Attacks/Breaches
11/25/2013
11:06 AM
John Klossner
John Klossner
Commentary
100%
0%

Cartoon: You Might Be A Security Expert If...

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
11/26/2013 | 7:57:07 AM
Not crazy but....
Funny cartoon but is it true? Is paranoia now a part of the job description for IT security professionals? Or maybe I am  just being paraonoid.
Susan Fogarty
50%
50%
Susan Fogarty,
User Rank: Apprentice
11/26/2013 | 10:39:49 AM
Re: Not crazy but....
Unfortunately I think it is true, especially when you're talking about corporations that are potential targets because they have data that could be valuable in many different ways. I know several mobile security consultants who advise IT managers to start with the assumption that any device has been breached, and go from there in protecting enterprise data and apps. It's a jungle out there!
J_Brandt
50%
50%
J_Brandt,
User Rank: Apprentice
11/27/2013 | 5:04:09 PM
Re: Not crazy but....
Paranoia isn't just for security professionals.  A healthy security awareness program for users looks to promote a little bit of paranoia in everyone doesn't it?
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
12/2/2013 | 8:09:14 AM
Re: Not crazy but....
J_Brandt.That's a great point about injecting a healthy dose of paranoia as part of a corporate security awareness program. What have you found to be the right amont of scare tactics in user security training. When does too much paranoia seem crazy and counter productive?
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading, January 2015
To find and fix exploits aimed directly at your business, stop waiting for alerts and become a proactive hunter.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-3580
Published: 2014-12-18
The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a REPORT request for a resource that does not exist.

CVE-2014-6076
Published: 2014-12-18
IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote attackers to conduct clickjacking attacks via a crafted web site.

CVE-2014-6077
Published: 2014-12-18
Cross-site request forgery (CSRF) vulnerability in IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.

CVE-2014-6078
Published: 2014-12-18
IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 do not have a lockout period after invalid login attempts, which makes it easier for remote attackers to obtain admin access via a brute-force attack.

CVE-2014-6080
Published: 2014-12-18
SQL injection vulnerability in IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.