WebSafe Shield
Home Compare Compare FAQ Account How We Scan PCI Compliance
 
 
Industry Notes

 

Introduction

From time to time I'll try to capture and make note of industry news and events. Feel free to check back here periodically. While I will focus on a variety of topics, I will lean towards news, issues and events as they affect the business owner, rather than being a purely technical discussion.

May 24, 2010 Browser history detection

Here's an interesting article about how a security researcher was able to view the browsing history of website visitors. Even with JavaScript turned, they could still read the browsing history for over 76% of over a quarter million participants.

March 21 , 2010 Password masking

I ran across an article the other day while conducting security research. It is interesting to see someone tackle traditional practices such as password masking that I stopped to read it even though it wasn't the initial focus of my research. The security industry is still in it's early stages, and practices established early should be revisited. Just as Galileo challenged traditional thinking, this person is addressing an area that is ripe to cause an immediate defensive action without any change in the foreseeable future. It makes for interesting reading and I suggest at least glance through it when you get the time.

Sept 08 , 2009 Internal IT snooping on corporate activity

While it has long been known that internal staff can pose a risk to corporate security, and is responsible for a fair portion of exploits, this is the first time I've run into an effort to quantify the degree of gaining improper access by internal employees. As reported by SC Magazine, in a survey by Cyber-Ark, they show a third of all IT employees have used their administrative access to gain access to information that they would not otherwise be privy to.

Jan 04 , 2009 Vulnerability of some SSL Certificates

There has been some recent discussion around the discovered vulnerability with some SSL certificates. Netcraft provided some research that quantified the issue. According to their estimate, 14% of websites utilize the MD5 signatures, which is the algorithm which is vulnerable. Fortunately there have not been any reports of this vulnerability being exploited.

Oct 16, 2008 Oracle White Paper on SQL Injection

Oracle has written an interesting white paper on SQL injection. It's clearly with the developer in mind rather than the business owner, but this topic still remains on of the top topics within the security industry.

The white paper states it "demystifies the topic and explains a straightforward approach" how to understand and address SQL Injection vulnerabilities. It gives the figure of 4 million hits on google for "SQL Injection", however it reported 3.2 million for me today. Regardless, the white paper is interesting, relevant and the interest is quite large. It makes for some good reading.

 
 
Home | About Us | FAQ | Seals | Security Review | Affiliate Program | Terms of Service | Privacy Policy | Careers | Contact Us
WebSafe Shield, Inc.