The popular social news site Reddit was breached with an XSS exploit. Of course, the article does not indicate what, if any, protection methods Reddit was using to prevent this most popular of web site exploits. I wonder how they would do if an auditor showed up tomorrow using CSIS's Twenty Critical Cyber Security Controls (I previously posted) as a reference.
Recent Posts
Archives
- January 2017
- November 2016
- July 2015
- February 2014
- January 2014
- November 2013
- October 2013
- April 2013
- March 2013
- February 2013
- September 2012
- August 2012
- July 2012
- June 2012
- April 2012
- March 2012
- February 2012
- January 2012
- December 2011
- November 2011
- October 2011
- August 2011
- July 2011
- June 2011
- April 2011
- March 2011
- February 2011
- January 2011
- December 2010
- November 2010
- October 2010
- September 2010
- August 2010
- July 2010
- June 2010
- May 2010
- April 2010
- March 2010
- February 2010
- January 2010
- December 2009
- November 2009
- October 2009
- September 2009
- August 2009
- July 2009
Tags
Apple
application security
bank fraud
botnets
breach
breaches
C&C
cloud security
Command & Control
compliance
Damballa
DNS
Facebook
FireEye
Firesheep
funds transfer fraud
Gartner
Google
Heartland Payment Systems
HIPAA
identity theft
information technology
iPhone
IT Security
IT Security 2.0
Koobface
malware
Microsoft
next-generation firewall
Palo Alto Networks
PCI DSS
phishing
Positive Control Model
privacy
risk
Risk management
SANS 20 Critical Controls
security
security management
SIEM
Social Engineering
social networking
Stuxnet
Web 2.0
Zeus
© 2024 RiskPundit. All rights reserved.
Design by picomol. Powered by WordPress.