Why Information Security: D-UH!

February 8, 2011 · Posted in Information Security, Information Systems · Comment 

 I almost always feel like saying “D-uh!” every time I see a text heading for an article or book topic that says “Why information security” or “Why Security”.  I feel that it is almost a nonsensical question as “why do I need to breathe”. However, stepping back and looking at the big picture, that is really a wrong assumption. It is almost an internal bias that akin to me being surprised at meeting someone who still doesn’t have an e-mail or a broadband connection. It boggles my mind that in this day and age of information security exploits and regulatory liabilities, I still meet programmers and developers who still continue to spit out commercial products that are filled with so many holes that a 13-year old script kiddie can easily slice through it like it was Swiss cheese.

That being said, the nature of my profession makes me a little bit more attuned to information security issues than perhaps the next guy (maybe not guys sitting right next to me as I write this considering that they do the same work as I do, but perhaps the next guy in the mall or something) and whether I like it or not it becomes part of my nature. To me, thinking about threat, vulnerabilities and risks is about as natural as breathing. This fact, however, is not true to majority of digital innovators and users out there. Read more

Tags: <, , , , , , , >

From the Geek Mail: Facebook Pushes the Privacy Envelope with Data Sharing

February 8, 2011 · Posted in Geek Mail, Information Security · Comment 

by Lora Bentley

Score one more for Facebook’s “act first, apologize later” strategy.

Last month the company announced it would make user information – including phone numbers – available to application developers. But they wouldn’t get access to the data until after they got express permission “through the usual permission dialogues,” according to the INQUIRER.

After only three days, however, Facebook suspended the program, indicating it had received feedback that users weren’t exactly clear on when they would and would not be giving up access to their information, even with the standard permissions dialogue boxes. At the time, Facebook said: Read more

Tags: <, , , >

Social Media: Separating the Personal from the Professional (Part 1)

November 17, 2009 · Posted in Biz Mgt & Dev, Information Security, Internet Marketing, eCommerce / eBiz · Comment 

Unless you’ve been living under a rock or not have had access to the Internet or living a life of a hermit or well you get the point, you would somehow or another would have had received an invite from a friend, family member, a classmate, a co-worker, an associate, an acquaintance or a complete stranger (hopefully, I covered everything) to join, follow, make friends with, connect with or link with him/her or check out his profile, photo, video or note in some greatest thing ever that happened in this thingamajig that they call the Internet.

Social Media has become a major phenomenon. It has spawned a whole new vocabulary of terms that will perhaps add several more pages into the Oxford (or Merriam-Webster’s) Dictionary. People are tweeting, Facebooking, tagging, liking, sharing, embedding and wall writing. Some are LIONs, some LIONs are also tweeting… And guess what, these Tweeting LIONs can even have their own channel… Imagine that…
Read more

Tags: <, , , , , >

  • Your Shopping Cart

    Your cart is empty

  • Calendar

    February 2012
    M T W T F S S
    « Mar    
     12345
    6789101112
    13141516171819
    20212223242526
    272829  

  • RSS From the National Vulnerability Database

    • CVE-2012-1034 (episerver_cms) February 7, 2012
      Multiple cross-site scripting (XSS) vulnerabilities in the admin interface in EPiServer CMS through 6R2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. […]
      nvd@nist.gov
    • CVE-2011-5076 (hdwiki) February 6, 2012
      SQL injection vulnerability in model/comment.class.php in HDWiki 5.0, 5.1, and possibly other versions allows remote attackers to execute arbitrary SQL commands via the PATH_INFO to index.php. NOTE: some of these details are obtained from third party information. […]
      nvd@nist.gov
    • CVE-2012-1021 (4images) February 6, 2012
      Cross-site scripting (XSS) vulnerability in admin/categories.php in 4images 1.7.10 allows remote attackers to inject arbitrary web script or HTML via the cat_parent_id parameter in an addcat action. […]
      nvd@nist.gov
    • CVE-2012-1031 (episerver_cms) February 6, 2012
      Unspecified vulnerability in EPiServer CMS 5 and 6 through 6R2, in certain configurations using Forms Authentication, allows remote authenticated users to obtain WebAdmins access by leveraging Edit Mode privileges, a different vulnerability than CVE-2011-3416 and CVE-2011-3417. […]
      nvd@nist.gov
    • CVE-2012-1008 (officesip_server) February 6, 2012
      OfficeSIP Server 3.1 allows remote attackers to cause a denial of service (daemon crash) via a crafted To header in a SIP INVITE message. […]
      nvd@nist.gov
    • CVE-2012-0992 (openemr) February 6, 2012
      interface/fax/fax_dispatch.php in OpenEMR 4.1.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the file parameter. […]
      nvd@nist.gov
    • CVE-2012-1004 (foswiki) February 6, 2012
      Multiple cross-site scripting (XSS) vulnerabilities in UI/Register.pm in Foswiki before 1.1.5 allow remote authenticated users with CHANGE privileges to inject arbitrary web script or HTML via the (1) text, (2) FirstName, (3) LastName, (4) OrganisationName, (5) OrganisationUrl, (6) Profession, (7) Country, (8) State, (9) Address, (10) Location, (11) Telephon […]
      nvd@nist.gov
    • CVE-2012-1019 (xwiki_enterprise) February 6, 2012
      Multiple cross-site scripting (XSS) vulnerabilities in XWiki Enterprise 3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) XWiki.XWikiComments_comment parameter to xwiki/bin/commentadd/Main/WebHome, (2) XWiki.XWikiUsers_0_company parameter when editing a user profile, or (3) projectVersion parameter to xwiki/bin/view/DownloadCode/D […]
      nvd@nist.gov
    • CVE-2012-1002 (openconf) February 6, 2012
      Unspecified vulnerability in OpenConf 4.x before 4.12 has unknown impact and attack vectors. […]
      nvd@nist.gov
    • CVE-2012-1029 (tube_ace) February 6, 2012
      SQL injection vulnerability in mobile/search/index.php in Tube Ace (Adult PHP Tube Script) 1.6 allows remote attackers to execute arbitrary SQL commands via the q parameter. NOTE: some of these details are obtained from third party information. […]
      nvd@nist.gov
Get Adobe Flash playerPlugin by wpburn.com wordpress themes