Scary Beasts Security
JANUARY 28, 2012
Here's a curiousity that's developing in modern browser security: The security of a given browser is dominated by how much effort it puts into other peoples' problems. This may sound absurd at first but we're heading towards a world where the main browsers will have (with a few notable exceptions): Rapid autoupdate to fix security issues. Some form of sandboxing.
Elie
FEBRUARY 17, 2012
NuCaptcha is the first widely deployed video captcha scheme. Since Technology Review interviewed me about NuCaptcha in October 2010, I have been working on evaluating its security and usability.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Dark Reading
DECEMBER 18, 2012
Sitting at the core of every financial transaction is trust. Without it, or worse, relying on unvalidated resources like personal identifiable information (PII) to identify customers, puts every banking transaction at risk. The recent article, “$850 Million Scheme Exploited Facebook: Authentication, Secure Browsing Would Have Reduced Losses,” illustrates just how important customer authentication is.
NopSec
NOVEMBER 2, 2012
Some of you probably wondered where the NopSec crew and I ended up these days… already tired for blog writing? Not quite. Most of people at NopSec live between Manhattan and Brooklyn. And most of the people at NopSec even though safe and sound suffered inconveniences and damages from hurricane Sandy. As far as I am concerned most of the trees in the garden where I live in the East Village were downed during the storm, many flooded garages and basements, for at least tree days I did not hav
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Privacy and Cybersecurity Law
APRIL 3, 2012
There are certainly many headline-grabbing elements in the European Commission’s proposed Data Protection Regulation – a directly applicable regulation replacing […].
Scary Beasts Security
MARCH 17, 2012
I've had cause to be staring at memory maps recently across a variety of systems. No surprise then that some suboptimal or at least interesting ASLR quirks have come to light. 1) Partial failure of ASLR on 32-bit Fedora My Fedora is a couple of releases behind, so no idea if it's been fixed. It seems that the desire to pack all the shared libraries into virtual address 0x00nnnnnn has a catastrophic failure mode when there are too many libraries: something always ends up at 0x00110000.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Scary Beasts Security
JULY 4, 2012
[Very behind on blog posts so time to crank some out] A week or so ago, Chrome 20 was released to the stable channel. There was little fanfare and even the official Chrome blog didn't have much to declare apart from bugfixes. There were some things going on under the hood for the Linux platform, though. Security things, and some of them I implemented and am quite excited by.
Scary Beasts Security
APRIL 9, 2012
vsftpd-3.0.0 is released. Aside from the usual few fixes, I'm excited about built-in support for Will Drewry's seccomp filter, which landed in Ubuntu. To give it a whirl, you'll need a 64-bit Ubuntu 12.04 (beta at time of writing), and a 64-bit build of vsftpd. Why all the excitement? vsftpd has always piled on all of the Linux sandboxing / privilege facilities available, including chroot, capabilities, file descriptor passing, pid / network / etc. namespaces, rlimits, and even a ptrace-based de
Scary Beasts Security
APRIL 3, 2012
Just a quick note that vsftpd-3.0.0 is imminent. The big-ticket item is the new seccomp filter sandboxing support. Please test this, particularly on 64-bit Ubuntu Precise Beta 2 (or newer) or if you use SSL support. I would love to get a quick note (e-mail or comment here) even if just to say it seems to work in your configuration.
Scary Beasts Security
MARCH 28, 2012
For the brave, there now exists a pre-release version of vsftpd-3.0.0: [link] [link] The most significant change is an initial implementation of a secondary sandbox based on seccomp filter , as recently merged to Ubuntu 12.04. This secondary sandbox is pretty powerful, but I'll go into more details in a subsequent post. For now, suffice to say I'm interested in testing of this new build, e.g.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Scary Beasts Security
MARCH 22, 2012
This year's Pwn2Own and Pwnium contests were interesting for many reasons. If you look at the results closely, there are many interesting observations and conclusions to be made. $60k is more than enough to encourage disclosure of full exploits As evidenced by the Pwnium results , $60k is certainly enough to motivate researchers into disclosing full exploits, including sandbox escapes or bypasses.
Scary Beasts Security
FEBRUARY 29, 2012
Flash on Linux hasn't always been the best experience in the stability and security departments. Users of 64-bit Linux, in particular, have to put up with NSPluginWrapper , a technology which bridges a 64-bit browser process to the 32-bit Flash library. In terms of sandboxing, your distribution might slap a clunky SELinux or AppArmor policy on Flash, but it may or may not be on by default.
NopSec
OCTOBER 27, 2012
The other day I was thinking about the concept of “event correlation” embedded into various SIEM products. Security events can be verified and false positives eliminated via correlation with other information such OS fingerprinting, netflows, vulnerability information, etc. It is the value proposition of SIEM and their added value even though it does not work all the times.
NopSec
OCTOBER 23, 2012
Every day I get tot talk to a lot of infosec professionals and business people regarding vulnerability management. They tell me that using the various $BRANDS of commercial vulnerability scanners out there and they tell me they are very frustrated. Information overload The average scanner produced a huge amount of “raw” data that they to sort through.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Privacy and Cybersecurity Law
SEPTEMBER 5, 2012
In keeping with her stance on overly-invasive employee background checks, British Columbia’s Information and Privacy Commissioner, Elizabeth Denham, has issued […].
Privacy and Cybersecurity Law
JULY 16, 2012
We have all been asked before to provide copies of our passports to organisations such as telecoms providers, hotels and car rental companies. […].
Privacy and Cybersecurity Law
JUNE 21, 2012
Following our recent blog post, the Article 29 Working Party has adopted a document (WP195) on Binding Corporate Rules (“BCRs”) for processors […].
Privacy and Cybersecurity Law
MAY 31, 2012
The UK “grace period” for implementation of the cookie consent rule expired last Friday. The long-promised update to the ICO […].
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Privacy and Cybersecurity Law
AUGUST 7, 2012
The Data Protection Regulation is potentially back on track after a major roadblock was resolved. Germany is reported to have agreed […].
Privacy and Cybersecurity Law
DECEMBER 21, 2012
The Leveson Inquiry recently published its findings into UK press regulation. However Leveson also commented on the UK data privacy […].
Privacy and Cybersecurity Law
JUNE 6, 2012
Following on the heels of its December guidance on cloud privacy and security, NIST has released SP 800-146, “Cloud Computing […].
Privacy and Cybersecurity Law
JUNE 22, 2012
There have been further developments this week on the new ‘cookies rule’ with the Article 29 Working Party issuing its […].
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Privacy and Cybersecurity Law
JUNE 8, 2012
On May 8th, the FTC released its proposed consent order in its investigation of Myspace.com, finding the social networking site […].
Privacy and Cybersecurity Law
FEBRUARY 1, 2012
Canada’s Anti-Spam Legislation (CASL) was enacted in December 2010. Heard about it? It’s quite likely that you have, given its […].
Privacy and Cybersecurity Law
JULY 7, 2012
Privacy debates in connection with cloud computing often generate more heat than light! Some regulators (not in the UK!) have […].
Privacy and Cybersecurity Law
SEPTEMBER 21, 2012
We are all familiar with the ongoing saga of data breach, notifications to the Information Commissioner’s Office and the risk […].
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Privacy and Cybersecurity Law
MAY 16, 2012
The new EU Data Protection Regulation redefines consent of individuals. No longer, will it be sufficient for consents to be […].
Privacy and Cybersecurity Law
JUNE 26, 2012
The Department of Health & Human Services (HHS) is required under Section 13411 of the HITECH Act to conduct periodic […].
Privacy and Cybersecurity Law
JULY 13, 2012
Today is Friday 13th; so timely to consider the news stories this week saying that Google will soon be fronting up to […].
Privacy and Cybersecurity Law
JUNE 15, 2012
As you may already know, we’re hosting two seminars next week on the draft Data Protection Regulation. On Tuesday, 19 […].
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
51 
Let's personalize your content