PUBLIC   marks

PUBLIC MARKS with search threat

Sponsorised links

April 2009

Hueniverse: Explaining the OAuth Session Fixation Attack

by karlcow

For example, many applications use OAuth for 2-legged requests that do not involve user authorization and are unaffected by this threat.

September 2008

ThreatExpert - Automated Threat Analysis

by cascamorto
ThreatExpert is an advanced automated threat analysis system designed to analyze and report the behavior of computer viruses, worms, trojans, adware, spyware, and other security-related risks in a fully automated mode. In only a few minutes ThreatExpert can process a sample and generate a highly detailed threat report with the level of technical detail that matches or exceeds antivirus industry standards such as those normally found in online virus encyclopedias.

From superblog to “Internet newspaper”, the lessons of the Huffington Post | Monday Note

by alexandre (via)
What’s so special about the Huffington Post? How come that what started as a political blog three years ago now epitomizes the “superblogs” threat to mainstream media? And, perhaps more important, what causes a blog to mutate into something now perceived as a mainstream media — and do the economics work?

Sponsorised links

July 2008

Judge Orders YouTube to Give All User Histories to Viacom | Threat Level from Wired.com

by karlcow

Google will have to turn over every record of every video watched by YouTube users, including users' names and IP addresses, to Viacom, which is suing Google for allowing clips of its copyright videos to appear on YouTube, a judge ruled Wednesday.

June 2008

Uncontacted Tribe Photographed in Brazil - The Big Picture - Boston.com

by karlcow

Members of an unknown Amazon Basin tribe and their dwellings are seen during a flight over the Brazilian state of Acre along the border with Peru in these May, 2008 photos distributed by Survival International. Survival International estimates that there are over 100 uncontacted tribes worldwide, and says that uncontacted tribes in the region are under increasing threat from illegal logging over the border in Peru.

April 2008

Japanese media dismayed after 'Yasukuni' movie pulled | France 24

by karlcow

Japanese newspapers warned Wednesday that freedom of expression was at stake after cinemas pulled a documentary about a Tokyo shrine honouring war dead amid pressure from nationalists. "Freedom of expression is under threat," the Asahi newspaper said in an editorial, following the decision by four more Japanese cinemas to cancel planned screenings of "Yasukuni", by Chinese director Li Ying.

March 2008

McAfee Threat Center

by cascamorto & 9 others
Stinger is a stand-alone utility used to detect and remove specific viruses. It is not a substitute for full anti-virus protection, but rather a tool to assist administrators and users when dealing with an infected system. Stinger utilizes next generation scan engine technology, including process scanning, digitally signed DAT files, and scan performance optimizations.

February 2008

Automated security updates in Debian « N0T a Blog

by mbertier & 3 others (via)
Subscribing to the security mailing lists is a must for every sysadmin, but who has the stamina and the determination to actually read them, and then analyze the impact of both the threat and the proposed fix? A more casual user with no life-or-death-critical servers would happily settle for a solution that would download and install the security patches automatically. As always in Linux, there is more than one way of achieving this. cron-apt works for me.

Apsis Gmbh

by camel & 1 other
The Pound program is a reverse proxy, load balancer and HTTPS front-end for Web server(s). Pound was developed to enable distributing the load among several Web-servers and to allow for a convenient SSL wrapper for those Web servers that do not offer it natively. Pound is distributed under the GPL - no warranty, it's free to use, copy and give away. WHAT POUND IS: 1. a reverse-proxy: it passes requests from client browsers to one or more back-end servers. 2. a load balancer: it will distribute the requests from the client browsers among several back-end servers, while keeping session information. 3. an SSL wrapper: Pound will decrypt HTTPS requests from client browsers and pass them as plain HTTP to the back-end servers. 4. an HTTP/HTTPS sanitizer: Pound will verify requests for correctness and accept only well-formed ones. 5. a fail over-server: should a back-end server fail, Pound will take note of the fact and stop passing requests to it until it recovers. 6. a request redirector: requests may be distributed among servers according to the requested URL. Pound is a very small program, easily audited for security problems. It can run as setuid/setgid and/or in a chroot jail. Pound does not access the hard-disk at all (except for reading the certificate file on start, if required) and should thus pose no security threat to any machine.

January 2008

Spyware Remove :: Spyware Descriptions and Removal Instructions.

by jdrsantos
Spyware is the fastest growing online threat, infecting nearly 90% of Internet connected PCs. So, what can you do if you want to be spyware-free?

French rally behind rogue trader as fraud scandal spreads | The Observer

by ravi
For Isabelle Mercier, 44, queuing outside a Société Générale branch in Paris, the 'rich and the powerful' always find someone to blame: 'Anyone who is a threat to them is eliminated one way or another.' Mohammed Benali, a market trader at the nearby Marché d'Aligre, agreed. 'It is time the bosses and the rich were taken down a peg,' he said.

SPICY IP: Candico's sticky trademark dispute over its 'Big Bubble' chewing gum

by pmdm
Extrait de la décision citée par Spicy IP : "We are of the view that it is for the applicant (Candico) to prove that if the mark is allowed to continue on the register it would affect their right. In fact it is seen that after a cease and desist notice was issued the applicants (Candico) have only initiated a suit against the first respondents (Perfetti). It is clear that the applicant was not facing any legal threat and so cannot be said to be an aggrieved person."

December 2007

Category:OWASP Guide Project - OWASP

by cascamorto
* 1 Frontispiece * 2 About The Open Web Application Security Project * 3 Introduction * 4 What are web applications? * 5 Policy Frameworks * 6 Secure Coding Principles * 7 Threat Risk Modeling * 8 Handling E-Commerce Payments * 9 Phishing * 10 Web Services * 11 Ajax and Other "Rich" Interface Technologies * 12 Guide to Authentication * 13 Guide to Authorization * 14 Session Management * 15 Data Validation * 16 Interpreter Injection * 17 Canonicalization, locale and Unicode * 18 Error Handling, Auditing and Logging * 19 File System * 20 Distributed Computing * 21 Buffer Overflows * 22 Administrative Interface * 23 Guide to Cryptography * 24 Configuration * 25 Software Quality Assurance * 26 Deployment * 27 Maintenance * 28 GNU Free Documentation License * 29 Reference

NewsFactor Network | Google's 'My Location' a Threat to Privacy?

by karlcow

Google's new "My Location" feature in Google Maps for phones creates an "unnecessary privacy risk," according to Marc Rotenberg, director of EPIC. In his view, it is safer and more private for consumers to use a standalone GPS device for location information instead of Google Maps. "A typical GPS device leaves the user in control," he said.

GPS, systeme opaque -> Bien... CellPhone, systeme identifie -> mauvais

Matasano Chargen » Enough With The Rainbow Tables: What You Need To Know About Secure Password Schemes

by karlcow

The socialbookmarkosphere is abuzz with talk of “rainbow tables”, what they mean for password security, and why they prove that Microsoft did a shoddy job of securing Windows for Workgroups 15 years ago. This really freaks me out. If the “advanced” pole of your threat model is “rainbow tables”, stop working on your social shopping cart calendar application right now: I can’t trust you with my Reddit karma score, let alone my credit card number.

November 2007

Coding Horror: Passphrase Evangelism

by greut

The greatest long term security threat isn't hackers. It's the perpetuation of the braindead 8-16 character password length limitation, and the idea that passwords are single words.

August 2007

Threat Level - Wired Blogs

by lukeslytalker
White House High-Security Locks Broken: Bumped and Picked at DefCon

Threat Level - Wired Blogs

by lukeslytalker
Dateline Mole Allegedly at DefCon with Hidden Camera -- Updated: Mole Caught on Tape

July 2007

How to survive the paper industry

by sbrothier (via)
How to survive the paper industry kicked off the Paper & Pixel week of discussions at Documenta12 in Kassel. The first group of talks looked at the way the development of technology is influencing the publishing process and even allows independent magazine editors to survive. They face the threat created by pixels and toners by reinventing content, technical and economical strategies.

June 2007

BBC NEWS | Technology | E-vote 'threat' to UK democracy

by padawan
British democracy could be undermined by moves to use electronic voting in elections, warns a report.

Japan threat to exit whaling body

by karlcow
"A Japanese decision to leave the IWC would be a major blow to the organisation's relevance, as it is now the world's major whaling nation. Some conservation groups see the threat as a bargaining tool. Another of Japan's alternate commissioners, Akira Nakamae, declared that establishing a rival organisation was a possibility." Cela semble familier s/Japan/whatwg/ s/whale/html/ s/iwc/w3c/

PUBLIC TAGS

ajax   apple   art   audio   blog   blogging   blogs   book   bookmarks   books   business   car   community   computer   css   culture   design   download   dvd   education   email   finance   firefox   flash   flickr   food   forum   free   fun   funny   game   games   google   guide   health   history   home   hosting   html   humor   image   images   information   internet   ipod   java   javascript   life   links   linux   mac   magazine   marketing   media   microsoft   mobile   money   movie   movies   mp3   music   news   online   phone   photo   photography   photos   photoshop   php   podcast   programming   radio   reference   rss   science   search   security   seo   service   shopping   site   social   software   sports   technology   tips   tool   tools   travel   tutorial   tv   video   videos   web   web2.0   webdesign   wiki   windows   wordpress   yahoo  

Sponsorised links