Weekly Industry Round-up, Week of 4/5
Posted by hyperguard on April 9, 2010
Firefox Plans Fix for Decade-Old Browsing History Leak
Dan Goodin discusses how Firefox developers are getting close to plugging an information leakage hole that has affected every major browser for over a decade. Web masters can easily compile huge lists of links visitors have previously viewed. Fixing it has been difficult because programmers didn’t know how to close the hole without breaking key web functionality. A Mozilla security team member says the hole will soon be closed in the open-source browser in a way that won’t sacrifice usability. Dan says these changes are a step in the right direction even if they don’t completely eliminate the problem.
Insecure about Security…
Interesting Data about Data Breaches
Jon Oltsik looks at a recent ESG Research survey, which asked security professionals at enterprise organizations whether their organization had suffered a data breach within the last year. Here are the results: 63% responded no, 23% said yes, there was one incident and 11% said yes, there were several incidents. Interestingly enough, organizations that must comply with more than three government or industry regulations suffered more breaches.
Tactical Web Application Security…
WAF Confusion Continues
Ryan Barnett of Breach Security discusses a recent analyst briefing held by Frost & Sullivan, which provided an overview of the WAF market in the Asia Pacific region. The presentation showed that there are still misconceptions about WAFs— organizations don’t fully understand what they are and when they need them. Many respondents felt having a powerful network firewall is sufficient to make up for a lack of a WAF. We hope this confusion will clear up and organizations will better understand the need for a distributed web application firewall (dWAF) to protect against vulnerabilities and attacks.