|
Google Open to Frame Injection Attack
Security Garden
Talk to the XRay, the screener isn't listening
Emergent Chaos
Metal plates send messages to airport x-ray screeners. I want
one with the 4th amendment on it....
Its Not the ISA Firewalls Fault - Example 9,998,937
Thomas Shinder Blog
When an ISA firewall is in the mix, it often seems that all
sense is thrown to the wind when it comes to network
troubleshooting. When there's an Internet connectivity problem,
the fingers quickly point to the ISA firewall.
Life in the Labs
SophosLabs blog
I’m a new recruit at Sophos, and thought there might be
interest in my experience of starting here. It’s been
three months since I started my training as a virus analyst,
and I’m still learning new things every day. I’m
located in
Looking forward to RSA Conference 2009
Network Security Blog
I really look forward to the RSA Conference in San Francisco
every year. It was fun when it was just another security
conference, but since we’ve started doing the Security
Blogger Meetup, it’s become one of the main conventions I
look f
Cyber Security Awareness Tip of the Day: October 11
Security Garden
Links for 2008-10-10 [del.icio.us]
weblog.cemper.com - Technology, Software Development, Project Management, Marketing News
Various Items: Oct 10, 2008
Security to the Core | Arbor Networks Security Blog
Spent part of the day looking at ASProx botnet activity by
groveling through Apache web server logs. Our fast flux monitor
has been looking at their domain name usage for a number of
months, but this aspect has been on the back burner for me for
a bit. Th
Kelvin Steele Made Me Do It
Vitalsecurity.org - A Revolution is the Solution
Spammers: Encouraging us to kill our significant others since 2008. Recording Notice: Security Roundtable - Blogger Ethics
Network Security Blog
Michael Santarcangelo and I will be recording the next episode of the Security Roundtable tomorrow morning at 7:00 am PDT. You can listen to the podcast live at http://hak5radio.com:8000/srt.mp3.m3u We’ll be joined by our friend Jennifer
Links for 2008-10-10
taint.org: Justin Mason's Weblog
Detecting Anonymizing Proxies
Matasano Chargen
None
Friday Summary, 10-10-2008
securosis.com
What a wild, wacky, crazy week. I have a funny suspicion a lot of stock brokers and investors are scraping together their spare change for some major liquid escapes this weekend. As a small business we haven’t felt the impact yet, but we are keeping
What the hell?!?
The Dark Visitor
Dr. Antonio Nucci, Chief Technology Officer at Narus writes:
Last April, a politically motivated Chinese blog called The Dark Visitor” rallied hackers to launch a DDoS attack on CNN.com for its coverage of the relationship between China and Tibet.
J
Chinese hackers gain access to World Bank
The Dark Visitor
At least there seems to be evidence that two of the six major attacks originated from IP addresses inside of China:
In total, at least six major intrusions two of them using the same group of IP addresses originating from China have been detected at the
Cyber Security Awareness Tip of the Day: October 10
Security Garden
When I began this series of "Tip of the Day", I did not know what kind of response I would receive from the sites where I asked for suggestions. Interestingly, two LandzDown members, October 2008 Advanced Notification
Security Garden
None
Antivirus 2010 and other fake security products continue
Harry Waldron - Microsoft MVP Blog
Sunbelt is continuing to warn on three brand new variants from the AntiVirus 2009 family. These products try to simulate legitimate security products and will infect vulnerable systems.
Antivirus 2010 an
None
NetSec
Token Kidnapping Windows 2003 PoC exploit
Phishers, Virus Writers Exploit Global Financial Crisis
Security Fix
None
Owning Networks With Soldering Irons and Radio Shack Parts
Matasano Chargen
None
Cracking CAPTCHA: Another Russian Business
McAfee Avert Labs
We’ve already written about CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart), the mechanism used to protect web sites, forums, and mailing systems against the automatic creation of accounts and contents. As my col
Friday Squid Blogging: Natural Squid Steganography
Schneier on Security
Squid can communicate with each other without any other fish noticing:
Squid and their relatives have eyes that are
Phishers, Virus Writers Exploit Global Financial Crisis
Security Fix
None
Why MSSPs are going to rule the SMB/SME roost
StillSecure, After All These Years
I don't think there are too many people who disagree agree that the MSSP model of providing security is a valid and growing segment of the security business. Recently, I have been giving a lot of thought as to whether...
Saudi Television News Website Attacked
Politically Motivated Computer Crime and Hacktivism
The defacement of Al Arabiya's website, a Dubai based, Saudi-owned television station, was in apparent retaliation for recent attacks on Shiite websites:
Increase in High-Tech Terrorists in India
Politically Motivated Computer Crime and Hacktivism
Indian police are reporting and increase in recruiting of high-tech individuals to assist in terrorist attacks. Most recently was the arrest of three IT professionals that used computer intrusions to send e-mails just before and after bombings in India:<
Notes from SANS Penetration Testing with Confidence Webcast
Carnal0wnage Blog
SANS Webcast
https://www.sans.org/webcasts/show.php?webcastid=91101
Penetration Testing with Confidence: 10 Keys to Success
Lenny Zeltser
-(slide 3)
To Open Wifi or Not To Open Wifi?
Kaspersky Lab Weblog
None
From simple to complex
Hex blog
The last week Elias ran a sample malware in the Bochs emulator and I was curious to see what it exactly does.
So I took the unpacked version of the malware and fed it into the decompil
Info Security & Privacy Convergence in Michigan!
Realtime Community | IT Compliance
I just realized that I have not yet posted about providing our "Information Security and Privacy Convergence and Collaboration" 2-day tra
NERC Critical Infrastructure Protection Will Always Change with the Evolution of Technology
Speaking of Security, the RSA Blog and Podcast
As Stewart Brand once said "Once a new technology rolls over you, if you're not part of the steamroller, you're part of the road".
I think this quote describes perfectly the role in which IT depart
Trojan.Silentbanker Decryption
Security Response Weblog
On Monday we saw that Trojan.Silentbanker had added rootkit functionality in order to hide its own files. Today we'll look at another change that the new version of the Trojan has introduced, namely, the new configuration file format that the Trojan uses.
The More Things Change, the More They Stay the Same
Schneier on Security
Guess the year:
Murderous organizations have increased in size and scope; they are more daring, they are served by the most terrible weapons offered by modern science, and the world is nowadays threatened by new forces which, if reckles
A comment on the Google energy plan worthy of your time
StillSecure, After All These Years
One of the best things about blogging is the feedback I receive from people who comment. For those of you reading this, reading blogs without commenting deprives the blog from a vital piece of the equation they need to be...
Appearance on Bill Brenner's CSO Online Podcast
StillSecure, After All These Years
As you may know Bill Brenner, senior editor for CSO Online was our guest on a recent StillSecure, after all these years podcast. I also recorded a podcast with Bill for CSO Online on P2P, LimeWire, Facebook, etc. It was...
Traffic Talk 2 Posted
TaoSecurity
 My second edition of Traffic Tal
Brute force attacks against WPA/WPA2 using Nvidia cards
Network Security Blog
According to The Register, Russian company Elcomsoft has made a major jump in cracking WPA and WPA2 passwords using Nvidia graphic cards to brute force the passwords. They say that a system with two Nvidia GTX 280 video cards in it can crack the pas
Apple, Opera Ship Security Updates
Security Fix
None
North America Recap
Speaking of Security, the RSA Blog and Podcast
I was one of the 650 attendees at the recent annual North American PCI Community Meeting. Held at the Omni Champions Gate resort in Orlando, it was great to speak with m
"Catch Me, Yes YOU Can": Realized Threats at the Corner Store
Speaking of Security, the RSA Blog and Podcast
just returned from the Payment Card Industry's 2008 Members Council Meeting in Orlando, Florida. We had a blast despite the mood being somewhat dampened as a
Poll: Stickers 2008
F-Secure Antivirus Research Weblog
Wow. Our request for sticker suggestions yielded some really great results. Thanks to everyone.
Now we have a couple of polls that will factor into our decision making process.
Apple, Opera Ship Security Updates
Security Fix
None
ModSecurity at ApacheCon US 2008
ModSecurity Blog
None
None
NetSec
Quick! Call the news!
Data Mining for Terrorists Doesn't Work
Schneier on Security
According to a massive report from the National Research Council, data mining for terrorists doesn't work. The Restaurant at the End of the Universe
Vastly Important Notes
Had a great meal with great friends at the French Laundry last night.
Expanding Response: Deeper Analysis
When {Puffy} Meets ^RedDevil^
|
