Tags: security*

35 bookmark(s) - Sort by: Date ↓ / Title /

  1. "The net messages in all of this –

    A vendor that takes information security this serious probably deserves to be instantly added to your short-list, provided they have the requisite skill and experience in the products and services you seek.
    There are likely substantial vendor due diligence and annual re-certification expenses you can save as well. If a vendor can pass the SOC 2 Type II audit, there is little you will review that will trip them up. They have endured far worse. Just ask for their SOC 2 Type II report and certification documentation, review it to ensure your own comfort, then check the “Exceeds Requirements” box, and move on to the next vendor to review.
    Yes, we are essentially saying that SOC 2 Type II vendors should be given a “free pass” (of sorts). Give them an explicit opportunity to strut their stuff in your RFP process. And, by no means was it FREE. It has cost them dearly, but they think earning your business and peace of mind is worth it."
    https://www.mpamag.com/news/the-impor...ations-in-vendor-sourcing-108901.aspx
    Tags: , , , , by dnorman (2018-11-16)
  2. "In short, you must be able to cover not only security of the cloud (the cloud provider’s infrastructure), but also security in the cloud (how you configure and use the cloud infrastructure and services, as well as your applications and data) and security outside of the cloud (your software development processes, user endpoint devices, training and awareness, etc.)"
    https://jupiterone.io/blog/what-is-soc2-compliance
    Tags: , , , by dnorman (2018-11-16)
  3. Pearson online learning stores passwords in plaintext. Plaintext. How secure are other forms of student data they manage?
    https://langara.ca/news-and-events/la...0126-pearson-cyber-security-risk.html
    Tags: , , , by dnorman (2018-07-03)
  4. Level 1? Level 4? Confusion! Chaos!
    https://www.ucalgary.ca/policies/file...cies/im010-03-security-standard_0.pdf
    Tags: , , by dnorman (2018-05-07)
  5. time to squirt glue into laptop's USB ports…
    http://arstechnica.com/security/2016/...ransacks-password-protected-computers
    Tags: by dnorman (2016-11-16)
  6. A scenario that could happen based on what already has
    http://nymag.com/daily/intelligencer/...he-hack-that-could-take-down-nyc.html
    Tags: , , by dnorman (2016-06-23)
  7. Cloud-based server protection. Blocks bots and spammers by distributed (?) IP sniffing. Or something. Magic.
    https://bitninja.io
    Tags: , by dnorman (2016-06-18)
  8. awesome. unsecured bluetooth on wearables. even though the fitbit itself is encrypted, the device isn't. somehow.
    http://www.engadget.com/2015/10/21/fitbit-tracker-bluetooth-vulnerability
    Tags: , , , by dnorman (2015-10-21)
  9. Your computer is connected to a Wi-Fi network but you do not remember the password that you had earlier used to connect to this particular WiFi network. Maybe you forgot the password or maybe the network administrator entered it directly without revealing the actual password to you.

    You would now like to connect a second device, like your mobile phone, to the same WiFi network but how do you find out the password? You can either send a password request the WiFi admin or you can open the command prompt on your computer and retrieve the saved password in one easy step. The technique works on both Mac and Windows PCs.
    http://www.labnol.org/software/find-wi-fi-network-password/28949
    Tags: , , , by dnorman (2015-07-14)
  10. Scalp! is a log analyzer for the Apache web server that aims to look for security problems. The main idea is to look through huge log files and extract the possible attacks that have been sent through HTTP/GET (By default, Apache does not log the HTTP/POST variable).
    https://code.google.com/p/apache-scalp
    Tags: , , , , by dnorman (2014-12-03)

Top of the page

First / Previous / Next / Last / Page 1 of 4 Linky linky...: tagged with "security"

About - Propulsed by SemanticScuttle