軍方爆發文件洩密案,再次突顯資訊控管慎防漏洞的重要性,資安專家說。
根據媒體報導,因國防部小兵違反規定,將未能切碎的機密文件賤賣給民間回收業者,導致軍事機密被一一拼湊出。令平時強調保密防諜、且投入巨資購買設備的軍方資訊外洩,最後敗在看似不起眼的疏漏。
值得注意的是,這已不是第一次軍方資訊外洩的新聞。專家指出,資訊安全工作繁複,科技、人、流程都是可能的資訊漏洞所在。
- Oct 03 Wed 2007 09:30
軍方文件洩密 突顯資訊控管漏洞多
- Sep 28 Fri 2007 09:47
專訪WhiteHat CTO:Web應用使邏輯漏洞危害更大
網頁應用程式安全評估專家、網頁應用程式安全聯盟(Web Application Security Consortium, WASC)創辦人、WhiteHat技術長Jeremiah Grossman今(27)日應OWASP(開放Web軟體安全計劃)台灣分會之邀,來台參與OWASP亞洲年會並發表演說。
網頁應用程式安全專家認為,商業流程中可能隱藏的小缺失,在進入Web情境後,其風險將會被擴大,影響更多人。
- Sep 28 Fri 2007 09:35
Tk GIF Processing Buffer Overflow Vulnerability
| Secunia Advisory: | SA26942 | |
| Release Date: | 2007-09-27 | |
| Critical: |  Moderately critical |
|
| Impact: | DoS System access |
|
- Sep 28 Fri 2007 09:33
F-Secure Archives and Packed Executables Detection Bypass
| Secunia Advisory: | SA26948 | |
| Release Date: | 2007-09-27 | |
| Critical: |  Not critical |
|
| Impact: | Security Bypass |
|
| Where: | From remote |
|
- Sep 28 Fri 2007 09:30
Cisco Catalyst 6500 / Cisco 7600 Series Devices Accessible Loopback Address Weakness
| Secunia Advisory: | SA26988 | |
| Release Date: | 2007-09-27 | |
| Critical: | Not critical |
|
| Impact: | Security Bypass |
|
| Where: | From local network |
|
- Sep 28 Fri 2007 09:27
Xen pygrub Command Injection Vulnerability
| Secunia Advisory: | SA26986 | |
| Release Date: | 2007-09-27 | |
| Critical: |  Less critical |
|
| Impact: | Security Bypass |
|
- Sep 28 Fri 2007 09:24
被入侵網頁 - "國立彰化師大會計系暨研究所"
- Sep 28 Fri 2007 09:20
被入侵網頁 - "屏東縣里港鄉三和國民小學"
- Sep 28 Fri 2007 09:15
被入侵網頁 - "晟峰精密工業股份有限公司"
- Sep 28 Fri 2007 09:13
被入侵網頁 - "屏東縣潮和國民小學"
- Sep 28 Fri 2007 09:11
被入侵網頁 - "南台科技大學-生物醫學工程研究所"
- Sep 28 Fri 2007 09:07
被入侵網頁 - "華人基因變異資料庫 Chinese Gene Variation Database"
提醒您, 亞洲安全弱點通報中心監控到:
. 被入侵網頁 - "華人基因變異資料庫 Chinese Gene Variation Database"
- Sep 26 Wed 2007 12:32
Cards, Cards, Cards, Baked Beans, Cards, Cards...
- Sep 26 Wed 2007 12:08
Sophos Blocks Unauthorized Remote Connection Tools
Sophos added remote connection tools to its list of blocked devices on its Sophos Endpoint Security and Control, shutting a new window on threats, company officials said Sept. 25.
Remote connection tools like RealVNC and Radmin that allow employees to access remote-based PCs or laptops from any other computer via the Internet, though often unendorsed by IT management, are common tools used by staff and represent an end-run around corporate computer usage policies, Sophos contends.
Remote connection tools like RealVNC and Radmin that allow employees to access remote-based PCs or laptops from any other computer via the Internet, though often unendorsed by IT management, are common tools used by staff and represent an end-run around corporate computer usage policies, Sophos contends.
- Sep 26 Wed 2007 11:41
Linux系統安全隱患及安全管理的方法
世界上沒有絕對安全的系統,即使是普遍認為穩定的Linux系統,在管理和安全方面也存在不足之處。我們期望讓系統儘量在承擔低風險的情況下工作,這就要加強對系統安全的管理。
下面,我具體從兩個方面來闡述Linux存在的不足之處,並介紹如何加強Linux系統在安全方面的管理。
下面,我具體從兩個方面來闡述Linux存在的不足之處,並介紹如何加強Linux系統在安全方面的管理。
