Another new web app. security tool to look at
There's a new security tool called CAL9000 available over at the OWASP site here
Another one to look into...
Raesene's Ramblings
Security Geek, Kubernetes, Docker, Ruby, Hillwalking
There's a new security tool called CAL9000 available over at the OWASP site here
Another one to look into...
TaoSecurity
Ethereals changing name to the snappy "wireshark ".
Sounds like good news to me for the very trivial reason that I always used to go looking for Ethereal at www.ethereal.org only to find that it wasn't there ;op
Nightmare On Wall Street: Prosecution Witness Describes 'Chaos' In UBS PaineWebber Attack - Yahoo! News
Article about a bank who suffered from an internal attack.
Regardless of whether the guy on trial is guilty or not, the numbers mentioned in this case are a good point for why internal security is something which requires a lot of attention. From the article, the defence case seems to revolve around the fact that the network had very poor security and as such there's no way to prove that it was the defendant that placed the malicious code...
the estimate is that $3.1 million was spent on repairing the damage alone and I'd guess that the loss from lost business and opportunity cost of people not being able to use systems is going to be pretty high as well.
Dark Reading - Host security - Social Engineering, the USB Way - Security
I like the idea of the trojan USB keys that the pen testing firm came up with.
given the level of success they had with this, I'd guess it won't be too long before someone who's not one of the good guys tries this as a technique...
This is another good reason to lock down USB ports on corporate machines!
SecuBat: A Web Vulnerability Scanner
Interesting looking paper which is being presented at the www2006 conference on automated web application testing.
It'll be interesting to see if they release the secubat tool they've developed as part of the work.
Five common Web application vulnerabilities
Article on security focus on common web app vulnerabilities. Nice to see an article that doesn't just repeat the obvious but acually goes into some detail about how the attacks are carried out...
<a title="CERIAS Weblogs
Security-Protocols :: The Bug Hunters Blog - Latest on OS X research..
Post about some serious security flaws in OSX, found by a security researcher.
I must say, I'm not surprised.
There's not been a lot of focus on security of Apple products in the past, but it seems that when it comes, with the increasing popularity of the platform, there will be a decent quantity of problems.
Whilst the UNIX-like underpinnings of OSX provide certain security advantages, there's nothing that I'm aware of which makes their security inherently better, at an application-level. And if they're typical of most tech companies, they won't be paying a huge amount of attention to secure development practices, until they start getting problems with published flaws/virii/worms...
How The Anti-Virus Industry Is Turning A White Hat Black, or (at least) Gray
Some interesting information about some work done to create an encrypted rootkit for winodws.. The worrying bit is that three months after it was put out, the main anti-virus still can't find it...
more information here.
Adventures of the White Rabbit