Loading ...-
-
-
BlogInfoSec.com Sponsors
-
BlogInfoSec.com Partners
Tag Archives: Uncategorized
Two Good Quotes from Michael Howard's Paper Entitled "A Process for Performing Security Code Reviews"
August 3, 2006 – 2:55 am
–
Michael Howard's recent blog entry points us to an article he wrote for IEEE. Here are two interesting quotes from the paper which may be found here:
“Note that, although a general bug count is interesting and useful, we find no evidence at Microsoft of a correlation between general…
If you thought security budgets were tight before…
July 28, 2006 – 12:32 am
–
From Computerworld New Zealand: “Organisations that have reached a high level of IT security practice maturity can safely scale back security spending to between 3% and 4% of their IT budget by 2008, according to research firm Gartner.”
This makes sense. In the US the big security…
Graphic One-time Passwords: Better Security Against Phishing?
July 20, 2006 – 9:55 pm
–
Richard Stiennon writes:
“The user picks their own password and can change it anytime. But when they go to login they are presented with a grid like the one pictured here….
“Instead of typing in their password they type in the number in one of the corners of each of the…
A Reputational Attack: On the Microsoft PowerPoint Zero-Day
July 14, 2006 – 11:00 am
–
eWeek notes:
“First Word, then Excel, now PowerPoint.
“For the third time in two months, a zero-day vulnerability in a widely used Microsoft Office software application is being used in targeted hacker attacks.”
eWeek notes, “The attack comes just days after…
Phishing through Proxies: Good-bye Two Factor Authentication?
July 11, 2006 – 11:37 am
–
Industry insiders knew this would happen at some point.
Brian Krebs of the Washington Post writes, “Security experts have long touted the need for financial Web sites to move beyond mere passwords and implement so-called “two-factor authentication” — the second factor…
