Internet Security Blogs
In the wake of long-overdue media attention to revelations that a business unit of credit bureau Experian sold consumer personal data directly to an online service that catered to identity thieves, Experian is rightfully trying to explain its side of the story by releasing a series of talking points. This blog post is an attempt to add more context and fact-checking to those talking points. Experian has posted several articles on its Web properties that lament the existence of “inaccurate information about Experian circulating in news outlets and other Web sites.” “It’s no surprise that cybercrime and data breaches are hot topics for media and bloggers these days,” wrote Gerry Tschopp, senior vice president of public affairs at Experian. “Unfortunately, because of all the attention paid to these topics, we’ve seen some inaccurate information about Experian circulating in news outlets and other Web sites. Krebs on Security
Why Privacy Is Actually Thriving Online By Nathan Jurgenson Monday, March 31 74 Comments The explosion of personal information online is giving rise to new mysteries, new unknowns. From Danger Room From Danger Room
User-targeted attacks, such as XSS, often involve manipulating the server or browser into behaving in a manner not originally intended. While this has always been a serious risk, new HTML5 technologies enhance browser capabilities enough to make client-side attacks an increasingly inviting attack vector. For a web developer, protecting the client has traditionally been limited to preventing client-side injection and browser manipulation. Beyond that, there was not much more that could be done other than helping users to make smart security decisions. Xato
The owner of this blog does not accept responsibility for the actions of any users of this site. This blog does not encourage or condone any illegal activity, or attempts to hack into any network. All information in this blog comes from the Internet research, so I´m not responsible for the damage caused by this shared information. Nothing contained in this blog is intended to teach or encourage the use of security tools or methodologies for illegal or unethical purposes. Sawu Bona
The usually awesome XKCD cartoon opines that "the right to free speech means only that the government cannot arrest you for what you say". This is profoundly wrong in every way that something can be wrong. The First Amendment to the constitution says that "Congress shall pass no law abridging freedom of speech". Errata Security
Stack Exchange Security Blog ServerFault user ewwhite describes a rather interesting situation regarding application distribution wherein code must be compiled in production. In short he wants to keep track of changes to a specific directory path and send alerts via email. Let’s assume that there already exists some basic form of auditd in play, so as such we’ll be building out a snippet to be inserted into your existing /etc/audit/audit.rules. Ed was sparse on some of the specifics related to the application, understandably so, so let’s make some additional assumptions. Let’s assume that the source code directory in question is “/opt/application/src” and that all binaries are installed into “/opt/application/bin“.