Posted by Chris Eng in RESEARCH, October 30, 2008 |
Most consumers are aware that when you close a credit card account, it’s not really closed. For “convenience” reasons, recurring subscription charges such as your cable bill will continue to be approved. You can kind of see where the credit card companies are coming from, but it’s a pretty weak argument. The cable company just needs to notify me that the credit card on file is no longer valid, and I’ll update my information. Problem solved.
But that credit card weirdness is nothing compared to the one I’m about to describe.
Before we do that, …
Posted by Chris Wysopal in RESEARCH, October 25, 2008 |
First we had the Gov. Palin Yahoo email break in to teach us the vulnerabilities of weak password reset schemes. Now we have a Joe the Plumber government records snooper teaching us about proper computer account management.
The Columbia Dispatch is reporting that a state employee with access to a “test account” has been accessing Joe the Plumber’s government records:
“We’re trying to pinpoint where it came from,” she said. The investigation could become “criminal in nature,” she said. Brindisi would not identify the account that pulled the information on Oct. 16.
Records show it was a “test account” assigned …
Posted by Tyler Shields in RESEARCH, October 21, 2008 |
There is apparently a bit of fear going around information security circles that the next big trend in the disclosure wars is going to be “Partial Disclosure”. In the past, the vulnerability research community has embraced the concepts of “Full Disclosure” and/or “Non-Disclosure”. Once those concepts had been sufficiently played out, the general consensus was to move towards “Responsible Disclosure” whereby the security researcher responsibly discloses the discovered vulnerability to the vendor and works in a cooperative fashion in an effort to minimize the risk to the general user populous. This has worked well in the vast majority of cases …
Posted by Tyler Shields in RESEARCH, October 21, 2008 |
Welcome, come on in, have a seat. There is a cold beer in the fridge, help yourself!
I may be new to the team, but I’m (reasonably) old to the game. My name is Tyler Shields and I’m the latest addition to the Veracode research team. I started at Veracode in September 2008 as a Senior Security Researcher and have been immediately thrown into the fire. Working for a fast paced, highly energetic company like Veracode, keeps you busy and challenges you every day. I plan to blog on the most interesting pieces of my work with Veracode and hope that …
Subscribe by RSS 
