Search Results

Many people send Microsoft Word documents as email attachments without realizing that there are several security risks. some viruses specifically target Microsoft Word files Microsoft Word vulnerability gives hackers a backdoor May 24, 2006 earlier versions...

I’m not really sure what Identity 2.0 is but here are some very interesting slide show talks about it, and it looks to be solving some very interesting web security problems. OSCON 2005 Keynote – Identity 2.0 – Dick Hardt – Founder & CEO, Sxip Identity Who...

Article on Validating Input from IBM’s Best Practices series Top Ten Web Security Flaws – OWASP Know your Enemy: Web Application Threats – Using Honeypots to learn about HTTP-based attacks

OpenSSH is a simple, free solution for Windows machines to implement SSH. OpenSSH can be downloaded at:http://sshwindows.sourceforge.net/download/OpenSSH, once set up uses NTFS permission security settings and can be used for domain and local accounts.Once in...

This link below leads to a few simple systems described in a paper titled “Simple Formula for Strong Passwords: Dramatically Increase Information Security with Minimal Training, and Without Costly Infrastructure Changes.” (It’s a 42 page PDF.) http://www.sans....

Although phpMyAdmin is an excellent tool for administering MySQL databases, you don’t want to expose your MySQL usernames and passwords to sniffing over the wire by sending them “in the clear.”The solution, if you are running https, is to simple edit the confi...

AVG Anti-virus – free; anti-virus Microsoft Security Essentials – Free anti-virus and anti-spyware from Microsoft. Supercedes Windows Defender (see below). Also, Security Essentials definitions Microsoft Windows Defender – Free anti-spyware from Microsoft. ...

CAPTCHA stands for *C*ompletely *A*utomated *P*ublic *T*uring test to tell *C*omputers and *H*umans *A*part. Basically it means those pictures with wavy letters that you have to type in before being allowed to sign up for a mailing list or other service. They ...

Free online copy of a good and comprehensive computer security book: Security Engineering: A Guide to Building Dependable Distributed Systems.“If you’re even thinking of doing any security engineering, you need to read this book”Bruce Schneier

TrueCrypt is a simple, easy-to-use, on-the-fly encryption program. It works on Windows 2000/XP/2003 and Linux.Some features include: Ability to encrypt entire hard disk partition or a storage device Creation of a virtual encrypted disk within a file that moun...

National Vulnerability Database is a comprehensive cyber security vulnerability database that integrates all publicly available U.S. Government vulnerability resources and provides references to industry resources. “USERS POPULATE THE VULNERABILITY DATABASEA d...

“All HTTP servers identify themselves. Here’s how to change Zope’s default identity.If you have a Zope 2.8.1 instance with Plone installed, and look at the HTTP headers, which anyone can do, you will see something like this:Server: Zope/(Zope 2.8.1-final, pyth...

In conventional password authentication, you prove you are who you claim to be by proving that you know the correct password. The only way to prove you know the password is to tell the server what you think the password is. This means that if the server has be...

How can I create a secure password?Update: Read this first: Choosing a Secure Password by Bruce Schneier, Feb. 25, 2014Your password is your key to access important personal information both on your computer and online. Should criminals or other perpetrators...

For information about phishing, what to do, and examples of past email phishing attempts in UCLA email, consult the IT Services “Phishing Scams” web pageIf you receive and phishing email, IT Services’ Security team asks that you share it with them. Email a sav...

1 – Alienvault – Open Source Security Information Management system – good review in the latest (March 2010) Linux journalFrom the web site: The OSSIM platform consists of a Management Server, and Sensor or “Probe”. A professional version that includes SEM fun...

BruinAlert is a system developed to notify members of the campus community of emergencies on or near the campus.UCLA faculty and staff with valid email addresses in the UCLA Campus Directory and URSA are automatically enrolled in BruinAlert to receive email al...

Passwords should not be stored in cleartextLocal 1Password – https://agilebits.com/onepassword IronKey – https://www.ironkey.com/news/verisign-ironkey-otp-password-service KeyPass – http://keepass.info/ PasswordSafe – http://passwordsafe.sourceforge.net/-Hoste...