Session Fixation Prevention in Java
What is it and why should I care? Session fixation, by most definitions, is a subclass of session hijacking. The most common basic flow is:Step 1. Attacker gets a valid session ID from an application...
View ArticleMonthly Blog Round-Up – February 2012
Here is my next monthly "Security Warrior" blog round-up of top 5 popular posts/topics this month: “Simple Log Review Checklist Released!” is often at the top – the checklist is still a very useful...
View ArticleHow to enable WIF token replay detection
Windows Identity Foundation (WIF) is vulnerable to replay attacks of security tokens in its default configuration. The "Replay Detection" article on MSDN presents a good example of how things can go...
View ArticleRSA Conference Thoughts: Part III
As we get further into the week, my attention span is waning. So, today’s blog will be a bit lighter. Here are some things I observed this year. 1. There is an energy at the conference that has been...
View ArticlePrinter Security: Hidden Hard Di…
Printer Security: Hidden Hard Disks and Other Terrifying Tales #HPIO Like everything else, printers are getting smarter. But with intelligence can come vulnerability.by +Sharon Fisher...
View ArticleAsk Sucuri: Talk more about web-based malware
If you have any question about malware, blacklisting, or security in general, send it to us: contact@sucuri.net and we will answer here. For all the “ask sucuri” answers, go here. Question: My site got...
View ArticleSBN Sponsor Post
Get a sneak peak into RSA Conference 2012 with podcasts from industry experts and speakers.http://bit.ly/fmaLXU
View ArticleHP Identifies IT Security Flashpoints
As enterprise IT gets more complex figuring out exactly where the latest security flashpoint is has become increasingly more difficult.
View ArticleWhat We’re Reading, Week of 2/27
InformationWeek, 10 lessons from RSA Security Conference Network Computing, RSA Chief Tells Enterprises: Make Security And Privacy Protection Top Priorities InfoWorld, Making sense of mobile device,...
View ArticleOffshoring and education gap
I missed the RSA Conference this week for various reasons but I did get to spend a the better part of two days out of the office hanging with a group of CTO’s. The group was a mix of early stage and...
View ArticleNew avast! 7 Internet Security brings corporate level security to your home...
The new avast! 7 Internet Security brings top-level security and privacy previously only known in corporate environments to your personal computer. Features such as the Sandbox and avast! SafeZone give...
View ArticleWeekly News Roundup
One of Veracode’s own posts has been making headlines recently – Mark Kriegsman’s AdiOS utility. AdiOS is being featured by a large number of popular news sources. Mark created a great video about this...
View ArticleWebsense Web Security Gateway vs. OpenDNS
I’ve had a few customers ask me recently about how we compare to OpenDNS. We only run across Open DNS once in a while, typically for extremely price-conscious customers. But cheap comes at a cost and...
View ArticleIs Security Event and Information Management (SEIM) Finally Coming To The...
If you speak to many analysts in the information security space they will tell you that all roads lead to SEIM. Security Event and Information Managers represent the pinnacle of security technology....
View ArticlePaper safe
I first saw this, appropriately enough, on Improbable Research. It’s appropriate, because, when you see it, first it makes you laugh. Then it makes you think. This guy has created a paper safe....
View ArticleScenes from RSA Conference US – Thursday
Thuesday night was the Cryptographer's Ball. Some amazing costumes were on display:
View ArticleCry Havoc and Let Slip the Dogs of War: The Windows 8 Kill Switch
via the truly inimitable John C. Dvorak, comes a typically combinatorial, yet well-scrivened piece on Microsoft Corporation’s (NasdaqGS: MSFT) lame-brained excuse for security [anyone recall Microsoft...
View Article