Scary Beasts Security
JANUARY 28, 2012
Here's a curiousity that's developing in modern browser security: The security of a given browser is dominated by how much effort it puts into other peoples' problems. This may sound absurd at first but we're heading towards a world where the main browsers will have (with a few notable exceptions): Rapid autoupdate to fix security issues. Some form of sandboxing.
Elie
FEBRUARY 17, 2012
NuCaptcha is the first widely deployed video captcha scheme. Since Technology Review interviewed me about NuCaptcha in October 2010, I have been working on evaluating its security and usability.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Privacy and Cybersecurity Law
MAY 17, 2012
Today the Canadian Bar Association held an update session for members on Canada’s Anti-Spam Legislation (“CASL”). An oral presentation was provided by […].
Dark Reading
DECEMBER 18, 2012
Sitting at the core of every financial transaction is trust. Without it, or worse, relying on unvalidated resources like personal identifiable information (PII) to identify customers, puts every banking transaction at risk. The recent article, “$850 Million Scheme Exploited Facebook: Authentication, Secure Browsing Would Have Reduced Losses,” illustrates just how important customer authentication is.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
NopSec
NOVEMBER 2, 2012
Some of you probably wondered where the NopSec crew and I ended up these days… already tired for blog writing? Not quite. Most of people at NopSec live between Manhattan and Brooklyn. And most of the people at NopSec even though safe and sound suffered inconveniences and damages from hurricane Sandy. As far as I am concerned most of the trees in the garden where I live in the East Village were downed during the storm, many flooded garages and basements, for at least tree days I did not hav
Scary Beasts Security
MARCH 17, 2012
I've had cause to be staring at memory maps recently across a variety of systems. No surprise then that some suboptimal or at least interesting ASLR quirks have come to light. 1) Partial failure of ASLR on 32-bit Fedora My Fedora is a couple of releases behind, so no idea if it's been fixed. It seems that the desire to pack all the shared libraries into virtual address 0x00nnnnnn has a catastrophic failure mode when there are too many libraries: something always ends up at 0x00110000.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Scary Beasts Security
JULY 4, 2012
[Very behind on blog posts so time to crank some out] A week or so ago, Chrome 20 was released to the stable channel. There was little fanfare and even the official Chrome blog didn't have much to declare apart from bugfixes. There were some things going on under the hood for the Linux platform, though. Security things, and some of them I implemented and am quite excited by.
Scary Beasts Security
APRIL 9, 2012
vsftpd-3.0.0 is released. Aside from the usual few fixes, I'm excited about built-in support for Will Drewry's seccomp filter, which landed in Ubuntu. To give it a whirl, you'll need a 64-bit Ubuntu 12.04 (beta at time of writing), and a 64-bit build of vsftpd. Why all the excitement? vsftpd has always piled on all of the Linux sandboxing / privilege facilities available, including chroot, capabilities, file descriptor passing, pid / network / etc. namespaces, rlimits, and even a ptrace-based de
Scary Beasts Security
APRIL 3, 2012
Just a quick note that vsftpd-3.0.0 is imminent. The big-ticket item is the new seccomp filter sandboxing support. Please test this, particularly on 64-bit Ubuntu Precise Beta 2 (or newer) or if you use SSL support. I would love to get a quick note (e-mail or comment here) even if just to say it seems to work in your configuration.
Scary Beasts Security
MARCH 28, 2012
For the brave, there now exists a pre-release version of vsftpd-3.0.0: [link] [link] The most significant change is an initial implementation of a secondary sandbox based on seccomp filter , as recently merged to Ubuntu 12.04. This secondary sandbox is pretty powerful, but I'll go into more details in a subsequent post. For now, suffice to say I'm interested in testing of this new build, e.g.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Scary Beasts Security
FEBRUARY 29, 2012
Flash on Linux hasn't always been the best experience in the stability and security departments. Users of 64-bit Linux, in particular, have to put up with NSPluginWrapper , a technology which bridges a 64-bit browser process to the 32-bit Flash library. In terms of sandboxing, your distribution might slap a clunky SELinux or AppArmor policy on Flash, but it may or may not be on by default.
NopSec
OCTOBER 27, 2012
The other day I was thinking about the concept of “event correlation” embedded into various SIEM products. Security events can be verified and false positives eliminated via correlation with other information such OS fingerprinting, netflows, vulnerability information, etc. It is the value proposition of SIEM and their added value even though it does not work all the times.
NopSec
OCTOBER 23, 2012
Every day I get tot talk to a lot of infosec professionals and business people regarding vulnerability management. They tell me that using the various $BRANDS of commercial vulnerability scanners out there and they tell me they are very frustrated. Information overload The average scanner produced a huge amount of “raw” data that they to sort through.
Privacy and Cybersecurity Law
NOVEMBER 7, 2012
The majority of the provisions of Canada’s Copyright Modernization Act (the “CMA”) entered into force today, November 7. Let’s take a look […].
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Privacy and Cybersecurity Law
MARCH 13, 2012
The Canadian Radio-television and Telecommunications Commission (CRTC) has made and registered its Electronic Commerce Protection Regulations for the Anti-Spam Act (CASL). […].
Privacy and Cybersecurity Law
APRIL 3, 2012
There are certainly many headline-grabbing elements in the European Commission’s proposed Data Protection Regulation – a directly applicable regulation replacing […].
Privacy and Cybersecurity Law
SEPTEMBER 5, 2012
In keeping with her stance on overly-invasive employee background checks, British Columbia’s Information and Privacy Commissioner, Elizabeth Denham, has issued […].
Privacy and Cybersecurity Law
JULY 3, 2012
In a press release entitled “Harper Government Says No to Fees on Memory Cards”, Minister of Industry Christian Paradis announced the […].
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Privacy and Cybersecurity Law
JULY 16, 2012
We have all been asked before to provide copies of our passports to organisations such as telecoms providers, hotels and car rental companies. […].
Privacy and Cybersecurity Law
JUNE 21, 2012
Following our recent blog post, the Article 29 Working Party has adopted a document (WP195) on Binding Corporate Rules (“BCRs”) for processors […].
Privacy and Cybersecurity Law
JULY 12, 2012
Today the Supreme Court of Canada determined that 30 second previews of songs offered by online music services constitute “fair dealing […].
Privacy and Cybersecurity Law
MAY 31, 2012
The UK “grace period” for implementation of the cookie consent rule expired last Friday. The long-promised update to the ICO […].
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Privacy and Cybersecurity Law
SEPTEMBER 28, 2012
The Supreme Court of Canada determined yesterday, in A.B. v. Bragg Communications, that a 15-year old can proceed anonymously to pursue […].
Privacy and Cybersecurity Law
AUGUST 7, 2012
The Data Protection Regulation is potentially back on track after a major roadblock was resolved. Germany is reported to have agreed […].
Privacy and Cybersecurity Law
JUNE 28, 2012
Mark and Constance Fournier operate the Free Dominion website as a political news discussion forum. Richard Warman had an exclusive […].
Privacy and Cybersecurity Law
DECEMBER 21, 2012
The Leveson Inquiry recently published its findings into UK press regulation. However Leveson also commented on the UK data privacy […].
Speaker: William Hord, Vice President of ERM Services
A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.
Privacy and Cybersecurity Law
JUNE 6, 2012
Following on the heels of its December guidance on cloud privacy and security, NIST has released SP 800-146, “Cloud Computing […].
Privacy and Cybersecurity Law
JUNE 22, 2012
There have been further developments this week on the new ‘cookies rule’ with the Article 29 Working Party issuing its […].
Privacy and Cybersecurity Law
JUNE 8, 2012
On May 8th, the FTC released its proposed consent order in its investigation of Myspace.com, finding the social networking site […].
Privacy and Cybersecurity Law
FEBRUARY 1, 2012
Canada’s Anti-Spam Legislation (CASL) was enacted in December 2010. Heard about it? It’s quite likely that you have, given its […].
Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster
So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.
Expert insights. Personalized for you.
51 
Let's personalize your content