From Security Weekly WikiJump to navigationJump to search
[http://isc.sans.org/diary.html?storyid=3456 Protecting Mobile users - ideas?] - [PaulDotCom] - Chris is right, we need to protect our mobile users. However, traditional methods such as logging on with user privs, A/V, anti-spyware, and firewalls just aren't enough. Malware is too smart, and users are too dumb. We almost need to wipe mobile users machines on a regular basis, and keep the data separate and protected. It would be a neat experiment, store all your data on an encrypted thumbdrive, then your machine gets wiped everytime you come back to the office... I know, I am the "Mad Security Geek".
[http://www.milw0rm.com/exploits/4482 A nice healthy SQL Injection Exploit] - [PaulDotCom] - A notice to all companies producing web applications, when a vulnerability is found in your product, take down your demo site.
[http://blogs.technet.com/bluehat/archive/2007/09/28/the-new-security-disclosure-landscape.aspx RFP Emerges, Speaks about disclosure] - [PaulDotCom] - According to RFP, testing someone else's web site is a no-no. Quote: ''"NO MATTER YOUR INTENTIONS, LOOKING FOR SECURITY VULNERABILITIES IN THIRD-PARTY WEB SITES (without permission) IS ILLEGAL PER THE LAWS OF YOUR COUNTRY. Period. "'' Whoa. This could go either way. I've seen some people be happy that you found a vuln in their web site, and I can definitely see it going the other way. Thoughts? Oh, and where has RFP been since 2003 anyway? BTW, check out some [http://www.microsoft.com/technet/security/bluehat/2007fall.mspx podcasts from Microsoft.]