John Cox discusses the recent report by Application Security, mentioned previously on this site. A database security vendor says colleges and universities need to do more to secure their databases against break-ins. Application Security, which uses the name AppSec, reviewed data breaches in higher education, drawing from a variety of published sources. The company, based…
Category: Commentaries and Analyses
12 reasons why we’re losing the identity theft battle (and why you should care)
Neal O’Farrell, Consumer Security Adviser for Intersections Inc, writes: 1. Zero Liability has made consumers feel they have nothing to lose. The notion of zero liability came from a blend of federal law (the FACT Act or FACTA) and marketing savvy by financial institutions, to shift losses to identity theft from consumers and victims to…
The Securosis 2010 Data Security Survey
Over the summer we initiated what turned out to be a pretty darn big data security survey. The primary goal of the survey was to assess what data security controls people find most effective, as well as get a better understanding of how they are using the controls, what’s driving adoption, and a bit on…
‘Padding Oracle’ Crypto Attack Affects Millions of ASP.NET Apps
Dennis Fisher writes: A pair of security researchers have implemented an attack that exploits the way that ASP.NET Web applications handle encrypted session cookies, a weakness that could enable an attacker to hijack users’ online banking sessions and cause other severe problems in vulnerable applications. Experts say that the bug, which will be discussed in…
GAO Finds Agencies Lax On Data Protection
Elizabeth Montalbano reports: Some federal agencies that deal with highly sensitive data are not adequately protecting it from contract workers, a new Government Accountability Office (GAO) report found. The Departments of Defense (DoD), Homeland Security (DHS), and Health and Human Services (HHS) have some guidance and contract provisions in place for what data contractors can…
Is your browser being lied to? Survey says: “Maybe”
Cross-posted from PogoWasRight.org: In a year when both Congress and the FTC have been making noise about regulating online advertising, you would think that the industry would be eager to show that such regulation is not needed. Yet a new study released last week by researchers at Carnegie Mellon University’s CyLab suggests that not only…