February 27th, 2009 
Mourad Ben Lakhoua Researchers from NC State have developed a new approach to discover the risk assessment in software security and ensure the application development safety. This new system is called Protection poker and designed to help developers to determine the possible location of vulnerability in the code source even before its deployment. According to this technique the [...]
February 25th, 2009 Mourad Ben Lakhoua Two-Thirds of U.S. Consumers Surveyed Use the Same One or Two Passwords for All Web Sites Although consumers claim to be concerned about security, they have little tolerance for sacrificing convenience to safeguard that security, according to Gartner Inc. Despite widespread security concerns, consumers continue to rely on service providers to protect their safety and [...]
February 24th, 2009 Mourad Ben Lakhoua Symentic reported that there is a new 0day vulnerability in Microsoft Office Excel (other versions may be affected as well).Symantec is saying that the vulnerability is being exploited by a variant of the Mdropper trojan, which they are calling Trojan.Mdropper.AC. There is no patch for the vulnerability yet and the only workaround available at the [...]
February 23rd, 2009 Mourad Ben Lakhoua The IT Policy Compliance Group (IT PCG) today announced the availability of its latest benchmark research report titled, “Managing Spend on Information Security and Audit to Improve Results.”Based on research conducted with more than 2,600 firms, the study reveals that 68 percent of firms are under-spending on information security relative to the financial risks and [...]
Posted in News 
Tags: Audit, compliance, IT governance, Regulations, Regulatory compliance, Risk, Security 
No Comments » February 23rd, 2009 Mourad Ben Lakhoua security researcher Dan Kaminsky who works at security services firm IOActive, said this week at BlackHat that the time may have come for IT vendors and users to consider broad adoption of the more-permanent security protections offered by DNS Security Extensions, or DNSSEC, technology. The cache-poisoning flaw was publicly disclosed last July and after several [...]
Posted in News Tags: Authentication/Encryption, Current Control, Digital security, DNS, Domain Names, Internet, Network security, Networking, PKI, Security 2 Comments » February 21st, 2009 Mourad Ben Lakhoua According to Shadowserver, There is a new Acrobat 0-day in the wild. They say you can avoid it by turning off Javascript inside of your Adobe Acrobat products. Please see Shadowserver’s write up: here for more information
Posted in News Tags: Acrobat, Adobe, Critical, Javascript, Reader, Security, Update, Vulnerability No Comments » February 19th, 2009 Mourad Ben Lakhoua Facebook and other social networking sites can be a great way of keeping in touch with former friends from high school, university and various jobs. But using such sites does come with different risks. Here you can find some best practices that can keep you safe while you still enjoy the benefits of social networking: [...]
