Another One Is Totally Hacked. 70,000 Individuals Affected

31 בינואר 2007

From: January 30, 2007 (Computerworld) -- The Vermont Agency of Human Services (AHS) today started sending letters to about 70,000 individuals in the state warning them of a computer compromise that may have exposed their Social Security numbers and other personal data. But the AHS server that was hacked stored the data in unencrypted fashion, said Heidi Tringe, communications director for the state agency. Tringe added that the AHS now plans to stop keeping the information on the server altogether. "The original design called for the computer to store the data," she said. "That will no longer happen." According...
אין תגובות

SOA, Strong Authentication, Standard Authorization – Cool Solution

29 בינואר 2007

I've previously blogged about SOA Security Inside Enterprise walls This time I had couple of pretty interesting requirements from one customer that targeted B2B/Partners scenario. They had a web site that communicates to partner's web services. His concerns were sincere and pretty fair: I want to manage my creds that I use to authenticate with the partner's web service in secure way I want to pass it it over the wire in secure standard way The partner won't do any major changes to his authorization schema inside the web service Authorization schema must be easy to managed and standard Without...
3 תגובות

Say, Got New Shiny Mobile Device? Get Ready To Be Hacked

23 בינואר 2007 "The Tower Group, a research and advisory company focused on the financial services industry, believes that many mobile commerce offerings now emerging from the financial services sector "lack a reasonable and justifiable focus" on mobile security." Great!! We share our beliefs :) Cheers
אין תגובות

Boeing Adopts Microsoft's Threat Analysis and Modeling

Customer Highlight Boeing develops their line of business applications using a standard software development lifecycle process, which incorporates Microsoft Threat Analysis and Modeling to enable secure system design. Using this application, Boeing is able to provide focused and contextualized guidance to application development teams to aid in the process of building and maintaining secure systems. More Application Threat Modeling, and even more here Cheers
אין תגובות

When Bruce Schneier Talks You Better Listen

22 בינואר 2007 "Identity theft is the information age’s new crime." "Security technologies can work wonders in preventing identity theft, once the economic incentives to apply them are there." "To mitigate that risk, we need to concentrate on detecting and preventing fraudulent transactions. We need to make the entity, which is in the best position to mitigate the risk, responsible for that risk. And that means making the financial institutions liable for fraudulent transactions. Doing anything less simply won't work." Heard of PCI and other compliance beasts? it talks about what to do. And here is how Cheers
תגיות: ,
אין תגובות

Approximately US$1.2 Million, Has Been Stolen From The Scandinavian Bank – Jan 19, 2007

20 בינואר 2007

"The log-in system used by Nordea has been the target of much criticism during recent months. Users log in to their accounts using their date of birth, a standing four-digit security code and a one-time code." Building your own custom authentication system instead using industry proven one - recipe for the above. Here are some helpfull resources: How To: Create GenericPrincipal Objects with Forms Authentication How To: Protect Forms Authentication in ASP.NET 2.0 How To: Use Authorization Manager (AzMan) with ASP.NET 2.0 How To: Use Forms Authentication with Active Directory How To: Use Forms Authentication with Active Directory in...
אין תגובות

Hackers Are Where the Money Is

19 בינואר 2007

This time it is large retails chain which "suffered a massive computer breach on a portion of its network that handles credit card, debit card, check and merchandise transactions in the United States and abroad" The result: "Between eight and 10 Massachusetts banks have already had customers whose accounts were raided as a result of the breach." Building new retail software or supporting the current one? - Security Engineering is your friend Cheers
אין תגובות