[funsec] Feedback on EMET v2.0?
Wondering if folks here have any +/- feedback on Microsoft's EMET v2.0? http://blogs.technet.com/b/srd/archive/2010/09/02/enhanced-mitigation-experience-toolkit-emet-v2-0-0.aspx http://www.darkreading.com/blog/archives/2010/10/blocking_zero_d.html Cheers, --scm ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] Following Data Leak, Facebook Proposes Encryption for UIDs
In response to a discovery earlier this week that some Facebook applications were inadvertently sharing user information to third parties, Facebook engineers are proposing that Facebook UIDs become encrypted. Oh, gee, some real genius must have thought of that! Under the new proposal, the parameters that are passed back to iFrame-based applications will be encrypted using an application’s secret key, meaning that only the actual application will be able to read the information and accidental disclosures over HTTP headers will no longer be possible. http://mashable.com/2010/10/21/facebook-uid-encryption/ Following Data Leak, Facebook Proposes Encryption for UIDs - http://on.mash.to/bh3sIM OK, probably symmetric. So it's safe until it hits the game saerver. At which point ... (Game developers are just so inherently security concious ...) == rsl...@computercrime.org sl...@victoria.tc.ca rsl...@vcn.bc.ca If you do buy a computer, don't turn it on. - Richards' 2nd Law = for back issues: [Base URL] site http://victoria.tc.ca/techrev/ CISSP refs: [Base URL]mnbksccd.htm Security Dict.: [Base URL]secgloss.htm Book reviews: [Base URL]mnbk.htm [Base URL]review.htm Partial/recent: http://groups.yahoo.com/group/techbooks/ Review mailing list: send mail to techbooks-subscr...@egroups.com http://blogs.securiteam.com/index.php/archives/author/p1/ http://blog.isc2.org/isc2_blog/slade/index.html http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] Intellectual property, military, espionage, or politics?
http://www.fastcompany.com/1695219/cia-predator-drones-facing-ip-lawsuit Intelligent Integration Systems (IISi), a small Boston-based software development firm, alleges that their Geospatial Toolkit and Extended SQL Toolkit were pirated by Massachusetts-based Netezza for use by a government client. Subsequent evidence and court proceedings revealed that the government client seeking assistance with Predator drones was none other than the Central Intelligence Agency. IISi alleges in court papers that Netezza used a hack version of their software with incomplete targeting functionality in response to rushed CIA deadlines. As a result, Predator drones could be missing their targets by as much as 40 feet. == rsl...@computercrime.org sl...@victoria.tc.ca rsl...@vcn.bc.ca If you do buy a computer, don't turn it on. - Richards' 2nd Law = for back issues: [Base URL] site http://victoria.tc.ca/techrev/ CISSP refs: [Base URL]mnbksccd.htm Security Dict.: [Base URL]secgloss.htm Book reviews: [Base URL]mnbk.htm [Base URL]review.htm Partial/recent: http://groups.yahoo.com/group/techbooks/ Review mailing list: send mail to techbooks-subscr...@egroups.com http://blogs.securiteam.com/index.php/archives/author/p1/ http://blog.isc2.org/isc2_blog/slade/index.html http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.