Heb jij interessante links en informatie die niet in deze rubriek mogen ontbreken, mail deze dan naar lezers@computable.nl.
Passive Network Analysis
SecurityFocus | Stephen Barish | 28 september 2007
In sports, it's pretty much accepted wisdom that home teams have the advantage; that's why teams with winning records on the road do so well in the playoffs. But for some reason we rarely think about "the home field advantage" when we look at defending our networks. After all, the best practice in architecting a secure network is a layered, defense-in-depth strategy. We use firewalls, DMZs, VPNs, and configure VLANs on our switches to control the flow of traffic into and through the perimeter, and use network and host-based IDS technology as sensors to alert us to intrusions.
Security Experts Warn of Web 2.0 Woes
eSecurityPlanet | Sean Gallagher | 5 november 2007
RESTON, Va. — While Web 2.0 applications might be all the rage for developers and increasingly important in the enterprise, security experts warn they represent a serious threat — a fact that won't change until businesses start demanding greater protections. That was the theme at the New New Internet conference here last week, where a panel of security experts told audience members that Web 2.0 application developers lack tools to secure their applications, creating a problem unlikely to be fixed without greater prompting by IT management.
Myth-Busting AJAX (In)security
WhiteHat | Jeremiah Grossman | 11 november 2006
The hype surrounding AJAX and security risks is hard to miss. Supposedly, this hot new technology responsible for compelling web-based applications like Gmail and Google Maps harbors a dark secret that opens the door to malicious hackers. Not exactly true. Even the most experienced website developers and security experts have a difficult time cutting through the buzzword banter to find the facts. And, the fact is most websites are insecure, but AJAX is not the culprit. Although AJAX does not make websites any less secure, it’s important to understand what does.
The business case for security frameworks
Web Application Security Consortium | Robert Auger | 22 april 2007
One of the reasons why vulnerabilities are still common-place is because new generations of developers are making the same mistakes. I don't put the majority of the blame on them because they may not know any better. Many of the people that I know who've attended college don't have training for programming securely and the few that do only have these classes available in grad school (and this isn't the norm). Even then these courses are only covering buffer overflows and don't get to cover some of the popular vulnerability types such as sql injection or xss. For starters the majority of programmers don't have masters degree's or access to secure development training, and need direction on security practices which can take months, even years to develop on their own. The problem is that until they have these security skill sets they may be writing vulnerable code.
Counting the Cost of Cyber Crime
Net Security | Colm Murphy | 18 juni 2007
It has been a busy month in cyberspace. TJX, the massive worldwide fashion retailer, is finally releasing some of the gory details of the recent hack which saw over 45 million credit and debit card details stolen from their databases. It seems that the entire fiasco has cost the company an estimated $17 million to date. Interestingly, in a statement, the company goes on to say that “Beyond these costs, TJX does not yet have enough information to reasonably estimate the losses it may incur arising from this intrusion, including exposure to payment card companies and banks, exposure in various legal proceedings that are pending or may arise, and related fees and expenses, and other potential liabilities and other costs and expenses”.
NGN
Ict-professionals presteren beter wanneer ze met elkaar in contact staan. Zo kunnen ze tips uitwisselen, ervaringen delen, en ontdekken dat ze niet alleen staan. Het platform daarvoor is de NGN (Netwerk Gebruikersgroep Nederland), het platform voor ict-professionals. De NGN brengt sinds 1989 ict- en netwerkprofessionals met elkaar in contact, en vormt een onafhankelijk en onpartijdig platform waar 3.000 leden kennis opdoen en ervaringen met elkaar uitwisselen.
Microsoft Security Intelligence Report (webcasts)
The Microsoft Security Intelligence Report (SIR) provides an in-depth perspective on the changing threat landscape including software vulnerability disclosures and exploits, malicious software (malware), and potentially unwanted software. Each individual report focuses on data and trends observed in either the first or second half of each calendar year and uses historical data to provide context. The purpose of the SIR is to keep Microsoft’s customers informed of the major trends in the threat landscape and to provide valuable insights and security guidance designed to help customers improve their security posture in the face of these threats..
Symantec Security Response Weblog
Stay on top of internet security trends. The Symantec Security Response Weblog has been created to provide a forum for the team to share ideas and commentary on emerging issues and trends.
CRN Topic Security
Ons zusterblad CRN heeft een site met veel nieuws en meningen uit de markt over security die interessant zijn voor het Nederlandse ict-kanaal.
ITtoolbox Security Knowledge Base
Professional IT Community for Security.
Jupiter Webcasts: Security
Gnucitizen
GNUCITIZEN is a Cutting-edge, Ethical Hacker Outfit, Information Think Tank, which primarily deals with all aspects of the art of hacking. Our work has been featured in established magazines and information portals, such as Wired, Eweek, The Register, PC Week, IDG, BBC and many others. The members of the GNUCITIZEN group are well known and well established experts in the Information Security, Negative Public Relations (PR) Industries and Hacker Circles with widely recognized experience in the government and corporate sectors and the open source community.
PlayNoEvil Game Security News & Analysis
On Anti-Cheating, Piracy, Gold Farming, RMT, and Other Security, Industry, Virtual Worlds, Skill Games, Asian Online Games, Gambling, and IT Security News,
Privacy Rights Clearinghouse
A Chronology of Data Breaches.
Schneier on Security
A blog of Bruce Schneier covering security and security technology.
Panda Security-blogs
– Panda Research Blog, waarin veel over antimalware-beveiligingstechnieken wordt geschreven.
– PandaLabs Blog, waarin veel malware en de werking ervan wordt beschreven.
Van beveiliging naar vertrouwen
In het komende tijdperk zal de aanpak van informatiebeveiliging volledig op zijn kop worden gezet vanwege de overgang van een industriële- naar een kenniseconomie. De huidige aanpak van informatiebeveiliging heeft een enorme remmende werking op de kennisontwikkeling binnen een aantal cruciale bedrijfstakken. Is het protectionisme van bedrijven, afdelingen en zelfs individuen niet al een ‘zinvolle' grens gepasseerd? We hebben immers de overgang van een industriële- naar een kenniseconomie al voor een belangrijk deel achter de rug.
Zen and the Art of Information Security
Bijdrage van expert Michiel Broekhuijsen aan het weblog van Andarr.
Security.nl
Security.nl brengt dagelijks nieuws en achtergronden op het gebied van informatiebeveiliging, privacy en gegevensbescherming.
Privacy in the clouds
Informational self-determination refers to the ability of individuals to exercise personal control over the collection, use and disclosure of their personal information by others. It forms the basis of modern privacy laws and practices around the world. Download whitepaper.