Bookmark
Schneier on Security: A Revised Taxonomy of Social Networking Data
www.schneier.com/blog/archives/2010/08/a_taxonomy_of_s_1.html, posted 2010 by peter in privacy security social toread
Lately I've been reading about user security and privacy -- control, really -- on social networking sites. The issues are hard and the solutions harder, but I'm seeing a lot of confusion in even forming the questions. Social networking sites deal with several different types of user data, and it's essential to separate them.
Below is my taxonomy of social networking data, which I first presented at the Internet Governance Forum meeting last November, and again -- revised -- at an OECD workshop on the role of Internet intermediaries in June.
Bookmark
A hidden world, growing beyond control | washingtonpost.com
projects.washingtonpost.com/top-secret-america/articles/a-hidden-world-growing-beyond-control/, posted 2010 by peter in privacy security toread usa
The top-secret world the government created in response to the terrorist attacks of Sept. 11, 2001, has become so large, so unwieldy and so secretive that no one knows how much money it costs, how many people it employs, how many programs exist within it or exactly how many agencies do the same work.
Bookmark
Drowning Doesn’t Look Like Drowning
gcaptain.com/maritime/blog/drowning/?10981, posted 2010 by peter in health reference security
How did this captain know, from fifty feet away, what the father couldn’t recognize from just ten? Drowning is not the violent, splashing, call for help that most people expect. The captain was trained to recognize drowning by experts and years of experience. The father, on the other hand, had learned what drowning looks like by watching television. [...]
The Instinctive Drowning Response – so named by Francesco A. Pia, Ph.D.,
is what people do to avoid actual or perceived suffocation in the water.
And it does not look like most people expect.
There is very little splashing, no waving, and no yelling or calls for help of any kind.
Bookmark
StartCom Free SSL Certification Authority
cert.startcom.org/, posted 2010 by peter in development free privacy security
Security and encryption is getting ever more important in today's computer networks, being it SSL secured web sites, encryption of data or mail, secure logon to mention just a few. But security is expensive, right? Not anymore....
StartCom, the vendor and distributor of StartCom Linux Operating Systems, also operates MediaHost™, a hosting company, which offered its clients, SSL secured web sites with certificates signed by StartCom for many years. That's where the idea originated: Free SSL certificates!
Bookmark
skipfish - Project Hosting on Google Code
code.google.com/p/skipfish/, posted 2010 by peter in free security software testing
Skipfish is an active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursive crawl and dictionary-based probes. The resulting map is then annotated with the output from a number of active (but hopefully non-disruptive) security checks. The final report generated by the tool is meant to serve as a foundation for professional web application security assessments.
Bookmark
German court orders wireless passwords for all - Security- msnbc.com
www.msnbc.msn.com/id/37107291/ns/technology_and_science-security/, posted 2010 by peter in dinosaurism eu fascism politics security wifi
Germany's top criminal court ruled Wednesday that Internet users need to secure their private wireless connections by password to prevent unauthorized people from using their Web access to illegally download data.
Internet users can be fined up to euro100 ($126) if a third party takes advantage of their unprotected WLAN connection to illegally download music or other files, the Karlsruhe-based court said in its verdict.
Bookmark
Web Application Exploits and Defenses [Jarlsberg, a deliberately insecure web app]
jarlsberg.appspot.com/, posted 2010 by peter in development google security testing toread
This codelab is built around Jarlsberg /yärlz'·bərg/, a small, cheesy web application that allows its users to publish snippets of text and store assorted files. "Unfortunately," Jarlsberg has multiple security bugs ranging from cross-site scripting and cross-site request forgery, to information disclosure, denial of service, and remote code execution. The goal of this codelab is to guide you through discovering some of these bugs and learning ways to fix them both in Jarlsberg and in general.
The codelab is organized by types of vulnerabilities. In each section, you'll find a brief description of a vulnerability and a task to find an instance of that vulnerability in Jarlsberg. Your job is to play the role of a malicious hacker and find and exploit the security bugs. In this codelab, you'll use both black-box hacking and white-box hacking.
Bookmark
BackTrack Linux
www.backtrack-linux.org/, posted 2010 by peter in free linux security software testing wifi wireless
Welcome to backtrack-linux.org, the highest rated and acclaimed Linux security distribution to date. BackTrack is a Linux-based penetration testing arsenal that aids security professionals in the ability to perform assessments in a purely native environment dedicated to hacking. Regardless if you’re making BackTrack your primary operating system, booting from a LiveDVD, or using your favorite thumbdrive, BackTrack has been customized down to every package, kernel configuration, script and patch solely for the purpose of the penetration tester.
Bookmark
Fake Anti-virus Peddlers Outmaneuvering Legitimate AV — Krebs on Security
krebsonsecurity.com/2010/04/fake-anti-virus-peddlers-outmaneuvering-legitimate-av/, posted 2010 by peter in scam security windows
In a report being released today, Google said that between January 2009 and the end of January 2010, its malware detection infrastructure found some 11,000 malicious or hacked Web pages that attempted to foist fake anti-virus on visitors. The search giant discovered that as 2009 wore on, scareware peddlers dramatically increased both the number of unique strains of malware designed to install fake anti-virus as well as the frequency with which they deployed hacked or malicious sites set up to force the software on visitors.
Fake anti-virus attacks use misleading pop-ups and videos to scare users into thinking their computers are infected and offer a free download to scan for malware. [...] Worse still, fake anti-virus programs frequently are bundled with other malware. What’s more, victims end up handing their credit or debit card information over to the people most likely to defraud them.
Now can we agree that "anti-virus" programs are a bad idea?
Bookmark
mod_qos
mod-qos.sourceforge.net/, posted 2010 by peter in apache development networking security toread
In computer networking, the term quality of services (QoS) describes resource management rather than the quality of a service. Quality of services implements control mechanism to provide different priority to different users, applications, and data connections. It is used to guarantee a certain level of performance to data resources. The term quality of service is often used in the field of wide area network protocols (e.g. ATM) and telephony (e.g. VoIP) but rarely in conjunction with web applications. mod_qos is a quality of service module for the Apache web server implementing control mechanisms that can provide different priority to different HTTP requests.
|< First < Previous 127–136 (222) Next > Last >|