toe-policing.mailbox@northumbria.pnn.police.uk
ccTAYLORG@unhcr.org
bccemail@techwebnewsletters.com
dateFri, Oct 28, 2011 at 2:40 PM
subjectReport of crime/Fwd: Six Deadly Security Blunders Businesses Make
mailed-bygmail.com
Images from this sender are always displayed. Don't display from now on.
hide details 2:40 PM (0 minutes ago)
Hi,
Someone have registered me on a newsletter.
Regards,
Erik Ribsskog
---------- Forwarded message ----------
From: Dark Reading Weekly
Date: Thu, Oct 27, 2011 at 5:57 PM
Subject: Six Deadly Security Blunders Businesses Make
To: eribs.skog@gmail.com
If you are unable to see the message below, click here to view.
Dark Reading Weekly: Issue Highlights
• NEWS: Six Deadly Security Blunders Businesses Make
• KEYHOLE: The Eight Traits Of Highly Successful Security Startups
• BLOG: Authentication With Hardware
• ANALYTIC REPORT: Database Breaches: Lessons Learned From Real-World Attacks
• WHITEPAPER: Mobility's Next Challenge: 8 Steps To A Secure Environment
• NEWS FEED: Online Fraud Survey Results: 1/3 Of Consumers Don't Trust The Government
• TECH CENTER: TDL4 Botnet Now Even Harder To Kill
• DEEP INSPECTION: Physical, Logical Security Worlds Continue Slow Convergence
• BEST OF THE WEB: Trojan Hack Lands Cycle Star Floyd Landis With Suspended Sentence (TECH WORLD)
• BUGS: netvolution
Manage Subscription | Contact Dark Reading | Newsletter Contact
FOLLOW US JOIN US
Thursday, October 27, 2011 KEYHOLE | BLOG | NEWS FEED | TECH CENTERS | DEEP INSPECTION | BEST OF THE WEB | BUGS
THE LATEST SECURITY NEWS ANALYSIS:
Six Deadly Security Blunders Businesses Make
Small, subtle mistakes can lead to big security breaches
Time To Automate Web Defenses?
Tying vulnerability scanners and Web application firewalls together can help tighten Web security without developer pain -- but trust is still a problem
Tool Lets Single Laptop Take Down An SSL Server
Yet another strike against SSL security
Pocket Guide To Securing Mobile Devices
With workers bringing their own smartphones and tablets into the company, IT security needs to focus on creating a more secure environment, not on securing each device
MORE NEWS
KEYHOLE:
The Eight Traits Of Highly Successful Security Startups
Best new companies are those that are willing to take a chance, SINET study says
Spam Gang Puts Up 80 URL-Shortening Service Sites
Symantec discovers spammers leaving their own URL-shortening services open to the public
Contract Worker Steals Personal Data On 9 Million Israelis
Worker created a searchable database in order to sell it to private buyer, officials say
MORE KEYHOLE
BLOGS:
Authentication With Hardware
Posted by Taher Elgamal
Needed: a unified way for users to log in websites regardless of the device they are using
Sinkholing For Profit
Posted by Gunter Ollmann
Concerns over the legality and ethics of security organizations that profit from their sinkhole operations
Authentication Reality Check
Posted by Taher Elgamal
Two-factor authentication products slow to catch on
FFIEC Goes Beyond Traditional Authentication
Posted by Richard E. Mackey, Jr.
The FFIEC recommends that organizations provide additional business and fraud detection controls to offset weaknesses in authentication technology
MORE BLOGS
ANALYTIC REPORTS & WHITEPAPERS:
FEATURED REPORTS
Database Breaches: Lessons Learned From Real-World Attacks
There's been a rash of major database breaches, including those at Gawker.com, McDonald's, and Walgreens. All the companies had solid resources at their disposal, so what went wrong? In this Tech Center report, we profile five database breaches -- and extract the lessons to be learned from each. Plus: A rundown of six technologies to reduce your risk.
DOWNLOAD NOW (Registration Required)
Want Stronger Security? Partner With Compliance Pros
Security professionals often view compliance as a burden, but it doesn't have to be that way. By embracing government and industry requirements, and by working with the teams responsible for enforcing them, the security organization can use compliance to strengthen company defenses and help fund critical security initiatives. In this report, we show the security team how to partner with the compliance pros.
DOWNLOAD NOW (Registration Required)
MORE ANALYTICS
FEATURED WHITEPAPERS
Mobility's Next Challenge: 8 Steps To A Secure Environment
Taking your company's mobile capabilities to the next level -- whether on personally or company-owned devices-requires a lifecycle management plan that encompasses application security, development, distribution, support, and enhancement. We show you how to get there and provide insight into five mobile application development options.
DOWNLOAD NOW (Registration Required)
MORE WHITEPAPERS
NEWS FEED:
Online Fraud Survey Results: 1/3 Of Consumers Don't Trust The Government
Symantec Reports Record Second Quarter Fiscal 2012 Results
CyberPatriot IV Begins Competition Season
F5 Revenue Exceeds One Billion Q4 And Fiscal 2011 Earnings
IBM Closes on Acquisition Of Q1 Labs
MORE NEWS FEED
TECH CENTERS:
From The Advanced Threats Tech Center:
TDL4 Botnet Now Even Harder To Kill
Infamous botnet revamped to make its malware even more difficult for enterprises, security researchers, to detect
From The Authentication Tech Center:
Tool Lets Single Laptop Take Down An SSL Server
Yet another strike against SSL security
From The Cloud Security Tech Center
Spam Gang Puts Up 80 URL-Shortening Service Sites
Symantec discovers spammers leaving their own URL-shortening services open to the public
From The Compliance Tech Center
Compliance Holds Up Los Angeles Google Apps Deployment
Google Apps deployment has been long delayed due to security issues, but that doesn't mean security compliance is impossible with the cloud-based service
From The Database Security Tech Center:
Contract Worker Steals Personal Data On 9 Million Israelis
Worker created a searchable database in order to sell it to private buyer, officials say
From The Insider Threat Tech Center:
Air Force Says Malware Discovered 'A Nuisance,' Not A Keylogger
Officials say online credential-stealing malware was isolated to mission support systems separate from flight systems
From The Security Monitoring Tech Center:
Tech Insight: The Smart Way To Gather Security Intelligence
Proper logging and correlation, reporting, alerting are key to handling security events
From The Security Services Tech Center:
Startup To Launch New Brand Of SaaS For Post-Incident Response
'Data loss management' firm officially launches this week
From The SMB Security Tech Center:
Yet Another Bank Sued By A Small Business For Fraudulent Hacker Transfers
According to Village View, Professional Business Bank says bank responsible for $465K loss to hackers, plus fees and damages suffered in online account breach
From The Vulnerability Management Tech Center:
Time To Automate Web Defenses?
Tying vulnerability scanners and Web application firewalls together can help tighten Web security without developer pain -- but trust is still a problem
DEEP INSPECTION:
Physical, Logical Security Worlds Continue Slow Convergence
'Guards, gates, and guns' organizations say cybersecurity has become a top priority
MORE DEEP INSPECTION
BEST OF THE WEB:
Trojan Hack Lands Cycle Star Floyd Landis With Suspended Sentence (TECH WORLD)
The prosecution in the case against former Tour de France cyclist Floyd Landis says he should receive an 18-month suspended sentence for his alleged role in a plot to hack the French national anti-doping laboratory
Appeals Court Says Some Claims May Proceed In Hannaford Data Breach Lawsuit (COMPUTERWORLD)
The U.S. Court of Appeals for the First Circuit has ruled that some consumers can seek compensation for their fraud-prevention expenses from Hannaford in the wake of its data breach
Exclusive: Medtronic Probes Insulin Pump Risks (REUTERS)
Medtronic asked software security experts to study the safety of its insulin pumps in the wake of revelations about a new flaw in a model of one of its pumps
MORE BEST OF THE WEB
BUGS: ENTERPRISE VULNERABILITIES:
Vulnerability: netvolution
Published: 2011-10-21
Severity: High
Description: SQL injection vulnerability in default.asp in ATCOM Netvolution 1.0 ASP allows remote attackers to execute arbitrary SQL commands via the bpe_nid parameter.
Vulnerability: netvolution
Published: 2011-10-21
Severity: Medium
Description: Cross-site scripting (XSS) vulnerability in ATCOM Netvolution 1.0 ASP allows remote attackers to inject arbitrary web script or HTML via the email variable.
Vulnerability: netvolution
Published: 2011-10-21
Severity: Medium
Description: Cross-site scripting (XSS) vulnerability in default.asp in ATCOM Netvolution allows remote attackers to inject arbitrary web script or HTML via the query parameter in a Search action.
WEBCASTS:
Challenges And Results In Automatic Malware Analysis And Classification
Oct. 27: With the astonishing rate of new and modified malware samples being released daily, automation of analysis is needed to classify and cluster together similar samples, exclude basic and uninteresting variations, and focus costly manual analysis work on novel and interesting features. This Black Hat webcast will discuss the challenges in analyzing large malware datasets in a (semi)automatic fashion, and some recent research results that might help with the task. More Information & Registration
Mobile Devices And Security--What Now?
Oct. 27: The landscape around mobile devices and mobile device security is changing rapidly. Users continue to put demands on IT to connect their personal devices to the network to conduct business, and you need to secure these devices and protect your organization's data. Join Alan Phillips, mobile security expert with Sophos, to learn about the new security challenges surrounding mobile devices. More Information & Registration
MORE WEBCASTS
RESOURCES AND EVENTS:
Six Decision Factors For Hardware-Based Authentication
Tokens, smartcards, biometrics, and other hardware-based authentication technologies provide a significant layer of security for sensitive enterprise data. But the wrong choice, or a mishandled implementation, can mean unexpected costs and management overhead, device failure, and user rejection. We explore the pros and cons of the various technologies, and help you choose the right approach for your company.
Download Now (Registration Required)
ACSAC '11
Dec. 5-9, Orlando, Fla.: ACSAC brings together 200 security professionals from academia, government, and industry with an interest in applied security to learn about the latest advances in the field, as well as to exchange ideas and experiences.
Register Now
SANS Cyber Defense Initiative (CDI) 2011
Dec. 9-16, Washington, D.C.: Knowledge is power, especially when the knowledge is about the latest attacks and what to do about them. Now is the time to be sure you know how the newest attacks work and what can and cannot be done to stop them or mitigate the damage. Now is the time to be sure that your tools are up to the task of finding, blocking, and deciphering hacking attacks. Now is the time to take the training you need.
Register Now
Black Hat Abu Dhabi
Dec. 12-15: Black Hat will host its second event in the Middle East in Abu Dhabi with a full contingent of selected Training--including new courses on mobile hacking and PHP security--and three tracks of Briefings.
Register Now
This e-mail was sent to eribs.skog@gmail.com
Dark Reading Weekly Newsletter
-- Published By Dark Reading
600 Community Drive
Manhasset, NY 11030
UNSUBSCRIBE | SUBSCRIBE
Keep Getting This Newsletter
Don't let future editions of Dark Reading Weekly go missing.
Take a moment to add the newsletter's address to your anti-spam white list:
email@techwebnewsletters.com
If you're not sure how to do that, ask your administrator or ISP.
Or check your anti-spam utility's documentation.
We take your privacy very seriously. Please review our Privacy Statement.
© 2011 | United Business Media LLC | Privacy Statement | Terms Of Service
Contact Dark Reading | Newsletter Contact