[Owasp-cincinnati] Selected Security News For The OWASP List
Marco M. Morana
marco.m.morana at gmail.com
Thu Sep 16 20:59:44 EDT 2010
OWASP
New OWASP mobile project open for contribution here
https://lists.owasp.org/mailman/listinfo/owasp-mobile-project.
InfoSec And AppSec news
Google Admits Firing Engineer Over Data Breach
According to The Wall
<http://www.foxbusiness.com/topics/business/wall-street-dow.htm> Street
Journal, Bill Coughran, senior vice president of engineering, confirmed the
firing of software engineer David Barksdale for "breaking Google's strict
internal privacy policies."
http://www.foxbusiness.com/markets/2010/09/15/google-admits-firing-engineer-
data-breach/
Want To Nuke A Website? A Botnet For Hire.. a commercial botnet has been
<http://www.damballa.com/IMDDOS/> established by a China-based managed
services provider (MSP) for anyone wishing to take down a website using
Distributed Denial of Service attacks.
http://www.tomsguide.com/us/botnet-IMDDOS-Damballa-MSP-cyber-hitmen,news-802
3.html
New commercial DDoS botnet discovered
Researchers have discovered a fast-growing botnet that was designed as part
of a commercial service for launching distributed denial-of-service (DDoS
<http://www.scmagazineus.com/search/ddos/> ) attacks against any target.
http://www.securecomputing.net.au/News/232181,new-commercial-ddos-botnet-dis
covered.aspx
Mexican Twitter-controlled botnet unpicked
Security researchers have discovered another botnet that uses Twitter as a
command and control channel.
http://www.theregister.co.uk/2010/09/15/mexican_twitter_botnet/
Secure App Development Can Lead To Cost Savings, Study Says
"The study found that companies are realizing substantial benefits from
[secure software assurance] right out of the box, saving as much as $2.4M
per year from a range of efficiency and productivity improvements, including
faster, less-costly code scanning and vulnerability remediation, and
streamlined compliance and penetration testing," the report says.
http://www.darkreading.com/vulnerability_management/security/app-security/sh
owArticle.jhtml?articleID=227400302
[ISN] Fraud At Sprint Offers Lessons For Enterprises, Experts Say
Last week, nine Sprint employees were charged with misusing their access to
the telecommunications giant's systems to redirect phone charges to other
customers by "cloning" their cell phones -- to the tune of more than $15
million in fraudulent charges in the first six months of this year.
http://www.darkreading.com/insiderthreat/security/management/showArticle.jht
ml?articleID=227300424
80% of network attacks target web-based systems
2010 has brought the use of the Internet for conducting business to an
all-time high; however, attacks continue to strike networks more than ever
by using sophisticated techniques.
http://www.net-security.org/secworld.php?id=9880
SQL Injection Attacks, A Growing Menace
Cisco, in its worldwide threat report (Q2-2010), discloses that there has
been a significant rise in IPS SQL injection attacks during the 3-months
time when websites, hijacked through SQL insertions, surged.
http://www.spamfighter.com/News-15078-SQL-Injection-Attacks-A-Growing-Menace
.htm
Product Watch: New Tool Moves Browser Into Virtual Environment For Security
Invincea, a security firm originally funded by the Defense Advanced Research
Projects Agency (DARPA) to build a prototype virtualized browser, today
rolled out a Windows application that places Internet Explorer (IE) into a
virtual environment in order to protect the underlying system from Web-based
attacks
http://www.darkreading.com/security/app-security/showArticle.jhtml?articleID
=227400269
HTTP Strict Transport Security (HSTS) is a proposed web security policy
mechanism where a web server declares that complying user agents (such as a
web browser <http://en.wikipedia.org/wiki/Web_browser> ) are to interact
with it using secure connections only (such as HTTPS
<http://en.wikipedia.org/wiki/HTTP_Secure> ).
http://en.wikipedia.org/wiki/Strict_Transport_Security
Marco Mirko Morana
OWASP Cincinnati USA Chapter Lead
Writing Secure Software Blogger
Application Threat Modeling Book Author
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-cincinnati/attachments/20100916/7d54e982/attachment.html
More information about the Owasp-cincinnati
mailing list