aarons comes this well-wrought screed focusing on the recent targeted Bundesrepublik Deutschland fine of Google Inc. (NasdaqGS: GOOG), due to privacy violation in the European Union. The key issue here - other than the obvious egregious criminal privacy infractions - is the unbelievably low sum the search leviathan has been ordered to cough up. As it were...
Zemanta, The Accidental XSS
via Trustwave Holdings, Inc.'s SpiderLabs blogger Ryan Barnett comes this indication [as well as a short primer on Portswigger's Burp Suite analysis, thereof] as to why the utilization of Zemanta [a related posts cross indexer] is fraught with dangers, both known and unknown.
Nipponese National Police Agency Targets Tor
News, of attempts to terminate TOR, by the Nipponese National Police Agency (NPA)... An effort, only more astounding, in it's sheer stupidity.
'Tor was originally designed, implemented, and deployed as a third-generation onion routing project of the U.S. Naval Research Laboratory. It was originally developed with the US Navy in mind, for the primary purpose of protecting government communications. Today, it is used every day for a wide variety of purposes by normal people, the military, journalists, law enforcement officers, activists, and many others...' - via the Tor Project
䷗ ䷂ 𝌋
2013.04.23
Difference(s)
Evidently, the exceedingly small difference between being homeless and a hipster...
Banks Protest: US Has Too Much of Our Datums
Evidently, the Federal Consumer Financial Protection Bureau [The Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 created the CFPB, additionally, President Obama appointed Richard Cordray as the first Director of the CFPB, during the month of January 2012] is requesting records from various (and in this case - sundry) financial organizations, banks, credit bureaus, et cetera) in a bid ot leverage data analytics for contemplated enforcement actions. Further, the financial organizations mentioned, are, how shall we say - pushing back...
Conservateur Échec de la Journée
Meanwhile, in the seemingly neverending and langorous tale of less than competent curatorial acumen, the Google Inc. (NasdaqGS: GOOG) Google Play store is serving up not-so-playful malware, evidently, to the tune of over 9 million downloads. Tout simplement incroyable...
2013.04.22
Starbucks' Subsidiary 'Teavana' Breach Reported
News, via the inimitable Brian Krebs, at Krebs On Security, of a nationwide, and apparently large(ish) data security breach at a Starbucks Corporation (NasdaqGS: SBUX) subsidiary - monikered Teavana - Starbucks Corporation reportedly tendered $620 million in cash to purchase Teavana Holdings Inc in late 2012. Starbucks Corporation, is evidently declining to confirm a breach at the recently purchased subsidiary. Notwithstanding this misguided reticence [on part of the corporation] if Brian Krebs is reporting it, there is a strong foundation for the security incident to be true, and accurate.
Wysopal: Federal Data Security Competency Questioned
Chris Wysopal's (Co-Founder, Chief Technology Officer / Chief Information Security Officer of Veracode) scathing analysis of data security failures within the United States Federal Governement, channelled via ZeroDay. Astonishing, and today's MustRead.
2013.04.20
'Is there a flaw? Well, yeah. It’s complicated...'
Image: oclHashcatplus
via AgileBits blogger Jeff, comes this well written explanatory post, detailing the recent news of Hashcat's capability to crack (as it were) 1Password Master Passwords, and the fallout, thereof. Our advice: Craft a well-built, complex master password when utilziing any password managment facility. That is All.
