infySEC | Demystifying Innovations

Best of Application Security (Friday, Mar. 19)

admin — Fri, 19 Mar 2010 17:00:00 +0000

Ten of Application Security industry’s coolest, most interesting, important, and entertaining links from the past week — in no particular order. Internet Explorer 9 “Platform Preview” Now Available From Microsoft Secure Application Development on Facebook OWASP Podcast #63 with Ed Bellis (CSO, Orbitz) PCI-SSC slaps ASVs wrists over marketing claims about 11.2 & 6.6 Researcher Will Expose 20 Hackable Apple Security Flaws alert(‘xss’) – The slow death of XSS Inline vs.

Read the original here:
Best of Application Security (Friday, Mar. 19)

Best of Application Security (Friday, Mar. 19)

admin — Fri, 19 Mar 2010 17:00:00 +0000

Read the rest here:
Best of Application Security (Friday, Mar. 19)

Beyond the Initial Compromise

admin — Thu, 18 Mar 2010 22:25:25 +0000

Over the past few years, targeted attacks against organizations have become increasingly common and have gained notoriety.

More:
Beyond the Initial Compromise

Blank Plastic

Thu, 18 Mar 2010 13:43:04 +0000

We regularily learn of cases where criminals have gained access credit card numbers via keyloggers , skimmers or online hacks . Once they have card numbers, they basically have three ways to turn the credit card numbers into cash: Sell them Make fraudulent purchases on them Create real-world cards out of them To create real-world cards, you need blank cards to start with

Read the rest here:
Blank Plastic

PCI-SSC slaps ASVs wrists over marketing claims about 11.2 & 6.6

admin — Wed, 17 Mar 2010 22:26:00 +0000

The PCI Security Standards Council’s (PCI-SSC) recently published March Assessor Newsletter , which contains rather “interesting” language for certain Approved Scanning Vendors (ASV). It is unclear what the penalty will be for firms who continue their misleading practices

See the original post:
PCI-SSC slaps ASVs wrists over marketing claims about 11.2 & 6.6

Passwords—Can’t Live With ‘em, Can’t Live Without ‘em

dave — Wed, 17 Mar 2010 16:21:15 +0000

People choose their passwords based on different factors: how easy they are to remember, how strong or complex they are, the sentimental value they have, etc.

Continued here:
Passwords—Can’t Live With ‘em, Can’t Live Without ‘em

Online stock trading is risky

Wed, 17 Mar 2010 11:53:31 +0000

Buying and selling stock online is big business. It also carries it’s own risks. And we don’t mean the risk of doing bad investments; we mean loosing access to your trading account because your computer got infected by a keylogger.

New Healthcare IT Landscape and Related Security Needs

dave — Wed, 17 Mar 2010 10:40:37 +0000

In 2005, the European Commission embarked on a new policy framework that embraced all aspects of the “information society.” This framework, called i2010 - A European information society for growth and employment , provides the broad policy guidelines for the information, c

View original post here:
New Healthcare IT Landscape and Related Security Needs

Malicious Ads Lead to PDF Exploits

dave — Wed, 17 Mar 2010 04:43:31 +0000

TrendLabs researchers recently received a report on malvertisements that appeared while a user was browsing through a popular Web-based email service. At first glance, the ads may seem like the typical Web browser nuisance. However, random ads were proven to be vectors for downloading malware onto users’ systems

Read the original here:
Malicious Ads Lead to PDF Exploits

Fraudsters Running a Classified Ad Campaign

admin — Tue, 16 Mar 2010 23:29:01 +0000

Symantec has recently observed a trend of phishing sites attacking brands that feature online classifieds. The legitimate classifieds brands help customers seek and exchange information on various categories such as employment, real estate, automotive, matrimonial, and so on.

See the original post here:
Fraudsters Running a Classified Ad Campaign