software development, security, opinion
Archive for the ‘security’ Category.
“I’ve received a fair amount of pushback on my Boingo article from Wednesday from readers and fellow Webloggers on how superfluous Boingo seems. Why not just do what they’re doing in software via a browser window, they ask? Why lock into a specific proprietary software package thus creating the potential for a non-standard network?…”
Application Single-Sign On: Netegrity, Securant, or Evidian?
-by L. Taylor
As security breaches become increasingly more frequent, minimizing user
access to back-end systems and web applications without impacting
legitimate usage is more important than ever before.
Magic Lantern is Wakeup Call. FBI has reluctantly admitted it is developing “Magic Lantern” as part of a series of enhancements to the Cyber Knight project. The software is capable of gaining access to your encryption keys by stealing passwords used to secure them. It is a trojan horse that once inserted into an internet connected computer logs your keystrokes and relays your data to FBI. FBI hopes that users who are smart enough to use encryption for their communication will fall a pray to Magic Lantern by overlooking their personal system’s security. So how is it a wakeup call you ask? Just a minute. [kuro5hin.org]
Gartner Research Note via TechRepublic:
HIPAA survey 2Q01 results: Spending and consulting use
Gartner’s third iteration of its quarterly Health Insurance Portability and Accountability Act (HIPAA) panel survey was completed in June 2001. As previously reported, many healthcare organizations (HCOs) are simply not going to achieve complete compliance with HIPAA’s transaction and code set regulations by the 16 October 2002 deadline.
However, now that 85 percent of payers and 69 percent of providers have at least started conducting formal assessments of their readiness with the first set of HIPAA mandates, more information is emerging regarding HCOs’ expected HIPAA costs, as well as their current and projected use of outside consulting help.
Cyber terrorism is ‘fantasy’:
Following the WTO/Pentagon attacks, Richard Clarke, cyberspace security adviser,
felt America was vulnerable to many viruses and hacking threats know as a
“digital Pearl harbor”. Security experts feel that the FBI was “ill-advised” for
raising concern about viruses prematurely since cyber terrorism has yet to
happen.
Instant-messaging tool for hackers poses a threat. CNN Nov 26 2001 3:19PM ET
A new hacking tool using the instant messaging platform Internet Relay Chat (IRC) is rapidly spreading across the Internet and has the potential to shut down Web servers.
Called “Voyager Alpha Force,” the tool has already been used to infect about 300 computers, according to various reports, but its biggest threat lies in its ability to be used in distributed denial-of-service attacks, according to security experts.
“It is a malicious program you download from the Internet. It looks like it’s an IRC bot. Though we don’t have any numbers, and I don’t believe the software has yet been used to bring a Web server down, we do know that it’s gone around quite quickly,” says John Safa, chief technical officer at BitArts, a software security company in the U.K.
Voyager Alpha Force infects computers running Microsoft’s SQL Server database software, allowing rogue software to be sneaked onto computers. In turn that software could then be instructed to send so many requests to a targeted Web server that it shuts down, Safa says.
Trojans make firewalls futile. IT-Director.com Nov 10 2001 4:29PM ET [Computer security news]
Auerback Analysis, via TechRepublic:
Intrusion detection: A guide to the options
Wired News:
Stealing MS Passport’s Wallet
12:25 p.m. Nov. 2, 2001 PST
To correct serious security flaws, Microsoft on Friday disabled the virtual wallet function of its Passport service and has begun notifying partners about the vulnerabilities, the company has confirmed.
The bugs in Passport, a sign-on service used by more than 200 million people, were discovered this week by Marc Slemko, a software developer who lives near Microsoft’s Redmond, Washington, headquarters.
Besides posting it at his site, Slemko intends to release the technical details on several security mailing lists Friday “so that, if they choose, users and partners can choose to reduce the impact on themselves,” he said. Because of the severity of the flaws, Slemko withheld publication until Microsoft had an opportunity to correct it.
You are currently browsing the archives for the security category.
