Invite to discuss

Want posts & news about #domain on your wall?

Sign Up

domain

Posts
485
Experts
206
Views
191K
Shares
1K
Upvotes
5.3K

Posts

EAS-SEC. Oracle PeopleSoft Security Configuration. Part 5: Open remote management

In most cases, enterprise applications provide functionality for remote administration‍ of the systems as well as access to various technical services. Such services can be available for connection from the Internet, and, in case of unsafe settings, be remotely managed without any authentication procedure. PeopleSoft applications are integrated, and most of the remote configuration is perf… Read more
2
Start the discussion...
David Froud

Human Resources, the Missing Piece From Every Security Program

Like a ‘service on the Internet’ – which we’ve had for decades – is now called The Cloud, Human Resources is now known by more touchy-feely names. Talent, People, Employee Success, all sound great, but they don’t represent a fundamental shift in the functions they perform. Or even HOW they perform those function from what I’ve seen. Regardless of w… Read more
1
Start the discussion...
LukeAhmed

If You’re Studying For The CISSP, Watch These Movies

This is the full link: https://www.studynotesandtheory.com/single-post/If-You%E2%80%99re-Studying-For-The-CISSP-Watch-These-Movies I knew if I wanted to pass the CISSP the first time, I’d need to eat, sleep, dream, breathe the CISSP. Studying for the CISSP became a strong part of my everyday thinking. I’d wake up thinking about DRP/BCP, and I’d go to sleep thinking abo… Read more
4
8
Join the discussion...
Mark Stafford
The original U.K. version of the Italian Job where they hack into a traffic control system.
1
Liston Johnson MSc(Lon), MBCS, CISSP, GCFA, CIPM
Windtalkers for cryptography.
1
Or Katz

The Slippery Slope Starts with "Get 2 Free Airline Tickets"

A widespread phishing scam that offers free airline tickets has been spotted in the wild by Akamai's Enterprise Threat Protector (ETP) security research team. The campaign uses a number of social engineering techniques to trick people into providing their private information. When someone clicks on the link in the phishing email, they are taken to a dedicated website that tells them they hav… Read more
Start the discussion...
Uranium 238

File upload Mishap allowing XSS on Yahoo subdomain

While doing a security research on Yahoo Inc. systems, I decided to analyze its iOS apps and see how they were handled. Yahoo in general has wide variety of scopes from all of its *.yahoo.com domain to domains of it acquisitions as well. That said, many researchers focus on web application that Yahoo has which leaves some of its iOS apps vulnerable. First process was to download the app. To test … Read more
4
4
Join the discussion...
Scott Burns
Uranium 238‍ , this is a very cool post. How was your experience with the Yahoo's bug bounty team? Have you submitted more bugs to other bug bounty programs? Which one was your best and worst experience with?
1
2
mstancel
good catch
1
Steven Butt

Risky Business using DomainTools Risk Score to find bad domains on your network.

DomainTools I want to start the New Year by making a couple of predictions for how things will go in 2017. I’m going to predict that The Atlanta Falcons will beat the Green Bay Packers, that the Pittsburgh Steelers will lose to the New England Patriots and that the Falcons and Patriots will end up in the Super Bowl game. Now I know some of you will cry foul, saying that some of these… Read more
Start the discussion...