Some stats about Web Application vulnerabilities from White Hat Security. Around 30 percent of Websites are likely to contain content spoofing bugs 18 percent, insufficient authorization 17 percent, SQL injection 14 percent, predictable resource location 11 percent, session fixation 11 percent, cross-site request forgery (CSRF) 10 percent, insufficient authentication 9 percent, HTTP response-splitting flaws To [...]
Ok, so ATMs are computing devices and ergo they’re vulnerable to attack. Why is this attack interesting? Why is it worth a post? Well, let’s start here: “This is not something the average hacker on the street would have access to,” he adds. “They need physical access to the ATM — they need to have [...]
Tagged ATMs, Information SecurityWell, I can’t say I agree entirely with this strip. The common sense and experience of one developer isn’t equivalent to a solid risk management system, but it’s still funny. The reality is that you can’t get an objective, comprehensive view from the biased perspectives of individuals. Knowing that you yourself are a biased individual [...]
Here’s a post over at the nCircle blog about the Coleman campaign and a leak of donor data, including credit card information.
Tagged normcoleman, pci, politicsA while back I wrote a post on the subtle homogenization of privacy. The point was that social networking isn’t eroding privacy, but homogenizing it. And here’s an example of how this can become problematic. This police officer drew a mental analogy of facebook status to locker room talk. “You have your Internet persona, and [...]
Survey: Most Oracle Shops Don’t Mandate Security Patches Heads up criminals with technical skills: Oracle products are wide open in most places! While 32% of these survey respondents are doing their cost-benefit analysis on patching their Oracle DBs, you could be stealing their data. A full 11% haven’t ever installed an Oracle patch. So get [...]
Tagged database, oracle, patching, securityTight economy, everyone struggling, no budget, more work, etc etc. Here are six tips for doing more with less in information security. This list really should be called “six things you should have been doing all along that tough economic times remind you about,” but that’s not a very catchy title. This list makes me [...]