regex-less parsing of messages
A very interesting and useful discussion took place the last week on the LogAnalysis mailing list.
Anton Chuvakin started the thread by asking other than parsing the individual messages (that could potentially have thousands of different formats), what other methods can be used in analyzing logs?
Some suggestions out of this discussion are listed here.
Clustering
Anton listed this [...]
Eight steps for integrating security into application development
As a security professional and a developer, I have always been very frustrated in the carelessness of some developers when it comes to conforming to the simple security practices. The most common ones I see are throwing unchecked user inputs to the system call or database queries.
Ruby Qurashi’s article on Eight steps for integrating [...]
Gallery 2.0.2 Security Fix Release
Gallery 2.0.1 and 2.0 has a minor security flaw. Here’s from the gallery web site:
Gallery 2.0.2 is now available for download. This release adds no new features. It fixes a minor XSS exploit, a potential information leak and a file disclosure bug in the zipcart module that could allow remote visitors to view sensitive files [...]
The Top Five I.T. Control Weaknesses
I am surprised I didn’t post this one. In any case, here it is.
The Top Five I.T. Control Weaknesses by BEN WORTHEN.
Failure to segregate duties within applications, and failure to set up new accounts and terminate old ones in a timely manner.
Lack of proper oversight for making application changes.
Inadequate review of audit logs.
Failure to [...]
Steps for managing risk
Good article on risk management on Computerworld by Samir Kapuria.
In this article, Samir described a 3 step process in which a security assurance team should take for risk management. The only thing I would recommend changing is to separate the incident response step from the Application step. Right now Samir has both mixed into one.
The [...]
More...Webcast: 8 Key Steps to Monitor HIPAA Compliance
Register for this event
This is quite a webcast. LogLogic did one not too long ago and there’s such a demand that it will be re-broadcasted LIVE.
Credit card fees on foreign charges
So I have been doing quite a bit of international traveling, both business and personal. I am slowly finding out there is evil in credit card companies. For example, I have been using a Citi card for most of the charges. Every time the clerk swipes my card, 3% is added to the purchase amount. [...]
More...Drilling Down on Security Data
Q1 Labs’ entry into the SEM market. Seems like they are competing with the Cisco MARS product.
More...How to Fund a Startup
A friend pointed me to this article on How to Fund a Startup by Paul Grahm. Very good summary of the different funding options.
More...About Jian Zhen
Disclaimer: This is my personal blog. The opinions expressed in this blog are the views of the writer and do not necessarily reflect the views and opinions of VMware.