The recently unveiled flaw in SSH reiterates the idea that, no matter how good the technology, it will eventually fail from a whole host of threats. In this case, the implementation flaw occurred in a software product that had been previously “proven secure”. Real world implementations are more complex than security models, and other mitigations must be in place when a design does finally [...]
|
|||||
|
Last week, Adobe confirmed the vulnerability of most of it’s Acrobat product line, including Reader, Standard and Professional on all operating systems and every nearly every released version from 3-9. The ubiquitous nature of the PDF format, deployed footprint of Acrobat and the nature of the exploit create a catastrophic set of circumstances. Looking carefully may reveal related hidden problems lurking in your infrastructure. These problems are not unique to this specific software, and the lessons learned should carry over to handling of private and mission-critical [...] Credit card payment processor Heartland Payment Systems announced this week that hundreds of millions of credit card transactions were stolen last year. This latest hack far eclipsed the 45 Million TJX Companies records lost from 2004-2007. The stolen data includes names, credit/debit card numbers and expiration [...] Hewlett Packard confirmed Wednesday Securina’s disclosure that vulnerabilities exist within every version of HP OpenView Network Node Manager prior to 7.51. With the wide deployment of OpenView and controlled assets typically at critical infrastructure points, this constitutes a high profile risk for most corporations. If you need a way into the heart of a corporations back office, finding one of these services would definitely [...] Max Butler wasn’t happy simply stealing private data such as credit card and social security numbers, running up credit cards and selling the merchandise on eBay. He wanted the trading markets where this information was bought and [...] As the differentiators between new products trend to zero, two topics (counterfeiting/open source hardware) point to the real value hidden within businesses. Coaxing this gem into use will ultimately determine which companies thrive and which will wither into [...] Not sure if anyone will be out there, but please check out the Hackers on Planet Earth conference site. My talk is Saturday at 2:00PM in the Engressia room. Hopefully I’ll have a link to a paper on the topic by then. The presentation synopsis follows: Pseudonymization Methodologies: Personal Liberty vs. the Greater Good Have you ever visited archive.org or used their Way Back machine? It’s a catalog of the Internet, and in my opinion one of the most ambitious projects undertaken. The privacy and persistence of the Internet, as evidenced by the Way Back Machine will have long term effects on the way legislation and the judicial system treat [...] Eveyone’s either watched or at least heard of CSI – Crime Scene Investigation. With the spin-offs, there are three out of five nights a week in Prime Time where you may learn about trace evidence, bullet trajectories, and splatter patterns. It’s been such a phenomenon that Criminal Justice is the most popular/fastest growing new major in colleges. One thing that comes up every now and again on the show surrounds evidence and collection; someone kicks a gun out of position, forgets to wear gloves while picking something up, or there was a fire due to someone’s carelessness. During the trial, while [...] |
 |
||||
|
|
|||||
