Intrepidus Group
Insight

Monthly Archives: November 2007

Phishing joins the SANS Top 20

Posted: November 29, 2007 – 5:10 pm | Author: | Filed under: Phishing

Phishing is now recognized as a 2007 SANS Top 20 risk, and rightly so. What I was even more excited to see is SANS calling out the countermeasure correctly. They didn’t recommend deploying millions of dollars worth of technology to “catch” phishing attacks, but said “user awareness is a key defense. The most promising method […]

Owning Rails 2.0 Cookies at OWASP: Part II

Posted: November 19, 2007 – 2:05 pm | Author: | Filed under: Conferences, Web Apps

The OWASP conference proved to be a great ground to bring up this topic of the proposed Rails 2.0 cookie storage structure. I’ve had quite a few conversations with ASP.Net guys since this post comparing the Rails 2.0 Cookie storage verses Microsoft’s ViewState. While I agree there are quite a few similarities, I think there […]

Owning Rails 2.0 Cookies at OWASP

Posted: November 14, 2007 – 11:37 am | Author: | Filed under: Conferences, Web Apps

If you’re out at the OWASP AppSec conference in San Jose this week, we invite you to come hear a presentation about Ruby on Rails security. We’ll mostly be covering how Rails holds up to standard web attacks (SQL Injection, Session Riding, XSS, and on down the list), but also adding in a little deeper […]

Phishme Update

Posted: November 12, 2007 – 2:27 pm | Author: | Filed under: Phishing

The development of our phishing attack emulation service, to be hosted at www.phishme.com, is on target for a February 2008 release. We are in the midst of alpha testing at this time and hope to be ready for beta in January 2008. At that time, we will be opening up the service for free evaluation. […]

Google? Andriod? Open Handsets? Security nightmare

Posted: November 6, 2007 – 10:54 am | Author: | Filed under: Mobile Security, Techno

We might finally have some decent mobile viruses to worry about. Why is it that McAfee’s VirusScan Mobile is only Windows Mobile 5 and 6? Simply put, it’s because that platform gives the end-user enough rope to hang themselves. Users can grab a .CAB file of the brick breaker game from only god knows where […]

image

This site is protected with Urban Giraffe's plugin 'HTML Purified' and Edward Z. Yang's Powered by HTML Purifier. 24320 items have been purified.