Thursday Oct 16, 2008

Security Awareness Requirement for Web Application Developers

“Secure web application development has become imperative due to the new PCI-DSS mandate. Companies who choose to adopt the form of training offered by SCIPP will benefit from a trustworthy yet cost-effective security awareness program.”

~Howard A. Schmidt, former CISO for Microsoft and ebay, SCIPP Advisory Board Member

A free webinar on "Security Awareness Requirement for Web Application Developers"

WHEN: Wednesday, October 22, 2008

TIME: 1:30pm - 2:00pm EST

TOPIC: "PCI-DSS ALERT: Complying with the NEW Mandatory Security Awareness Requirement for Web Application Developers"

PRESENTER: Dow Williamson, CISSP, Executive Director.

CHANNEL: IT Certification and Training


How Important is Security ?

Estimates Put T.J. Maxx Security Fiasco At $4.5 Billion

The security Breach at TJX Companies Inc. could cost the company $100 per lost record, or a total of $4.5 billion, according to the calculations of a database security company.

NY Bank ‘loses’ 4.5M unencrypted customer records
In yet another unbelievable story of data irresponsibility, the Bank of New York (BNY) Mellon lost two sets of unencrypted backup tapes containing private data belonging to 4.5 million individuals. Third-party vendors misplaced the tapes during transport to off-site locations. According to the bank, the tapes "included shareowner and plan participant account information, such as name, mailing address, social security number, and transaction activity."

Save the Date attend the webinar on the 10th of October 2008 @ 1:30 PM EST.

Tuesday Jan 15, 2008

Meet Kevin ?

The one person I would like to meet in person sometime before I myself go six feet under is Kevin Mitnick. You may ask why ?? well, everybody has an idol. I have mine. Do I need to explain why ? I have my reasons... Having already spent four years in federal prison without a trial, without bail and for eight months in 23-hour-a-day solitary confinement, Kevin reached a plea agreement with the government. He was released from custody into supervised release in early 2000. In January 2003, Kevin was freed from those restrictions. Giving testimony before Congress, Kevin once said, "I have gained unauthorized access to computer systems at some of the largest corporations on the planet, and have successfully penetrated some of the most resilient computer systems ever developed. I have used both technical and non-technical means to obtain the source code to various operating systems and telecommunications devices to study their vulnerabilities and inner workings." In person, Kevin is completely forthright about the nature of his wrongdoings, but stresses in his own defense that he never used anything he obtained to gain monetary advantage. "All of this activity was to satisfy my curiosity; to see what I could do; and to find out secret information about operating systems, cell phones, and anything else that stirred my curiosity." That my friends is NOT what the world has made him out to be... but HE IS WHO HE IS. He is Kevin Mitnick and I admire the person for who HE is. Maybe someday I will...

Saturday Nov 04, 2006

Infocard browser restriction

Just an FYI discovery of the moment.. Infocard authentication (as I had blogged about earlier this week) currently works on Windows XP with WinFX CTP installed and with Internet Explorer 7 Beta 2 Preview only. I tried to install ie7 Beta 2 Preview on Windows Server 2003. But got an "installation" error as ie7 Beta 2 Preview is currently not supported on Windows Server 2003. ie7 Beta 2 Preview release notes can be found here. If anybody out there has been successful in installing ie7 Beta 2 Preview on Windows Server 2003, please let me know how you did it or if it was possible.

Friday Nov 03, 2006

Infocard Invoker with Self Signed Server Certificates

A few folks have been having issues using self signed server certificates to invoke the Identity Selector WinFX Component. Here's a short walkthorough on how to use a self signed certificate and save a few $$$'s from having to but a Certificate from a Trusted Authority. The key is to use the sha1rsa Signature Algorithm instead of using the default md5rsa Signature Algorithm.
openssl genrsa -des3 -out pass.key 1024 openssl rsa -in pass.key -out server.key openssl req -new -x509 -days 365 -sha1 -newkey rsa:1024 -nodes -keyout server.key -out server.crt Then copy the server.key and server.crt to your webservers config directory. cp server.key /etc/httpd/conf/ssl.key/ cp server.crt /etc/httpd/conf/ssl.crt/ Change file access permissions chmod go-rwx /etc/httpd/conf/ssl.key/server.key Made a test cert make testcert Create a server.pem file as by concatenating the server.key file and the server.crt file as follows: cat /etc/httpd/conf/ssl.key/server.key /etc/httpd/conf/ssl.crt/server.crt > /etc/httpd/conf/server.pem restart your webserver.
Your self signed certificate should now invoke the identity selector without any issues... NOTE : Remember folks. If youre learning anything at all from all of us who are blogging our experiences and processes about getitng infocard to work in all these various platforms and scenarios to PLEASE "pay it forward".

for everything on Identity, JCAPS, SOA, WebServices, Security, Single Signon, Federation, Provisioning, Virtualization, Optimization, Debugging, Workflows, Compliance, MySQL and more... WAY MORE....

[this is a group blog]


« July 2016