On May 19, Facebook, Google and Apple appeared before a Senate subcommittee on Capitol Hill lead by Senator John Rockefeller, D-West Virginia, and Senator John Kerry, D-Massachusetts, to discuss claims they are not adequately safeguarding their customers’ location privacy on mobile devices. […]
The Federal Communications Commission (FCC) and the Federal Trade Commission (FTC) plan a public forum next month on privacy concerns about cell phones and their ability to track the location of users.
The June 28 forum will include recommended best practices individuals can use to guard their privacy. […]
I recently installed Ubuntu 10.04 on a PC and for those of you who utilize a Linux or a Mac-based system with a need to access a CAC card reader you are in luck. I have researched all over the Internet and found the best site with full instruction on how installed a CAC reader that will work with Ubuntu and Firefox 3. […]
SANS will be back in Boston, MA with an exceptional information security training lineup this August. Why not get your management, security, and forensics training at SANS Boston 2011 on August 8-15? We are bringing our top courses and best instructors to make this the perfect training event for you! Register before June 29 and save $400. […]
While input validation vulnerabilities such as XSS and SQL injection have been intensively studied, a new class of injection vulnerabilities called HTTP Parameter Pollution (HPP) has not received as much attention. HPP attacks consist of injecting encoded query string delimiters into other existing parameters. If a web application does not properly sanitize the user input, a malicious user can compromise the logic of the application to perform either client-side or server-side attacks. This talk analyzes HTTP Parameter Pollution and presents the first automated system for the detection of HPP flaws in real web applications. We used this system to conduct a large-scale experiment by testing more than 5,000 popular websites and discovering unknown HPP bugs in many important and well-known sites such as Microsoft, Google, VMWare and PayPal. In this presentation we will describe the details of the architecture and of the algorithms we implemented to efficiently detect HPP vulnerabilities. We will conclude by discussing the HPP phenomenon and giving suggestions on how to prevent this novel class of injection vulnerabilities in future web applications. […]
Cyberthreats are evolving. Networks are evolving. And so are your security requirements.
Against a backdrop of cyber opponents who are faster, smarter, more prevalent, more targeted, and more elusive than ever before, how can you protect the growing number and types of operating systems, applications, services and users on your network? […]
If you like what the SANS Internet Storm Center (ISC) provides to the cyber security community, then you will love SANSFIRE! SANSFIRE 2011 is the one annual training event powered by the ISC. This years event will be held in Washington DC, July 15-24, and includes more than 25 courses and dozens of up-to-the-minute field reports from ISC handlers.Each evening, the ISC handlers share riveting talks on their most interesting experiences and newest cyber hazards. These special presentations are free to everyone who attends a course at SANSFIRE 2011. […]