The Security Pub

Random Thoughts About Security

New Microsoft Tool Clones Browser, Runs Remotely

Scientists at Microsoft Research have unveiled a new way to secure complex Web applications by effectively cloning the user’s browser and running it remotely. Many of the latest Web applications split their executable code between the server and the client. The problem is detecting whether the code running on the user’s home PC has been compromised in some way. The new Microsoft solution, known as Ripley, was announced on Tuesday at the Association for Computing Machinery’s Computer and Communications Security Conference in Chicago.

Read the full article

Good risk management lead to compliance?

This is a relatively a reasonable way of thinking, however there is one catch. Not all regulations are created to reduce risk. Think about PCI-DSS compliance by merchants. PCI-DSS tries to reduce risk for card brands, issuers and acquirers by forcing the key point of compromise (merchants) to apply proper security controls. However, the cost for the merchant to apply those controls is higher than the risk reduction they will gain. That’s why fines are usually established by regulating bodies, to artificially increase the risk to the organization responsible for applying the controls. If this “manipulation of risk economy” is not done properly, then the “good risk management leads to compliance” concept does not work.