Cyberoam, a provider of identity-based Unified Threat Management (UTM) solutions, today announced an extension to its “Accelerator Series” network security appliances, the CR25ia and CR35ia.
For if we are observed in all matters, we are constantly under threat of correction, judgment, criticism, even plagiarism of our own uniqueness. We become children, fettered under watchful eyes, constantly fearful that -- either now or in the uncertain future -- patterns we leave behind will be brought back to implicate us, by whatever authority has now become focused upon our once-private and innocent acts. We lose our individuality, because everything we do is observable and recordable.
This info graphic shows the immense threat of the Swine Flu compared to other manners of death. Today's the 300th day of the year 2009, so I used the numbers of deaths on the Poodwaddle's World Clock (which uses the death stats of the official WHO data and statistics) for a quick comparison. The number of swine flu deaths is from the official german epidemic info site. - click here to zoom image
via blogs.nybooks.com ...
For example, many applications use OAuth for 2-legged requests that do not involve user authorization and are unaffected by this threat.
]]>
ThreatExpert is an advanced automated threat analysis system designed to analyze and report the behavior of computer viruses, worms, trojans, adware, spyware, and other security-related risks in a fully automated mode. In only a few minutes ThreatExpert can process a sample and generate a highly detailed threat report with the level of technical detail that matches or exceeds antivirus industry standards such as those normally found in online virus encyclopedias.
What’s so special about the Huffington Post? How come that what started as a political blog three years ago now epitomizes the “superblogs” threat to mainstream media? And, perhaps more important, what causes a blog to mutate into something now perceived as a mainstream media — and do the economics work?
Google will have to turn over every record of every video watched by YouTube users, including users' names and IP addresses, to Viacom, which is suing Google for allowing clips of its copyright videos to appear on YouTube, a judge ruled Wednesday.
Members of an unknown Amazon Basin tribe and their dwellings are seen during a flight over the Brazilian state of Acre along the border with Peru in these May, 2008 photos distributed by Survival International. Survival International estimates that there are over 100 uncontacted tribes worldwide, and says that uncontacted tribes in the region are under increasing threat from illegal logging over the border in Peru.
Japanese newspapers warned Wednesday that freedom of expression was at stake after cinemas pulled a documentary about a Tokyo shrine honouring war dead amid pressure from nationalists. "Freedom of expression is under threat," the Asahi newspaper said in an editorial, following the decision by four more Japanese cinemas to cancel planned screenings of "Yasukuni", by Chinese director Li Ying.
Stinger is a stand-alone utility used to detect and remove specific viruses. It is not a substitute for full anti-virus protection, but rather a tool to assist administrators and users when dealing with an infected system. Stinger utilizes next generation scan engine technology, including process scanning, digitally signed DAT files, and scan performance optimizations.
Subscribing to the security mailing lists is a must for every sysadmin, but who has the stamina and the determination to actually read them, and then analyze the impact of both the threat and the proposed fix? A more casual user with no life-or-death-critical servers would happily settle for a solution that would download and install the security patches automatically. As always in Linux, there is more than one way of achieving this. cron-apt works for me.
The Pound program is a reverse proxy, load balancer and HTTPS front-end for Web server(s). Pound was developed to enable distributing the load among several Web-servers and to allow for a convenient SSL wrapper for those Web servers that do not offer it natively. Pound is distributed under the GPL - no warranty, it's free to use, copy and give away. WHAT POUND IS: 1. a reverse-proxy: it passes requests from client browsers to one or more back-end servers. 2. a load balancer: it will distribute the requests from the client browsers among several back-end servers, while keeping session information. 3. an SSL wrapper: Pound will decrypt HTTPS requests from client browsers and pass them as plain HTTP to the back-end servers. 4. an HTTP/HTTPS sanitizer: Pound will verify requests for correctness and accept only well-formed ones. 5. a fail over-server: should a back-end server fail, Pound will take note of the fact and stop passing requests to it until it recovers. 6. a request redirector: requests may be distributed among servers according to the requested URL. Pound is a very small program, easily audited for security problems. It can run as setuid/setgid and/or in a chroot jail. Pound does not access the hard-disk at all (except for reading the certificate file on start, if required) and should thus pose no security threat to any machine.
]]>Spyware is the fastest growing online threat, infecting nearly 90% of Internet connected PCs. So, what can you do if you want to be spyware-free?
For Isabelle Mercier, 44, queuing outside a Société Générale branch in Paris, the 'rich and the powerful' always find someone to blame: 'Anyone who is a threat to them is eliminated one way or another.' Mohammed Benali, a market trader at the nearby Marché d'Aligre, agreed. 'It is time the bosses and the rich were taken down a peg,' he said.
Extrait de la décision citée par Spicy IP : "We are of the view that it is for the applicant (Candico) to prove that if the mark is allowed to continue on the register it would affect their right. In fact it is seen that after a cease and desist notice was issued the applicants (Candico) have only initiated a suit against the first respondents (Perfetti). It is clear that the applicant was not facing any legal threat and so cannot be said to be an aggrieved person."
* 1 Frontispiece * 2 About The Open Web Application Security Project * 3 Introduction * 4 What are web applications? * 5 Policy Frameworks * 6 Secure Coding Principles * 7 Threat Risk Modeling * 8 Handling E-Commerce Payments * 9 Phishing * 10 Web Services * 11 Ajax and Other "Rich" Interface Technologies * 12 Guide to Authentication * 13 Guide to Authorization * 14 Session Management * 15 Data Validation * 16 Interpreter Injection * 17 Canonicalization, locale and Unicode * 18 Error Handling, Auditing and Logging * 19 File System * 20 Distributed Computing * 21 Buffer Overflows * 22 Administrative Interface * 23 Guide to Cryptography * 24 Configuration * 25 Software Quality Assurance * 26 Deployment * 27 Maintenance * 28 GNU Free Documentation License * 29 Reference
GPS, systeme opaque -> Bien... CellPhone, systeme identifie -> mauvaisGoogle's new "My Location" feature in Google Maps for phones creates an "unnecessary privacy risk," according to Marc Rotenberg, director of EPIC. In his view, it is safer and more private for consumers to use a standalone GPS device for location information instead of Google Maps. "A typical GPS device leaves the user in control," he said.
The socialbookmarkosphere is abuzz with talk of “rainbow tables”, what they mean for password security, and why they prove that Microsoft did a shoddy job of securing Windows for Workgroups 15 years ago. This really freaks me out. If the “advanced” pole of your threat model is “rainbow tables”, stop working on your social shopping cart calendar application right now: I can’t trust you with my Reddit karma score, let alone my credit card number.
The greatest long term security threat isn't hackers. It's the perpetuation of the braindead 8-16 character password length limitation, and the idea that passwords are single words.