SecurityRatty: tag: analyzer

The Analyzer Is Among The Suspects In $1.8 Million Theft From A Canadian Company

2008-09-05 17:42:04 by CyberInsecure in CyberInsecure.com

Ehud Tenenbaum, a 29-Israeli known online as the Analyzer and living in Montreal, was arrested after investigators spent nine months and found out that him and three other suspects allegedly stole $1.8 million from a Calgary company. The operation involved the U.S. Secret Service and municipal police in Calgary and Vancouver - as well as

Tags: calgary company, calgary, municipal police, secret service, million, ehud tenenbaum, suspects allegedly, analyzer, montreal

Banning function calls, assurance, and retrofitting

2008-03-18 19:48:00 by Security Retentive in Security Retentive

...analyzer I'm using. As it turns out there is a fine line to be drawn between what you consider best practices, what a static analyzer can find, how much context the static analyzer has, and how much manual review you really want to put up with Let me give a specific example Coverity's Prevent analyzer has a number of built-in "unsafe"...

Tags: code review experience, code, security sensitive context, context, security critical context, unsafe context, static analyzer, file defects, rand

SQL Injection Defense Tools

2008-06-24 16:43:00 by sdl in The Security Development Lifecycle

...Analyzer for SQL Injection (MSCASI). We are also excited to announce the release of HP Scrawlr , a SQL injection detection tool developed by HP Web Security Research Group in conjunction with Microsoft Each of these tools works differently and each attacks the SQL injection problem from a different angle, and in combination they complement...

Tags: source code, complete source code, tools, source, source-code analysis tools, defense, sql injection defense, detection tools, sql injection

Clever Counterterrorism Tactic

2008-10-13 13:22:24 by schneier in Schneier on Security

...analyzer, located in the basement, that checked for bomb-making residue. The analyzer was disguised as just another piece of the laundry equipment; good OPSEC [operational security]. Within a few weeks, multiple positives had shown up, indicating the ingredients of bomb residue, and intelligence had determined which areas of the city were...

Tags: laundry, laundry simply, laundry equipment, laundry mat sic, color coded, coded, bomb residue, opsec operational security, city

Wireless holes - protecting retailers from themselves

2008-01-16 15:57:00 by Manu Namboodiri in Data Protection, Management and Leakage

...analyzer against many small retailers. They found that over a third did not have even basic and easily hacked WEP protection According to the article access to the unprotected access points and unencrypted traffic -- spilled well beyond the walls of the store. Attackers could set up shop outside, snoop on the WLAN traffic, and collect MAC...

Tags: retailers, wlan traffic, collect mac addresses, traffic, inbuilt protection, tjx scenario, apparently, data, wireless infrastructure

Virtualization security hole plugged by Altor's new tool

2008-03-17 00:00:00 by HASH0x8b1738c in Network World on Security

...Analyzer, gives visibility into the data traffic between virtual machines- which has until now been a security blindspot for people managing virtualized servers

Tags: virtualization security, altor networks, data traffic, security blindspot, startup companies, debut product, virtual machines-, security tools, virtualization management

Software Security Metrics and Commentary on "Metrics Framework" Paper

2007-09-17 20:41:00 by Security Retentive in Security Retentive

...analyzer. They are pretty decent currently at finding these One problem with the metric from the paper was a focus not on the web application itself but on its platform. I'm not sure that we're working at the right level when we start considering OS vulnerabilities when reviewing web applications. They are certainly however part of the...

Tags: metrics, software security metrics, metrics framework, metrics miss, design-time metric, design, upstream sdl metrics, application, web application security

Confidential information sent to PinPay.net and SoftCard.biz is exposed

2008-05-08 13:26:03 by Evan Francen in The Breach Blog

...analyzer like Wireshark and capture the sensitive information txtfname=Billy&txtmname=J&txtlname=Madison&txtaddress=123+Main+Street&txtcity=Anywhere txtstate=MA&txtzip=87451&txtcountry=United+States&mob phone=NONE&txtphone=18006218200 txtemail=billymadison@honky.com&txtdob=04%2F20%2F1988&txtbirthcity=Boston...

Tags: information, drivers license card, license card, card, free card, social security card, sensitive information, sensitive personal information, encrypt sensitive information

Best Security Tools: Virus Total file analyzer

2008-05-26 14:22:07 by Editor in Adventures in Security

Have you ever had one of those moments when you suspect a file of malicious intent? Maybe a file appears on an end-user device or server, you have no idea what it is, your AV software ignores it, but you have a gut feeling that something isn't quite right? Or maybe you have a user who wants to install a program you've never heard of, and you...

Tags: file, user, end-user device, file appears, bad idea, idea, free online tool, malicious intent, software ignores

Your name:
Your email:
Describe a problem:
AntiSPAM Validation:

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo