Owner: Information Security Short Takes URL:http://www.shortinfosec.net Join Date: Mon, 11 Aug 2008 02:00:46 -0500 Rating:0 Site Description: Analysis and tutorials on Information Security and ICT Strategy Site statistics:Click here
Real and Bizarre Information Security Situations 2008-08-10 07:08:43 Information security has a lot of flaws and errors. Some of them are caused by persons, some by technology. And most of them are so flagrant, that no one would believe that they are possible. Here is a list of the most bizarre but real situations in information security that I encountered during the years of my work (naturally, everything is anonymized):An organization had a secure site where the Read more:Bizarre
Competition Software Testing - Benefits and Risks 2008-08-09 16:56:14 Testing of any solution, especially software is a very slow and painful process, which requires a lot of human resources and proper design of test scenarios. Because of the slowness of the process, something can be missed.So a number of companies organize competitions in which they offer rewards to whomever breaches the security, finds a bug or similar activity to their software. Jon Oltsik in a t Read more:Software
, Testing
, Benefits
, Risks
Cloud Computing - Premature murder of the datacenter 2008-08-25 03:06:12 Last week Amazon announced it's new cloud computing service - The Amazon’s Elastic Block Store (EBS) . It's a remote storage service, with excellent storage/cost ratio which is even advertised as replacement for large storage systems of the enterprise. Naturally, the ever controversy seeking journalists hurried to declare time of death to the enterprise data center and included this view:Though Read more:Cloud
, Computing
, Premature
, murder
, datacenter
Thrown in the Fire - Database Corruption Investigation 2008-09-18 10:47:31 Analyzing an incident when the manufacturer claims that it's an operator error and the operator claims that it is an application error is one of the most daunting tasks of a security officer.And this is a type of incident that the security officer will be called upon to investigate simply because the management needs an independent observer and has doubts both in the operator as well as the manufa Read more:Thrown
, Database
, Corruption
Protecting from Meddling Web Applications 2008-10-21 02:49:25 The current trend of web2.0 (or AJAX) is to abstract all processing from the local computer resources and just present the final 'drawing' of the web application, which contains only forms or lightweight widgets that pose very low security threat. However there are a lot of software companies that are still sticking to some old school (read outdated and insecure) programming technologies for web a Read more:Protecting
, Applications