Home » Information Security » Page 5
Why "same domain policy"?
Information Security
I want to run an untrusted program in SELinux (or other) sandbox. If I allow this program to connect to every port of every server (except of probably localhost and 127.*), will it compromise security?More generally, what is the purpose of same domain policy? Is it only because cookies? (If so, it's OK for me, as my software does not use cookies.)

SELinux vs AppArmor
Information Security
I want to run an untrusted program in a sandbox. I allow this program to read/write already opened files and to connect to every port of every server (except of probably localhost and 127.*) and nothing else.What are arguments pro and contra SELinux vs AppArmor for this specific task?

Verizon wireless router is pinging my web server - is this ok or bad?
Information Security
So I'm working from a local cafe, doing some web development, and need to see something in my Apache's access log. And to my surprise, in the log I see, every 30 seconds or so, a request for my root web page, coming from 192.168.1.1 -- the cafe's Verizon router. Is this a normal or known behavior? Or is it Bad?

Which BCP/DRP sections are solely related to the software vendor?
Information Security
In a software project, a software vendor is responsible to deliver a piece of software. Everything else, including the infrastructure setup, database and application server installation/configuration/maintenance, etc. are not the responsibility of the software vendor.Contractually, the software vendor is to provide BCP (business contingency plan) and DRP (disaster recovery plan) documents. The que

Are all cipher suites with rc4 in them intrinsically flawed?
Information Security
I've been wondering lately if RC4 is so flawed in all its forms, why is it that it is still being supported by all major browsers per default? Why does the typical chrome browser prefer ECDHE-ECDSA-RC4128-SHA over ECDHE-ECDSA-AES128-SHA?

How do you compare risks from your websites, physical perimeter, staff etc
Information Security
In assigning budget rationally - ie proportionally to the risk in a particular area, how can you calculate the relative risks?I can think of examples where clients of mine have secured their websites very well, but have no security on their front door and no vetting of contractors - this seems crazy but usually boils down to the fact they have had no way to compare risks.Answers can be quantitativ

What is the point of spam like this?
Information Security
I fairly often happen across forums spammed with messages such as: Arugula (Eruca sativa) is an quarterly green, pretended or roquette. It's been Traditional times, overclever 20 flat has be useful to "foodie" movement.Before impediment 1990s, thrill was norm harvested foreign wild. Colour has naturalized reactionary world, on top of everything elseloftier Europe addition North America. Arugu

Convince the company not to store credit card numbers in our webapp
Information Security
The company I work for needs a system to perform monthly credit card charges to customer accounts. Customers will be able to update their credit card information from an online interface written in PHP (which will be presented through HTTP over SSL). The monthly charges will be run manually through a password-protected admin area of the same interface, which will basically amount to a batch call t

How to estimate the cost of an application vulnerability?
Information Security
I've seen data on the cost of a breach including lot of surveys and research by Verizon and the Ponemon Institute. But in terms of an actual vulnerability, what are the factors to consider to determine the cost? Few things I had in mind are: Risk factor: SQL Injection vs Reflected XSSCost to detect manually or by automated scannersCost to fix in terms of developer hoursCosts associated with vulner

DNS queries to compromise DNS cache
Information Security
The transaction ID for DNS queries can take values from 1 to 65,536 and my computer pseudorandomly chooses one for each DNS request. If I sents 1,024 false replies per request, how many requests should I trigger to compromise the DNS cache with probability 99%? or as close tot hat as I can get. ThanksI'm getting a result of .6 requests which doesn't seem right to me. Feel as though it should be ar

Privacy Policy - Copyrights Notice - Feedback - Report Violation - RSS 2017 © bighow.org All Rights Reserved .