Problem is whatever you upload to Facebook should be considered as exposed/compromised even if you set your privacy settings otherwise. You just know sooner or later another Facebook screw up will occur and information meant to remain private will be made public.
Like you said it should be part of a defence in depth strategy. Good secure coding practices are fundamental and a must but you can't rely on that alone. Deadlines get tight, people/QA get sloppy. Also sometimes you have no choice but to rely on 3rd party applications and who knows how these were developed (what is powering forums at connectusers.com? Site is offline at this time).
Even with a layered approach, bypassing any security mechanism is still possible but you should keep at least the less skilled attackers out.
A Web Application Firewall will inspect layer 7 traffic and can provide some protection against layer 7 attacks such as SQL injections. They act more like Intrusion Detection/Prevention Systems rather than traditional network firewalls.
Looks like Tavis did not too took it too well and has been since going after Sophos products.His tone in the latest paper is simply a reflection of the feud between the two.
Quantum computing threatens only public key crypto, secret key crypto is not affected. So how do you solve the key distribution problem if traditional algorithms are insecure? Either you use quantum key distribution or you base your public key crypto on a mathematical problem not affected by quantum computing.
In any case fundamentals of cryptography should be the least of your concerns as vulnerabilities are usually found in the implementation and usage.
It's all about security theatre. Airport passenger screening is setup in a way to reduce fear within the general population instead of actual risks. Improving software security will not enhance the feeling of security in your average citizen.
Exactly, complaining about spoofing of an SMS orginator phone number from iPhone is similar to complaining about spoofing of the "From" field of an email address.
I hate the word with a passion when used in this context but what alternative would you use? It has to be a single word or an expression that describes it all - Computer Security, Information Security, Network Security etc...
Its also in the best interest of those who launched the suits to keep everything low profile until past IPO day. This way larger initial amount raised -> higher potential payout if they win/settle.
Slashdot Mirror
Add also Casino cheats. Won't be long before someone implements ball tracking which will enable you to beat the odds at Roulette.
At least one lawyer successfully sued Apple and got compensated when his previous toy got stolen. Why take responsibility for your actions when you can blame someone else?
Many share their good and bad interview experiences with {Google, FB, MS, Apple etc} on a daily base. Why is this one getting any extra attention?
I'm not great at networking knowledge, but if you simply redirect to a new IP, is the site really defaced?
From the end user perspective, site may appear as defaced but the actual web page at {Google, MS,....} is not defaced.
He certainly has a history of uncovering exploits. Here are his youtube videos: http://www.youtube.com/user/longrifle0x
Notice the comment section was disabled on all his video. He certainly does not like having his crap exposed publicly.
Clavis
Problem is whatever you upload to Facebook should be considered as exposed/compromised even if you set your privacy settings otherwise. You just know sooner or later another Facebook screw up will occur and information meant to remain private will be made public.
Like you said it should be part of a defence in depth strategy. Good secure coding practices are fundamental and a must but you can't rely on that alone. Deadlines get tight, people/QA get sloppy. Also sometimes you have no choice but to rely on 3rd party applications and who knows how these were developed (what is powering forums at connectusers.com? Site is offline at this time).
Even with a layered approach, bypassing any security mechanism is still possible but you should keep at least the less skilled attackers out.
A Web Application Firewall will inspect layer 7 traffic and can provide some protection against layer 7 attacks such as SQL injections. They act more like Intrusion Detection/Prevention Systems rather than traditional network firewalls.
Don't be too vag next time.
About two years ago Sophos was highly critical of the way Tavis disclosed a high profile vulnerability in Windows calling it irresponsible.
http://nakedsecurity.sophos.com/2010/06/11/google-engineer-act-irresponsibly-microsoft-zeroday-disclosure/
Looks like Tavis did not too took it too well and has been since going after Sophos products.His tone in the latest paper is simply a reflection of the feud between the two.
Outsourcing is popular these days.
holding the robot suspended in the air? Is that the power supply or this bot can't hold its weight/stability?
Just remember, any liquid you may discharge in the process is subject to additional screening.
Quantum computing threatens only public key crypto, secret key crypto is not affected. So how do you solve the key distribution problem if traditional algorithms are insecure? Either you use quantum key distribution or you base your public key crypto on a mathematical problem not affected by quantum computing.
In any case fundamentals of cryptography should be the least of your concerns as vulnerabilities are usually found in the implementation and usage.
It's all about security theatre. Airport passenger screening is setup in a way to reduce fear within the general population instead of actual risks. Improving software security will not enhance the feeling of security in your average citizen.
Exactly, complaining about spoofing of an SMS orginator phone number from iPhone is similar to complaining about spoofing of the "From" field of an email address.
iPhone is the most vulnerable phone out there. We hope all criminals will now use it.
Depends on your assets. As we saw with stuxnet, compromising integrity of systems was the primary objective.
An ID management provider does a survey designed to promote identity management. Why should I trust them?
Stop calling it "cyber".
I hate the word with a passion when used in this context but what alternative would you use? It has to be a single word or an expression that describes it all - Computer Security, Information Security, Network Security etc...
I thank Google for their concern of users' right
But I wonder, what if the US Government decides to hack into Gmail accounts that they believe belong to members of "terrorist groups"?
Would GMail allow that?
US Govt has likely the keys to any gmail account. No need for hacking.
Young people take more risks -> select weaker passwords.
Its also in the best interest of those who launched the suits to keep everything low profile until past IPO day. This way larger initial amount raised -> higher potential payout if they win/settle.
It's 21 cases, we don't know how many people could benefit. Worst case it is 21 people in which case : $10,000 * 21 people + Lawyers fees = $15b