«
Expand/Collapse
51 items tagged "india"
Related tags:
papers [+],
chaos communication congress [+],
blackberry [+],
Software [+],
sql [+],
security [+],
new delhi [+],
def con [+],
chennai india [+],
chennai [+],
access [+],
world intellectual property organisation [+],
web biz [+],
web [+],
vulnerability note [+],
talk [+],
sql injection [+],
spam [+],
social hacks [+],
open source software [+],
knowledge [+],
hackers [+],
google [+],
geneva [+],
free software foundation [+],
free [+],
foss [+],
copyright [+],
biz [+],
bangalore [+],
asia [+],
argentina [+],
txt [+],
software correctness [+],
risk [+],
rim [+],
read [+],
principles of mathematics [+],
place [+],
owasp [+],
nullcongoa [+],
new delhi india [+],
melissa j. dark [+],
legal [+],
international proportions [+],
hotel crowne plaza [+],
hacking [+],
hackers conference [+],
hacker [+],
groupon [+],
group [+],
goa india [+],
goa [+],
denies [+],
delhi ncr [+],
conference [+],
con chennai [+],
cochin india [+],
cochin [+],
china [+],
cfp [+],
august 2nd [+],
worth [+],
world [+],
website [+],
wants [+],
vulnerability [+],
user [+],
ukrainian [+],
uae [+],
tool [+],
tjx [+],
suspect [+],
subsidiary [+],
struggle [+],
state [+],
sqli [+],
sponsored [+],
splurges [+],
spamming [+],
snooping hq [+],
smart phone [+],
six [+],
site [+],
shut [+],
saudi arabia [+],
saudi [+],
s. hacking [+],
real [+],
publishes [+],
powered [+],
plain text passwords [+],
phishing [+],
passwords [+],
paint brush [+],
paint [+],
nilson solution [+],
nilson [+],
nigerian nationals [+],
news [+],
new [+],
net [+],
national innovation [+],
mystery deepens [+],
mystery [+],
microsoft [+],
memo [+],
malicious [+],
local painters [+],
levels [+],
leaks [+],
internet [+],
injection [+],
india world [+],
hit [+],
hii [+],
hacks [+],
greenlight [+],
gov [+],
forbes [+],
fix [+],
fear [+],
fake memo [+],
fake [+],
exposed [+],
encryption keys [+],
email access [+],
email [+],
electric [+],
electoral fraud [+],
e mail addresses [+],
dubai [+],
defaced [+],
day [+],
darknet [+],
curbs [+],
culprit [+],
crown [+],
cracks [+],
chrome [+],
cbi [+],
capital [+],
brush [+],
biggest [+],
arrests [+],
ahmad [+],
administrative interface [+],
Skype [+],
Issues [+],
10m [+],
call for papers [+],
call [+]
-
-
![Permalink for '[Paper] Responsibility for the Harm and Risk of Software Security Flaws'](/themes/lilina/web//media/mark_off.gif.pagespeed.ce.FiDKaoEBZK.gif)
6:45
»
SecDocs
Authors:
Cassio Goldschmidt Tags:
vulnerability Event:
Black Hat DC 2011 Abstract: Who is responsible for the harm and risk of security flaws? The advent of worldwide networks such as the internet made software security (or the lack of software security) became a problem of international proportions. There are no mathematical/statistical risk models available today to assess networked systems with interdependent failures. Without this tool, decision-makers are bound to overinvest in activities that don’t generate the desired return on investment or under invest on mitigations, risking dreadful consequences. Experience suggests that no party is solely responsible for the harm and risk of software security flaws but a model of partial responsibility can only emerge once the duties and motivations of all parties are examine and understood. State of the art practices in software development won’t guarantee products free of flaws. The infinite principles of mathematics are not properly implemented in modern computer hardware without having to truncate numbers and calculations. Many of the most common operating systems, network protocols and programming languages used today were first conceived without the basic principles of security in mind. Compromises are made to maintain compatibility of newer versions of these systems with previous versions. Evolving software inherits all flaws and risks that are present in this layered and interdependent solution. Lastly, there are no formal ways to prove software correctness using neither mathematics nor definitive authority to assert the absence of vulnerabilities. The slightest coding error can lead to a fatal flaw. Without a doubt, vulnerabilities in software applications will continue to be part of our daily lives for years to come. Decisions made by adopters such as whether to install a patch, upgrade a system or employed insecure configurations create externalities that have implications on the security of other systems. Proper cyber hygiene and education are vital to stop the proliferation of computer worms, viruses and botnets. Furthermore, end users, corporations and large governments directly influence software vendors’ decisions to invest on security by voting with their money every time software is purchased or pirated. Security researchers largely influence the overall state of software security depending on the approach taken to disclose findings. While many believe full disclosure practices helped the software industry to advance security in the past, several of the most devastating computer worms were created by borrowing from information detailed by researcher’s full disclosure. Both incentives and penalties were created for security researchers: a number of stories of vendors suing security researchers are available in the press. Some countries enacted laws banning the use and development of “hacking tools”. At the same time, companies such as iDefense promoted the creation of a market for security vulnerabilities providing rewards that are larger than a year’s worth of salary for a software practitioner in countries such as China and India. Effective policy and standards can serve as leverage to fix the problem either by providing incentives or penalties. Attempts such PCI created a perverse incentive that diverted decision makers’ goals to compliance instead of security. Stiff mandates and ineffective laws have been observed internationally. Given the fast pace of the industry, laws to combat software vulnerabilities may become obsolete before they are enacted. Alternatively, the government can use its own buying power to encourage adoption of good security standards. One example of this is the Federal Desktop Core Configuration (FDCC). The proposed presentation is based on the research done by Cassio Goldschmidt, Sr. Manager at Symantec Corporation; Melissa J. Dark, Professor & Assistant Dean Department of Computer and Information Technology Purdue University and Hina Chaudhry, PhD. Candidate at Purdue University and is reflection of the role of each player involved in the software lifecycle and the incentives (and disincentives) they have to perform the task, the network effects of their actions and the results on the state of software security.
-
6:45
»
SecDocs
Authors:
Cassio Goldschmidt Tags:
vulnerability Event:
Black Hat DC 2011 Abstract: Who is responsible for the harm and risk of security flaws? The advent of worldwide networks such as the internet made software security (or the lack of software security) became a problem of international proportions. There are no mathematical/statistical risk models available today to assess networked systems with interdependent failures. Without this tool, decision-makers are bound to overinvest in activities that don’t generate the desired return on investment or under invest on mitigations, risking dreadful consequences. Experience suggests that no party is solely responsible for the harm and risk of software security flaws but a model of partial responsibility can only emerge once the duties and motivations of all parties are examine and understood. State of the art practices in software development won’t guarantee products free of flaws. The infinite principles of mathematics are not properly implemented in modern computer hardware without having to truncate numbers and calculations. Many of the most common operating systems, network protocols and programming languages used today were first conceived without the basic principles of security in mind. Compromises are made to maintain compatibility of newer versions of these systems with previous versions. Evolving software inherits all flaws and risks that are present in this layered and interdependent solution. Lastly, there are no formal ways to prove software correctness using neither mathematics nor definitive authority to assert the absence of vulnerabilities. The slightest coding error can lead to a fatal flaw. Without a doubt, vulnerabilities in software applications will continue to be part of our daily lives for years to come. Decisions made by adopters such as whether to install a patch, upgrade a system or employed insecure configurations create externalities that have implications on the security of other systems. Proper cyber hygiene and education are vital to stop the proliferation of computer worms, viruses and botnets. Furthermore, end users, corporations and large governments directly influence software vendors’ decisions to invest on security by voting with their money every time software is purchased or pirated. Security researchers largely influence the overall state of software security depending on the approach taken to disclose findings. While many believe full disclosure practices helped the software industry to advance security in the past, several of the most devastating computer worms were created by borrowing from information detailed by researcher’s full disclosure. Both incentives and penalties were created for security researchers: a number of stories of vendors suing security researchers are available in the press. Some countries enacted laws banning the use and development of “hacking tools”. At the same time, companies such as iDefense promoted the creation of a market for security vulnerabilities providing rewards that are larger than a year’s worth of salary for a software practitioner in countries such as China and India. Effective policy and standards can serve as leverage to fix the problem either by providing incentives or penalties. Attempts such PCI created a perverse incentive that diverted decision makers’ goals to compliance instead of security. Stiff mandates and ineffective laws have been observed internationally. Given the fast pace of the industry, laws to combat software vulnerabilities may become obsolete before they are enacted. Alternatively, the government can use its own buying power to encourage adoption of good security standards. One example of this is the Federal Desktop Core Configuration (FDCC). The proposed presentation is based on the research done by Cassio Goldschmidt, Sr. Manager at Symantec Corporation; Melissa J. Dark, Professor & Assistant Dean Department of Computer and Information Technology Purdue University and Hina Chaudhry, PhD. Candidate at Purdue University and is reflection of the role of each player involved in the software lifecycle and the incentives (and disincentives) they have to perform the task, the network effects of their actions and the results on the state of software security.
-
-
21:46
»
SecDocs
Authors:
Karsten Gerloff Tags:
law Event:
Chaos Communication Congress 22th (22C3) 2005 Abstract: Your Access to Knowledge is at stake. At the World Intellectual Property Organisation, where international treaties on copyright and patents are decided on, a revolution is taking place. Big rightsholders have been getting their way until now, restricting the free use of ideas. A Treaty on Access to Knowledge is needed to guarantee your rights, and the Free Software Foundation Europe is working on it. Ever get the feeling that your country's copyright regime is getting more restrictive? This may well be due to a UN agency you have probably not heard of: The World Intellectual Property Organisation (WIPO) in Geneva. Here, international treaties on copyright, patents and trademarks are drafted and decided on. Until now, this has usually happened in the interest of big rightsholders (read: the pharma, music and film businesses). These treaties are increasingly restricting your Access to Knowledge, and they are hurting developing countries. But now, in a move that can be called dramatic by UN standards, those countries are making their voices heard. The Group of Friends of Development, led by Brasil, Argentina and India, are demanding a reorientation of WIPO's work. Instead of ever stricter enforcement of copyright and patent treaties, they are calling for more emphasis on flexibilities.
-
21:46
»
SecDocs
Authors:
Karsten Gerloff Tags:
law Event:
Chaos Communication Congress 22th (22C3) 2005 Abstract: Your Access to Knowledge is at stake. At the World Intellectual Property Organisation, where international treaties on copyright and patents are decided on, a revolution is taking place. Big rightsholders have been getting their way until now, restricting the free use of ideas. A Treaty on Access to Knowledge is needed to guarantee your rights, and the Free Software Foundation Europe is working on it. Ever get the feeling that your country's copyright regime is getting more restrictive? This may well be due to a UN agency you have probably not heard of: The World Intellectual Property Organisation (WIPO) in Geneva. Here, international treaties on copyright, patents and trademarks are drafted and decided on. Until now, this has usually happened in the interest of big rightsholders (read: the pharma, music and film businesses). These treaties are increasingly restricting your Access to Knowledge, and they are hurting developing countries. But now, in a move that can be called dramatic by UN standards, those countries are making their voices heard. The Group of Friends of Development, led by Brasil, Argentina and India, are demanding a reorientation of WIPO's work. Instead of ever stricter enforcement of copyright and patent treaties, they are calling for more emphasis on flexibilities.
-
9:20
»
SecDocs
Authors:
Karsten Gerloff Tags:
law Event:
Chaos Communication Congress 22th (22C3) 2005 Abstract: Your Access to Knowledge is at stake. At the World Intellectual Property Organisation, where international treaties on copyright and patents are decided on, a revolution is taking place. Big rightsholders have been getting their way until now, restricting the free use of ideas. A Treaty on Access to Knowledge is needed to guarantee your rights, and the Free Software Foundation Europe is working on it. Ever get the feeling that your country's copyright regime is getting more restrictive? This may well be due to a UN agency you have probably not heard of: The World Intellectual Property Organisation (WIPO) in Geneva. Here, international treaties on copyright, patents and trademarks are drafted and decided on. Until now, this has usually happened in the interest of big rightsholders (read: the pharma, music and film businesses). These treaties are increasingly restricting your Access to Knowledge, and they are hurting developing countries. But now, in a move that can be called dramatic by UN standards, those countries are making their voices heard. The Group of Friends of Development, led by Brasil, Argentina and India, are demanding a reorientation of WIPO's work. Instead of ever stricter enforcement of copyright and patent treaties, they are calling for more emphasis on flexibilities.
-
-
16:01
»
Hack a Day
Meet [Jahangir Ahmad]. He’s a 19-year-old from India who recently won third place in a contest put on by the National Innovation Foundation. Here he’s posing with the electric paint brush which he developed after seeing some local painters struggling with brushes and buckets at the top of a ladder. His system uses a 1 [...]
-
11:51
»
SecDocs
Authors:
Atul Chitnis Tags:
technology Event:
Chaos Communication Congress 23th (23C3) 2006 Abstract: This talk is about the growth of Free Software in India. It includes an overview of how Free Software has spread not only within the industry but also with in the Government and Education. Includes examples of Indian innovation based on Free Software, including the Simputer. Atul Chitnis has promoted Free and Open Source Software (FOSS) and driven community initiatives in India since the mid 1990s. In this talk, he presents an overview of these activities, from pushing a million Linux CDs into the country via the PCQuest Linux Initiative, engaging the community with industry and government through participation in large scale events, to the founding of Asia's best known and most successful FOSS event series (FOSS.IN, formerly known as "Linux Bangalore"). He also presents samples of his current work, which includes the opening of technologies associated with the Simputer, whose future he now guides as part of his work at Geodesic Information Systems. His talk will include demonstrations of the technologies involved. Finally, he will explain some of the "social hacks" he has resorted to over the years to force the FOSS community, the Indian government and the industry to get talking to each other, and will summarize the direction and future of FOSS not only India but in Asia.
-
11:45
»
SecDocs
Authors:
Atul Chitnis Tags:
technology Event:
Chaos Communication Congress 23th (23C3) 2006 Abstract: This talk is about the growth of Free Software in India. It includes an overview of how Free Software has spread not only within the industry but also with in the Government and Education. Includes examples of Indian innovation based on Free Software, including the Simputer. Atul Chitnis has promoted Free and Open Source Software (FOSS) and driven community initiatives in India since the mid 1990s. In this talk, he presents an overview of these activities, from pushing a million Linux CDs into the country via the PCQuest Linux Initiative, engaging the community with industry and government through participation in large scale events, to the founding of Asia's best known and most successful FOSS event series (FOSS.IN, formerly known as "Linux Bangalore"). He also presents samples of his current work, which includes the opening of technologies associated with the Simputer, whose future he now guides as part of his work at Geodesic Information Systems. His talk will include demonstrations of the technologies involved. Finally, he will explain some of the "social hacks" he has resorted to over the years to force the FOSS community, the Indian government and the industry to get talking to each other, and will summarize the direction and future of FOSS not only India but in Asia.
-
11:45
»
SecDocs
Authors:
Atul Chitnis Tags:
technology Event:
Chaos Communication Congress 23th (23C3) 2006 Abstract: This talk is about the growth of Free Software in India. It includes an overview of how Free Software has spread not only within the industry but also with in the Government and Education. Includes examples of Indian innovation based on Free Software, including the Simputer. Atul Chitnis has promoted Free and Open Source Software (FOSS) and driven community initiatives in India since the mid 1990s. In this talk, he presents an overview of these activities, from pushing a million Linux CDs into the country via the PCQuest Linux Initiative, engaging the community with industry and government through participation in large scale events, to the founding of Asia's best known and most successful FOSS event series (FOSS.IN, formerly known as "Linux Bangalore"). He also presents samples of his current work, which includes the opening of technologies associated with the Simputer, whose future he now guides as part of his work at Geodesic Information Systems. His talk will include demonstrations of the technologies involved. Finally, he will explain some of the "social hacks" he has resorted to over the years to force the FOSS community, the Indian government and the industry to get talking to each other, and will summarize the direction and future of FOSS not only India but in Asia.
-
-
9:22
»
Packet Storm Security Recent Files
The OWASP India 3 Call For Papers has been announced. It will take place August 24th through the 25th, 2012 at Hotel Crowne Plaza Today, Gurgaon, New Delhi (NCR), India.
-
9:22
»
Packet Storm Security Misc. Files
The OWASP India 3 Call For Papers has been announced. It will take place August 24th through the 25th, 2012 at Hotel Crowne Plaza Today, Gurgaon, New Delhi (NCR), India.
-
-
7:55
»
Packet Storm Security Exploits
The administrative interface in code from "Powered by Nilson Solution, India" appears to suffer from a remote SQL injection vulnerability that allows for authentication bypass.
0day.today (was: 1337day, Inj3ct0r, 1337db) (573 unread)
OSVDB Vulnerabilities
Exploit-DB
SecurityFocus Vulnerabilities
Bugtraq
XSSed
Sophos security news
Penetration Testing
SecuriTeam
BackTrack Linux Forums
Threatpost
carnal0wnage.attackresearch.com
Carnal0wnage
Darknet
The Exploitant
Wirevolution
10:00