 |
- To get your FREE White Paper! |
06.22.04
How
to Spoof-proof Your Logins
Depending on which side of the consumer-business equation you are
on, you might either expect to perform a transaction with another
machine or you might expect a person to be on the other end of the
transaction. When you run a business that requires legitimate user-accounts,
you may be surprised to find that some of your accounts may belong
to a single person—one using a skillfully-crafted script running on
his machine to create many "virtual" accounts with your business.
These accounts tie up your resources, bandwidth, and other time and
materials.
The process by which such scripts create accounts is called identity
spoofing, and—for most simple sites—can be accomplished rather easily.
All the spoofer needs to do is to create an HTML form that contains
fields identical to those in your login form and then "HTTP-POST"
the data to your server, where your user-account creation process
takes place. The problem is even worse if you allow your login forms
to be processed via "HTTP-GET". After successfully creating an account
once, there's nothing stopping the spoofer from automating the whole
process.
Read
The Whole Article |
Lock
Down Your Website
With all the benefits of e-commerce there are dangers such as identity
theft for consumers and cyber attacks on websites. Site owners need
take preventative measures. Wellman presents some security procedures
and scripts for PHP driven sites.
Life in the digital age certainly has its benefits; I can buy the
latest CD, before it even hits the shops, for the cheapest price in
the world from a shop thousands of miles away, all without leaving
the comfort of my armchair (ok, my office chair). True, I'll have
to wait for a couple of days before the item is actually delivered,
but to me that's a small price to pay. An example of an instantaneous
process could be opening a bank account in Switzerland in order to
pay less tax on your savings. Or searching for a better quote on your
car insurance, (a lot of insurance companies actually offer a discount
simply for signing up online) and buying it online. Companies like
to offer e-commerce solutions to save on their overhead, and the average
person likes e-commerce because it opens up whole new markets and
saves money. There are many online stores that simply would not exist
if it weren't for the Internet.
Read
The Whole Article
Cisco,
Trend Micro extend network security ties
Security powerhouses Cisco and Trend Micro have extended their strategic
partnership to make the network an even safer place for enterprises.
Seven months after sealing their Network Admission Control (NAC) programme
partnership (see ACW Dec 8 issue), Cisco has said that it will integrate
its network infrastructure and security systems with Trend Micro’s
worm and virus technologies, vulnerability assessment, and real-time
outbreak-prevention capabilities.
Read
The Whole Article
Microsoft
Windows and the Common Criteria Certification Part I
In today’s computer networks, it is important to start to concern
yourself with another level of detail in security other than how to
‘harden a system’ by killing unneeded services or adding yet another
service pack or hotfix to your system(s). In this article set, we
will explore Common Criteria Certification, what it is and what it
means.
If you would like to receive an email when the next article in this
series is released, subscribe to the WindowSecurity.com Real-Time
Article Updates from our Newsletter subscriptions page.
You may have heard of this before. You may have heard something like
the Windows 2000 operating system has achieved Common Criteria certification
at Evaluation Assurance level 4 (EAL-4). The question is, do you know
what this means, what it means to your organization or in the world
of security? In this article we will explain what the Common Criteria
Certification is and what the EAL levels are, why they are important
and broaden you horizons in yet another area of systems security.
In Part II of this article set we will look at how it directly relates
to the Windows product lines (XP, 2000, 2003) and why its important
to know and understand.
Read
The Whole Article
| Convert your
keywords to sales! Try Urchin for free - Download
Now |
Security
Expert Gary McGraw on Black Hats, the U.S. Government, and Good vs.
Evil
Seth: Give us a little background on how you got started in information
security.
Gary: I came into computer security through my interest in programming
languages. I got my Ph.D. in computer science and cognitive science
at Indiana University, where I studied with Doug Hofstadter and wrote
the Letter Spirit program. Dan Friedman, another professor at IU,
ensured that all IU computer science students were indoctrinated with
his excellent thinking about programming languages (with a strong
Scheme flavoring). So I was a part-time languages junkie in grad school.
I also had a strong interest in the web, having helped get Hofstadter's
lab on the web in late 1993. I recall when Yahoo! was a complete list
of all web sites.
Read
The Whole Article
Security
officials play nice
Federal agencies are deploying more sophisticated network scanning
tools than ever before. But even high-level information security officials
often have little power — other than persuasion — for getting network
users to plug the security holes identified through scans.
The situation that information security officials described today
at an event in Washington, D.C., was no surprise to anyone familiar
with the way large bureaucracies such as the Veterans Affairs Administration
or the Federal Aviation Administration operate.
Read
The Whole Article
Read this newsletter at:
http://www.securitypronews.com/2004/0622.html |
|
| From
the Forum: |
| RedHat
Fedora verses Enterprise |
I am changing hosting companies and going
from Windows 2000 to a Linix Server. I have a choice between
RedHat Fedora or Enterprise. What is the difference? The hosting
company said frequent updates are available for Fedora, but
not as much for Enterprise. Is there a big difference in the
two? ...
|
 |
|
