Web App Security

  • Most Topular Stories

  • Update on reviewing our data practices and Bugzilla development database disclosure

    Mozilla Security Blog
    jstevensen
    27 Aug 2014 | 5:02 pm
    As we indicated in the post titled “MDN Disclosure”, we began several remediation measures, including a review of data practices surrounding user data. We have kicked off a larger project to better our practices around data, including with respect to the various non-Mozilla projects we support. We are implementing immediate fixes for any discovered issues across the organization, and are requiring each business unit to perform a review of their data practices and, if necessary, to implement additional protections based on that review. As we proceed through our broader remediation program,…
  • Five security lessons from ‘Mars Attacks!’

    Liquidmatrix Security Digest
    Bill Brenner
    28 Aug 2014 | 4:32 pm
    If you look closely, the 1996 Tim Burton film “Mars Attacks!” offers us a few security lessons. Let the following clip play as I run through some examples… Lesson 1: If you release a white dove over someone’s head before you verify who you’re dealing with, you have failed to practice due diligence. The resulting bad press could damage your brand. Lesson 2: Regarding Jack Nicholson’s speech about two out of three branches of the government still working: Layers of security may be smart, but if it’s badly configured and government-issued, it…
  • A look at the new Gameover Zeus variant

    Zscaler Research
    Deepen Desai
    30 Aug 2014 | 9:52 am
    Background Zeus, also known as Zbot is one of the most notorious and wide-spread information stealing banking Trojans. It was first spotted in early 2007 and since then over the years it has evolved into a very sophisticated malware family with such features as: Man-in-The-Browser keystroke logging Form grabbing Web injects Kernel-mode rootkit update Custom
  • Black Box Driven Development in JavaScript

    Mozilla Hacks - the Web developer blog
    Krasimir Tsonev
    27 Aug 2014 | 6:03 am
    Sooner or later every developer finds the beauty of the design patterns. Also, sooner or later the developer finds that most of the patterns are not applicable in their pure format. Very often we use variations. We change the well-known definitions to fit in our use cases. I know that we (the programmers) like buzzwords. Here is a new one – Black Box Driven Development or simply BBDD. I started applying the concept before a couple of months, and I could say that the results are promising. After finishing several projects, I started seeing the good practices and formed three principles.
  • Update: Calculating a SSH Fingerprint From a (Cisco) Public Key

    Didier Stevens
    Didier Stevens
    1 Sep 2014 | 1:17 pm
    I think there’s more interest for my program to calculate the SSH fingerprint for Cisco IOS since Snowden started with his revelations. I fixed a bug with 2048 bit (and more) keys. cisco-calculate-ssh-fingerprint_V0_0_2.zip (https) MD5: C304299624F12341F9935263304F725B SHA256: 2F2BF65E6903BE3D9ED99D06F0F38B599079CCE920222D55CC5C3D7350BD20FB
  • add this feed to my.Alltop

    Mozilla Security Blog

  • Update on reviewing our data practices and Bugzilla development database disclosure

    jstevensen
    27 Aug 2014 | 5:02 pm
    As we indicated in the post titled “MDN Disclosure”, we began several remediation measures, including a review of data practices surrounding user data. We have kicked off a larger project to better our practices around data, including with respect to the various non-Mozilla projects we support. We are implementing immediate fixes for any discovered issues across the organization, and are requiring each business unit to perform a review of their data practices and, if necessary, to implement additional protections based on that review. As we proceed through our broader remediation program,…
  • mozilla::pkix ships in Firefox!

    dkeeler
    20 Aug 2014 | 10:35 am
    In April, we announced an upcoming certificate verification library designed from the ground up to be fast and secure. A few weeks ago, this new library – known as “mozilla::pkix” – shipped with Firefox and is enabled by default. Please see the original announcement for more details. Along with using more verifiably secure coding practices, we took the opportunity to closely adhere to the X.509 certificate verification specifications for the Internet. For example, we prevent certificates from being misused in ways that legacy libraries often do not. This protects user…
  • MDN Database Disclosure

    Stormy
    1 Aug 2014 | 5:01 pm
    We have just concluded an investigation into a disclosure affecting members of Mozilla Developer Network. We began investigating the incident as soon as we learned of the disclosure. The issue came to light ten days ago when one of our web developers discovered that, starting on about June 23, for a period of 30 days, a data sanitization process of the Mozilla Developer Network (MDN) site database had been failing, resulting in the accidental disclosure of MDN email addresses of about 76,000 users and encrypted passwords of about 4,000 users on a publicly accessible server. As soon as we…
  • Improving Malware Detection in Firefox

    Sid Stamm
    23 Jul 2014 | 5:01 pm
    We are always looking for ways to help protect people better from the constant threat of malicious software. For years Firefox has utilized Google’s Safe Browsing phishing and malware protection to help keep you from accidentally visiting dangerous sites. This protection feature works by checking the sites that you visit against lists that Firefox downloads of reported phishing and malware sites. (For more details, check out this page.) Firefox is about to get safer. Until recently, we only had access to lists of reported malicious web sites, now the Safe Browsing service monitors…
  • June is Internet Safety Month!

    Sid Stamm
    2 Jun 2014 | 8:28 am
    Happy Internet Safety Month, everyone! In today’s world it is more critical than ever to be aware of security risks online. High-profile and broad attacks made news quite a bit in the last year. From the Heartbleed vulnerability to spikes in credit card theft and fraud, buzz about online privacy and security is on the rise. Even the White House has turned attention to cybersecurity. The Ponemon Institute estimates 47% of Americans have had their personal information compromised! So now is a great time to do some routine maintenance this month and beef up your safety: Download a secure…
 
  • add this feed to my.Alltop

    Liquidmatrix Security Digest

  • Five security lessons from ‘Mars Attacks!’

    Bill Brenner
    28 Aug 2014 | 4:32 pm
    If you look closely, the 1996 Tim Burton film “Mars Attacks!” offers us a few security lessons. Let the following clip play as I run through some examples… Lesson 1: If you release a white dove over someone’s head before you verify who you’re dealing with, you have failed to practice due diligence. The resulting bad press could damage your brand. Lesson 2: Regarding Jack Nicholson’s speech about two out of three branches of the government still working: Layers of security may be smart, but if it’s badly configured and government-issued, it…
  • 5 Things a Revere, MA Upbringing Taught Me About Infosec

    Bill Brenner
    27 Aug 2014 | 12:48 pm
    Growing up in Revere, Mass., taught me some very simple lessons about information security. Note: When people hear the name Revere, they think of these things: Paul Revere’s ride, guns, the IROC-Z automobile, lots of gold chains and language that doesn’t include the letter r at the end of a word. Information security? You probably think I’ve lost what little sanity I had. But I’m serious. Revere incident 1: Me and two friends are followed a quarter-mile up the beach and pounced upon because I apparently said something someone mistook as an insult against his…
  • The Stupid, It Burns

    Dave Lewis
    25 Aug 2014 | 8:55 am
    There are times where I just marvel at the abject stupidity of some folks. Case in point was the posting on Pastebin over the weekend where a group of “hackers” (wow, I use that term lightly) calling themselves “Wycked” posted a database dump from McDonald’s Malaysia. The premise being that they compromised the site. Small problem with that however. You see, the “Havij Injection Project” already posted that same database dump in February 2012. Don’t piss on my leg and tell me that it is raining. The stupid, it burns. The post The Stupid, It…
  • Privacy under fire: Aaron Sorkin saw it coming in 1999

    Bill Brenner
    24 Aug 2014 | 1:08 pm
    I’ve long been a fan of “The West Wing,” which follows the drama of fictional president Josiah Bartlet and his senior staff. The series launched well before the privacy debates that are now the norm. But series creator Aaron Sorkin was way ahead of his time all those years ago when he focused on Internet privacy in the season one episode “The Short List.” In the episode, Bartlet has nominated a man for the Supreme Court whose writings suggest a lack of regard for Americans’ right to privacy. During a heated Oval Office discussion, presidential advisor Sam…
  • No Cyber Experience? Strategy! Um…

    Dave Lewis
    22 Aug 2014 | 9:09 am
    Michael Daniel is the person who is on point for shaping cyber security in the US government. I find it rather disquieting that the White House cyber security coordinator espouses his lack of technical knowledge as a plus. From Gov Security: “Being too down in the weeds at the technical level could actually be a little bit of a distraction,” Daniel, a special assistant to the president, says in an interview with Information Security Media Group. “You can get enamored with the very detailed aspects of some of the technical solutions,” he says. “And, particularly…
  • add this feed to my.Alltop

    Zscaler Research

  • A look at the new Gameover Zeus variant

    Deepen Desai
    30 Aug 2014 | 9:52 am
    Background Zeus, also known as Zbot is one of the most notorious and wide-spread information stealing banking Trojans. It was first spotted in early 2007 and since then over the years it has evolved into a very sophisticated malware family with such features as: Man-in-The-Browser keystroke logging Form grabbing Web injects Kernel-mode rootkit update Custom
  • Dissecting the CVE-2013-2460 Java Exploit

    Sameer Patil
    28 Jul 2014 | 3:43 am
    Introduction In this vulnerability, code is able to get the references of some restricted classes which are cleverly used for privilege escalation and bypassing the JVM sandbox. The vulnerable “invoke” method of the “sun.tracing.ProviderSkeleton” class is used to issue calls to the Class.forName() method for loading internal restricted classes and methods. Vulnerability Exploitation
  • De-obfuscating the DOM based JavaScript obfuscation found in EK’s such as Fiesta and Rig

    Pradeep Kulkarni
    23 Jul 2014 | 12:07 am
    There is little doubt that exploit kit (EK) developers are continuing to improve their techniques and are making exploit kits harder to detect. They have heavily leveraged obfuscation techniques for JavaScript and are utilizing browser functionality to their advantage. Recent exploit kits such as ‘Fiesta’ and ‘Rig’ for example, have been found to be using DOM based JavaScript obfuscation. In
  • Mobile App Wall of Shame: CNN App for iPhone

    viral
    21 Jul 2014 | 11:06 am
    Price: Free Category: News Updated: Jul 11, 2014 Version: Version 2.30 (Build 4948) Size: 21.8 MB Language: English Vendor: CNN Interactive Group, Inc. Operating System: iOS Background iReport account setting The CNN App for iPhone is one of the most popular news applications available for the iPhone. At present, it is sitting at #2 in the iTunes free News app category and #165
  • And the mice will “Play”…: App Stores and the Illusion of Control Part II

    viral
    15 Jul 2014 | 5:59 am
    In the last blog, we began analyzing what we’ve termed the “App Dichotomy” of the App Economy – The fact that we are at least as much the consumed, as we are the consumer. Our goal was to analyze popular apps from Apple’s App Store and Google Play to determine how permissive developers have tried to be, and the security and privacy risks we accept when we download them to our smartphones. 
 
  • add this feed to my.Alltop

    Mozilla Hacks - the Web developer blog

  • Black Box Driven Development in JavaScript

    Krasimir Tsonev
    27 Aug 2014 | 6:03 am
    Sooner or later every developer finds the beauty of the design patterns. Also, sooner or later the developer finds that most of the patterns are not applicable in their pure format. Very often we use variations. We change the well-known definitions to fit in our use cases. I know that we (the programmers) like buzzwords. Here is a new one – Black Box Driven Development or simply BBDD. I started applying the concept before a couple of months, and I could say that the results are promising. After finishing several projects, I started seeing the good practices and formed three principles.
  • Building Interactive HTML5 Videos

    Jeroen Wijering
    26 Aug 2014 | 5:47 am
    The HTML5 <video> element makes embedding videos into your site as easy as embedding images. And since all major browsers support <video> since 2011, it’s also the most reliable way to get your moving pictures seen by people. A more recent addition to the HTML5 family is the <track> element. It’s a sub-element of <video>, intended to make the video timeline more accessible. Its main use case is adding closed captions. These captions are loaded from a separate text file (a WebVTT file) and printed over the bottom of the video display. Ian Devlin has written an…
  • Launching Open Web Apps feedback channels – help us make the web better!

    Robert Nyman [Editor]
    20 Aug 2014 | 9:16 am
    About three months ago we launched a feedback channel for the Firefox Developer Tools, and since it was a great success, we’re happy announce a new one for Open Web Apps! For Developer Tools, we have, and keep on getting, excellent suggestions at http://mzl.la/devtools, which has lead to features coming from ideas there being implemented in both Firefox 32 & 33 – the first ideas shipped in Firefox only 6 weeks after we launched the feedback channels! Your feedback as developers is crucial to building better products and a better web, so we want to take this one step further. A…
  • Browserify and Gulp with React

    Kevin Ngo
    19 Aug 2014 | 9:09 am
    The JS world moves quickly, and nowadays, there’re some new kids around the block. Today, we’ll explore Browserify, Gulp, and React and see whether they’d sound suitable for our projects. You might have heard of them but not have had the time to check them out. So we’ll look at the advantages and disadvantages of using Browserify, using Gulp, using React. Because it certainly doesn’t hurt to know our options. Browserify: Bundling Node Modules for the Browser Browserify is a development tool lets us write Node-style modules in the browser or include actual Node…
  • Time to get hacking – Introducing Rec Room

    tofumatt
    18 Aug 2014 | 4:48 am
    It’s no secret that the best frameworks and tools are extracted, not created out of thin air. Since launching Firefox OS, Mozilla has been approached by countless app developers and web developers with a simple question: “How do I make apps for Firefox OS?” The answer: “It’s the web; use existing web technologies.” was—and still is—a good answer. But if you don’t already have an existing toolchain as a web developer, I’ve been working on extracting something out of the way I’ve been creating web apps at Mozilla that you can use to…
  • add this feed to my.Alltop

    Didier Stevens

  • Update: Calculating a SSH Fingerprint From a (Cisco) Public Key

    Didier Stevens
    1 Sep 2014 | 1:17 pm
    I think there’s more interest for my program to calculate the SSH fingerprint for Cisco IOS since Snowden started with his revelations. I fixed a bug with 2048 bit (and more) keys. cisco-calculate-ssh-fingerprint_V0_0_2.zip (https) MD5: C304299624F12341F9935263304F725B SHA256: 2F2BF65E6903BE3D9ED99D06F0F38B599079CCE920222D55CC5C3D7350BD20FB
  • A Return: The Puzzle

    Didier Stevens
    21 Aug 2014 | 12:19 pm
    It’s been some time that I posted a puzzle. So here is a new little puzzle. What is special about this file?
  • EICARgen: An Arms Race

    Didier Stevens
    10 Aug 2014 | 5:01 pm
    If you subscribed to my videos, you saw this video and had early access to my new version of EICARgen. Version 1.0 of EICARgen is detected by too many AV as a dropper. So I rewrote the code. If you launch the new EICARgen (version 2.0) without any arguments, it does nothing. You have to provide argument “write” for it to write the EICAR test file to disk. By default this is eicar.com, but you can still provide a filename as second argument. And I’ve added 2 new files: zip and pdf. Use argument zip and eicar.zip is written, use pdf and eicar.pdf is written. Here is the…
  • Videos

    Didier Stevens
    31 Jul 2014 | 1:50 am
    I plan to produce short videos more frequently. I will not post them all here on my blog, I’ve created another blog for all my videos: videos.didierstevens.com. The RSS is http://videos.didierstevens.com/feed/. And from time to time, I’ll repost an old video on that feed.
  • Stoned Bitcoin: My Analysis Tools

    Didier Stevens
    23 Jul 2014 | 5:00 pm
    The most interesting thing about Stoned Bitcoin for me, was to work out a method to find these Bitcoin transactions. When this was mentioned on Twitter, I did a string search through the Bitcoin blockchain for string STONED: no hits. Some time later I used my find-file-in-file tool. I got a copy of the Stoned Virus (md5 74A6DBB7A60915FE2111E580ACDEEAB7) and searched through the blockchain: again, no hits. Although this means the blockchain doesn’t contain the start bytes of the Stoned Virus, it could still contain other parts of the virus. So I randomly selected a sequence of bytes from…
 
  • add this feed to my.Alltop

    CERIAS Combined Feed

  • CERIAS Researchers Win Student Paper Award

    CERIAS Webmaster
    26 Aug 2014 | 11:23 am
    CERIAS researchers won the Best Student Paper award at the 23rd USENIX Security Symposium, a top-tier computer systems security conference. The paper, “DSCRETE: Automatic Rendering of Forensic Information from Memory Images via Application Logic Reuse,” was co-authored by Ph.D. students Brendan Saltaformaggio and Zhongshu Gu, with CS Professors Xiangyu Zhang and Dongyan Xu. This award was presented at the conference on August 20 in San Diego. (Photo: Brendan Saltaformaggio accepting the award from Dr. Kevin Fu, Chair of the conference.) Figure 1. DSCRETE is a memory forensics tool for…
  • Videos from the 15th Annual CERIAS Symposium

    Gene Spafford
    11 Jul 2014 | 1:30 pm
    We are now releasing videos of our sessions at this year’s CERIAS Symposium from late March. We had a fascinating session with David Medine, chair of the PCLOB discussing privacy and government surveillance with Mark Rasch, currently the CPO for SAIC. If you are interested in the issues of security, counterterrorism, privacy, and/or government surveillance, you will probably find this interesting: https://www.youtube.com/watch?v=kHO7F8XjvrI We are also making available videos of some of our other speakers — Amy Hess, Exec. Deputy Director of the FBI; George Kurtz, President & CEO of…
  • Update on “Patching is Not Security”

    Gene Spafford
    9 Jul 2014 | 12:09 pm
    A few weeks ago, I wrote a post entitled “Patching Is Not Security.” Among other elements, I described a bug in some Linksys routers that was not patched and was supporting the Moon worm. Today, I received word that the same unpatched flaw in the router is being used to support DDOS attacks. These are not likely to be seen by the owners/operators of the routers because all the traffic involved is external to their networks — it is outbound from the router and is therefore “invisible” to most tools. About all they might see is some slowdown in their connectivity. Here’s some of the…
  • Why We Don’t Have Secure Systems Yet, Introduction

    Gene Spafford
    7 Jul 2014 | 10:32 am
    Over the past couple of months I’ve been giving an evolving talk on why we don’t yet have secure systems, despite over 50 years of work in the field. I first gave this at an NSF futures workshop, and will give it a few more times this summer and fall. As I was last reviewing my notes, it occurred to me that many of the themes I’ve spoken about have been included in past posts here in the blog, and are things I’ve been talking about for nearly my entire career. It’s disappointing how little progress I’ve seen on so many fronts. The products on the market, and the “experts” who…
  • CERTs, Security Patches And Sloppy Design

    CERIAS Webmaster
    25 Jun 2014 | 6:02 am
    When will we reach the tipping point? Spafford has this to offer, “If we keep patching, the system will collapse under the weight of all those patches.” More information »
  • add this feed to my.Alltop

    Security Bloggers Network

  • Security Slice: Internet Security in Five “Easy” Steps

    Eva Hanscom
    1 Sep 2014 | 8:00 pm
    The post Security Slice: Internet Security in Five “Easy” Steps appeared first on The State of Security.
  • For your eye’s only

    CQR
    1 Sep 2014 | 4:56 pm
    “Celebs in nude photo scandal’ make it to the top of our news feed today and who’s clicking on the link. I have to say for 1 ‘not me’. I’m sure Jennifer Lawrence has a lovely figure but I don’t need to see it and the photos were never intended for the public, they are privatephotos stored on a private cloud account. The only reason why the likes of you and I are aware of them is because someone stole them! Yes, stole, ‘to take without permission or right, especially secretly or by force’. It took for…
  • Microsoft fixes hybrid connectivity problem in Exchange 2013 CU6

    Windows IT Pro
    1 Sep 2014 | 3:06 pm
    Microsoft has published KB2997355 to provide a script fix for the issue that plagued Exchange 2013 administrators when they found that they couldn’t use the Exchange Administration Center (EAC) to manage Exchange Online mailboxes after ...
  • Heartbleed & Healthcare: Massive Data Breach at Community Health Systems

    Ashley Booth
    1 Sep 2014 | 1:41 pm
    In late August, Community Health Systems (CHS) announced one of the largest data breaches to date. This large breach affected one of the largest hospital companies in the country; CHS owns 206 hospitals in 29 states. According to their filing with the Securities and Exchange Commission (SEC), CHS confirmed a data breach of 4.5 million […]
  • Explanation of ISO 27001:2013 clause 4.1 (Understanding the organization)

    Mirela Gabaj
    1 Sep 2014 | 1:13 pm
    Clause 4.1 is a completely new requirement in the 2013 revision of ISO 27001, and it has caused quite some confusion because it is rather vague. (By the way, there is very similar confusion with ISO 22301, so this article ...
  • add this feed to my.Alltop

    blog.hotspotshield.com

  • Will the EU’s “Right to be Forgotten” Rule Transform the Internet?

    Peter Nguyen
    27 Aug 2014 | 10:56 pm
    There is a specter haunting the European Union (EU): the specter of forgetfulness. A set of regulatory laws passed by the Union in recent years guarantees citizens the Right to be Forgotten, promising the ability to clean the online record of bad decisions. The right was recently upheld in the highest EU courts, signaling that it may be here to stay. On the surface, the law seems like a privacy advocate’s dream; however, once the surface is scratched, deeper concerns become apparent. What Is It? The Right to be Forgotten (or RtbF) is a legal construct of the European Union. In 1995, the…
  • Support Privacy as a Human Right

    Peter Nguyen
    25 Aug 2014 | 11:50 pm
    Do you support privacy as a human right? Anchorfree’s CEO, David Gorodyansky, will be speaking on this topic at SXSW 2015 with your help. SXSW (South by Southwest) is a set of film, interactive, and music festivals and conferences that take place annually in Austin, Texas in mid-March. Each year, thousands of entries are submitted. The topics that get the most votes from the community, the advisory board, and the SXSW staff will get invited to present at this prestigious event. As you know, Anchorfree is a champion of internet privacy. Our Hotspot Shield VPN protects users’ privacy on…
  • How Your Household Items Could Be Spying On Everything You Do

    Peter Nguyen
    21 Aug 2014 | 11:13 pm
    Many items in your home, including your dryer, is a computer with the ability to track your behavior. Corporate entities and hackers alike are increasingly finding ways to capitalize on data grabs from even our most mundane of daily activities. Thanks to the ever-growing Internet of Things that’s becoming integrated into the fabric of our lives, it’s hard to trust even the most seemingly innocuous inanimate objects in your home. See how your household items could be spying on everything you do. Devices With Cameras Are Vulnerable Your television and laptop now have some things in…
  • How the Internet Security Landscape Shifted in 2014′s First Quarter

    Peter Nguyen
    19 Aug 2014 | 9:54 pm
    The good news is that observed Internet attack traffic fell in most countries in the first quarter of 2014. The bad news is that the United States has risen to second in the world, after China, as a source of attack traffic. The most recent State of the Internet Report by Akamai Technologies identifies these and other trends in Internet security and speed. Akamai is a U.S. Internet content delivery network and the creator of the Akamai Intelligent Platform, which delivers more than two trillion Internet interactions and protects users from several distributed denial-of-service (DDoS) attacks…
  • Google Glass – Are the Privacy Fears Justified?

    Peter Nguyen
    13 Aug 2014 | 11:41 pm
    Google has been celebrating the May 2014 public release of its Google Glass with a traveling road show that allows tech-heads to play with the wearable technology. At the shows Google employees and early adopters known as Google Glass “Explorers” extol the virtues of the Internet-capable eyewear, which contains a built-in camera. However, the device has also come under criticism from people worried about potential privacy infringements. Read on to discover whether their fears are justified. Bars & More Outlaw Google Glass Due to Privacy Concerns At least eight bars in the San…
 
  • add this feed to my.Alltop

    Blog - CloudEntr

  • Don't become a breached whale: Password tips to keep you afloat

    Christopher Bartik
    26 Aug 2014 | 6:30 am
    It’s late at night. You’ve just gotten home from a long day at work and the last thing you want to think about is anything requiring you to well, think. The couch beckons and soon enough you’re flipping through your DVR looking for your Game of Thrones fix. Most days you’ll fall into detached, trancelike viewing, but today something on the news sparks your attention: There was a robbery in your neighborhood. The news reporter says the thief is taking advantage of all the people who leave their doors unlocked. From the couch, you look to your own front door and see that it is, indeed,…
  • Cloud Sprawl: A Business's Guide to Secure Cloud Data for Employees and Customers

    Macey Morrison
    21 Aug 2014 | 7:02 am
    Shadow IT, a shady landscape for business, or is it?Cloud sprawl causes headaches for all of us… we have too many cloud services for CRM, accounting, and file sharing not to mention those “personal” services that we’re all guilty of bringing into the workplace. And to add further complexity, others don’t always use the same apps to solve the same problem that we do. Different people have unique preferences and businesses deploy competing services.Take Sarah in marketing for instance. She may love Dropbox personally, but Bill in Finance wants budgets shared in SkyDrive, while Mary in…
  • Deconstructing big time data breaches: Where the big boys failed and what your business can learn

    Christopher Bartik
    12 Aug 2014 | 10:40 am
    These days, it seems not a day goes by without a data breach story appearing in the news. As these security incidents become more prevalent - not to mention more costly - one of the best things that small businesses can do to prevent them is to learn from others' mistakes.We see that the biggest enterprises are not infallible to data protection issues like breaches. And we obviously hear about them because bigger brands are newsworthy. This is good for small businesses though, because while their drama unfolds in the media it gives us a very public playbook of how it happened and how they…
  • Gemalto Bundles Secure File Sharing and Access Management to Offer All-in-One Identity Cloud Solution

    Macey Morrison
    30 Jul 2014 | 6:00 am
    This week, the CloudEntr Team is excited to announce that we have listened to our customers concerns regarding data risk in the cloud, taking on the other piece of the cloud security puzzle: file sharing and collaboration.Our CloudEntr access management solution has expanded to now offer an all-in-one solution for secure application access and file sharing in the cloud. We are thrilled to enable SMBs to capitalize on the cost efficiency and convenience of the cloud with the peace of mind of knowing their and their customer’s data is secure. The file encryption and collaboration feature…
  • And Then There was One: Secure File Sharing & Access in the Cloud from CloudEntr

    Ella Segura
    28 Jul 2014 | 6:00 am
    Ella Segura serves as the Product Manager for CloudEntr, guiding the product road map and all new features and developments.Businesses Unique, All-in-One Solution for Securing Access and Files in the Cloud Gone are the days that businesses operated their own little fiefdoms, where IT reigned supreme and all the people thankfully fell in line behind the resources that were given to them.Enter the internet and the cloud.Today, businesses are connected more than ever before and their on-location castle walls, no matter how strong, are no longer sufficient. We communicate through many channels:…
  • add this feed to my.Alltop

    Quotium

  • Inside sales specialist

    Quotium Research Center
    27 Aug 2014 | 3:34 am
    Quotium is looking for Inside sales specialists to support our sales managers. The role will be focused on the identification (and generation) of leads through research, networking, cold calling and the development of contact/prospect relationships. Responsibilities: - Lead generation, prospecting and qualification– engage in different activities to identify new opportunities and generate relevant sales leads – qualify leads by active […] The post Inside sales specialist appeared first on www.quotium.com
  • Some key (yet funny) terminologies in AGILE Scrum

    Quotium Research Center
    18 Jul 2014 | 3:03 am
    Agile has been the buzz word of the industry since 4-5 years now. It has turned around many businesses. It has not just drastically changed the cost side of the profitability tree but also improved upon the revenue side by shipping better products. Agile practitioners are no longer willing to even talk about the traditional […] The post Some key (yet funny) terminologies in AGILE Scrum appeared first on www.quotium.com
  • Leading the KANBAN way!!!

    Quotium Research Center
    18 Jul 2014 | 1:47 am
    What is Kanban? KANBAN is a Toyota principle and literally means ‘Signboard’ in Japanese. Kanban advocates continuous improvement and emphasizes on making everyone get an explicit and clear idea of the entire process. It advocates minimum work in progress inventory and just in time production. This allows team to bring continuous improvement in their operations […] The post Leading the KANBAN way!!! appeared first on www.quotium.com
  • DSDM Project Lifecycle

    Quotium Research Center
    18 Jul 2014 | 1:34 am
    A DSDM project consists of three key phases – Pre project phase Project lifecycle phase and Post project phase Pre project phase: In the pre project discussions happen at super management level wherein the business problems are identified, applications (to be built) are decided, these applications are prioritized, budget is allocated for the same and […] The post DSDM Project Lifecycle appeared first on www.quotium.com
  • Core principles and properties in KANBAN explained!

    Quotium Research Center
    18 Jul 2014 | 1:15 am
    Kanban derive its name from the Toyota principles of Lean and JIT production process. Some of Toyota’s key principles made it one of the market leaders in low cost production and helped them become industry leader in setting up many practices that others in the industry tried to follow. Kanban as in software development methodology […] The post Core principles and properties in KANBAN explained! appeared first on www.quotium.com
Log in