Threat level definition
Search:
Home
Bugtraq
Vulnerabilities
Mailing Lists
Jobs
Tools
Vista
News
Infocus
Foundations
Microsoft
Unix
IDS
Incidents
Virus
Pen-Test
Firewalls
Columnists
Mailing Lists
Newsletters
Bugtraq
Focus on IDS
Focus on Linux
Focus on Microsoft
Forensics
Pen-test
Security Basics
Vuln Dev
Vulnerabilities
Jobs
Job Opportunities
Resumes
Job Seekers
Employers
Tools
RSS
News
Vulns
Security Research
Blogs: Another Tool in the Security Pro's Toolkit (Part One)
Scott Granneman
,
2003-07-16
Comments
Mode:
Threaded
Flat
Expand all
|
Post comment
Blogs: Another Tool in the Security Pro's Toolkit (Part One)
2003-07-16
Anonymous
Blogs: Another Tool in the Security Pro's Toolkit (Part One)
2003-07-16
Anonymous
(1 replies)
Blogs: Another Tool in the Security Pro's Toolkit (Part One)
2003-07-17
Anonymous
Blogs: Last Thing We Need!
2003-07-17
Anonymous
(1 replies)
Blogs: Last Thing We Need!
2003-07-24
Kelly Martin
Blogs: Another Tool in the Security Pro's Toolkit (Part One)
2003-07-17
Chris Caydes
Blogs: Another Tool in the Security Pro's Toolkit (Part One)
2003-07-18
Anonymous
(1 replies)
Blogs: Another Tool in the Security Pro's Toolkit (Part One)
2003-07-18
Anonymous
Really running out of things to talk about, eh? (nt)
2003-07-18
Anonymous
(1 replies)
Meaning of (nt)
2003-07-23
Anonymous
Blogs: Another Tool in the Security Pro's Toolkit (Part One)
2003-07-18
Anonymous
(1 replies)
Blogs: Another Tool in the Security Pro's Toolkit (Part One)
2003-07-18
Anonymous
Blogs: Another Tool in the Security Pro's Toolkit (Part One)
2003-07-21
blacklight
(1 replies)
Blogs: Another Tool in the Security Pro's Toolkit (Part One)
2003-07-24
Anonymous
Following sound security management procedures (separation of duties, etc) this is an issue for *change control*.
Why give the admin the ability to run the server that serves as an audit log for his actions?
If the site's so small they can't afford to run a change control process, they're not going to properly implement this to provide adequate assurance.
If the admin screws up he can just go back in and modify the blog to cover his bum.
[ reply ]
Link to this comment:
http://www.securityfocus.com/comments/columns/173/21034#21034
I enjoyed the article
2003-07-21
Anonymous
Blogs: Another Tool in the Security Pro's Toolkit (Part One)
2003-07-22
Anonymous
article pointing at a real problem .. but doesn't have a realistic solution
2003-07-22
Zina
The real security use for Blogs
2003-07-22
Anonymous
Blogs: Another Tool in the Security Pro's Toolkit (Part One)
2003-07-25
Sean Tomlinson
Privacy Statement
Copyright 2008, SecurityFocus
Why give the admin the ability to run the server that serves as an audit log for his actions?
If the site's so small they can't afford to run a change control process, they're not going to properly implement this to provide adequate assurance.
If the admin screws up he can just go back in and modify the blog to cover his bum.
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/columns/173/21034#21034