Why Information Security: D-UH!

February 8, 2011 · Posted in Information Security, Information Systems · Comment 

 I almost always feel like saying “D-uh!” every time I see a text heading for an article or book topic that says “Why information security” or “Why Security”.  I feel that it is almost a nonsensical question as “why do I need to breathe”. However, stepping back and looking at the big picture, that is really a wrong assumption. It is almost an internal bias that akin to me being surprised at meeting someone who still doesn’t have an e-mail or a broadband connection. It boggles my mind that in this day and age of information security exploits and regulatory liabilities, I still meet programmers and developers who still continue to spit out commercial products that are filled with so many holes that a 13-year old script kiddie can easily slice through it like it was Swiss cheese.

That being said, the nature of my profession makes me a little bit more attuned to information security issues than perhaps the next guy (maybe not guys sitting right next to me as I write this considering that they do the same work as I do, but perhaps the next guy in the mall or something) and whether I like it or not it becomes part of my nature. To me, thinking about threat, vulnerabilities and risks is about as natural as breathing. This fact, however, is not true to majority of digital innovators and users out there. Read more

Tags: , , , , , , ,

From the Geek Mail: Facebook Pushes the Privacy Envelope with Data Sharing

February 8, 2011 · Posted in Geek Mail, Information Security · Comment 

by Lora Bentley

Score one more for Facebook’s “act first, apologize later” strategy.

Last month the company announced it would make user information – including phone numbers – available to application developers. But they wouldn’t get access to the data until after they got express permission “through the usual permission dialogues,” according to the INQUIRER.

After only three days, however, Facebook suspended the program, indicating it had received feedback that users weren’t exactly clear on when they would and would not be giving up access to their information, even with the standard permissions dialogue boxes. At the time, Facebook said: Read more

Tags: , , ,

From the Geek Mail: 2011 Top Tech Jobs

February 1, 2011 · Posted in Geek Mail, Information Security, Information Systems, Information Technology, Project Management · Comment 

Received from: Daily Edge at IT Business Edge

CyberCoders, a worldwide recruiting firm, has analyzed hiring statistics from a pool of more than 12,000 CyberCoders job listings to determine the top 10 tech jobs for 2011 — focusing on which job types offer the most open positions, career growth and compensation. CyberCoders finds that technical candidates often make more, are in higher demand, and have a better chance for career growth versus candidates who apply for marketing or health care positions.

Matt Miller, Chief Technology Officer of CyberCoders, says, “There is a resurgence of companies hiring tech candidates caused in part by industries which need to automate their business systems.” Miller says, “Automating business systems often results in an increased need for software engineers and technical specialty positions, especially among start-ups.” At the beginning of 2011, CyberCoders had more than 1,400 available positions in technology, up 196 percent from the previous year. Read more

Tags: , , ,

  • Your Shopping Cart

    Your cart is empty

  • Calendar

    February 2011
    M T W T F S S
    « Jan   Mar »
     123456
    78910111213
    14151617181920
    21222324252627
    28  

  • RSS From the National Vulnerability Database

    • CVE-2012-0291 (pcanywhere, altiris_client_management_suite_pcanywhere_solution, altiris_deployme...) February 21, 2012
      Symantec pcAnywhere through 12.5.3, Altiris IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), Altiris Client Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), and Altiris Deployment Solution Remote pcAnywhere Solution 7.1 (aka 12.5.x and 12.6.x) allow remote attackers to cause a denial of service (applic […]
      nvd@nist.gov
    • CVE-2012-0315 (alftp) February 21, 2012
      Untrusted search path vulnerability in ALFTP before 5.31 allows local users to gain privileges via a Trojan horse executable file in a directory that is accessed for reading an extensionless file, as demonstrated by executing the README.exe file when a user attempts to access the README file. […]
      nvd@nist.gov
    • CVE-2012-0223 (termis) February 21, 2012
      Untrusted search path vulnerability in 7-Technologies (7T) TERMIS 2.10 and earlier allows local users to gain privileges via a Trojan horse DLL in the current working directory, a different vulnerability than CVE-2012-0224. […]
      nvd@nist.gov
    • CVE-2012-1256 (easyvista) February 21, 2012
      The single sign-on (SSO) implementation in EasyVista before 2010.1.1.89 allows remote attackers to bypass authentication via a modified url_account parameter, in conjunction with a valid login name in the SSPI_HEADER parameter, to index.php. […]
      nvd@nist.gov
    • CVE-2011-4185 (iprint) February 20, 2012
      The GetPrinterURLList2 method in the ActiveX control in Novell iPrint Client before 5.78 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2008-2431 and CVE-2008-2436. […]
      nvd@nist.gov
    • CVE-2012-1218 (freelancerkit) February 20, 2012
      Multiple SQL injection vulnerabilities in freelancerKit 2.35 allow remote attackers to execute arbitrary SQL commands via unspecified vectors to the (1) notes and (2) tickets components. […]
      nvd@nist.gov
    • CVE-2011-4521 (advantech_webaccess) February 20, 2012
      SQL injection vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary SQL commands via crafted string input. […]
      nvd@nist.gov
    • CVE-2012-1222 (r2/extreme) February 20, 2012
      Stack-based buffer overflow in RabidHamster R2/Extreme 1.65 and earlier allows remote authenticated users to execute arbitrary code via a long string to TCP port 23. […]
      nvd@nist.gov
    • CVE-2012-1235 (advantech_webaccess) February 20, 2012
      Cross-site request forgery (CSRF) vulnerability in Advantech/BroadWin WebAccess 7.0 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0235. […]
      nvd@nist.gov
    • CVE-2012-0865 (cubecart) February 20, 2012
      Multiple open redirect vulnerabilities in CubeCart 3.0.20 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) r parameter to switch.php or (2) goto parameter to admin/login.php. […]
      nvd@nist.gov
Get Adobe Flash playerPlugin by wpburn.com wordpress themes