ScreamingCSS - Vulnerability Detector | SecGuru
Not tried this out yet but it could be quite interesting. Especially as it's written in perl, so I'll have some chance of understanding/tweaking it....
Mobilised com au - BETTER WIRELESS SECURITY
This announcement from Intel and Cisco could be good for wireless networking security, although at the moment it does seem a touch light on detail. Of course the worry I'd have with this kind of partnership is that the parties might choose to keep their enhancements proprietary, which would not be a good thing...!
I like NAC as an idea, but I've not seen any large deployments of it yet, so I'm unsure as to whether it would be a manageable/scalable solution.
SC Magazine
I was looking for some wireless security articles this morning and came across this one which appears to be saying that wireless networks are fundamentally insecure and therefore the answer is to run VPN's over them....
Now this might have been the only answer before 802.11i was agreed and issued, but nowadays I'd say that a possibly better alternative to running a VPN over wireless is to run a decently secured client, use multi-factor authentication with PEAP, use AES for encryption and put some decent level of firewalling in between the wired and wireless networks to restrict what can be transferred from one to the other.This way you leverege your existing investment in wireless equipment...
Of course a cynic might also have pointed out that the author of the article is Chief Technology Officer of a company who make......... wireless VPN's!
Open Source Web Design - Home /^/
Remember how I mentioned that I was looking for a site template that wasn't part of a Content Management System..... Now I find it!!
Spire Security Viewpoint: *[Adjective] Computer Worm [verb] Internet*
As homer said... "it's funny 'cause it's true"
Started putting stuff on here again after a long while off... have been busy doing things with Wireless networks and the like which I may get round to posting some time.
I've also been trying my hand at website design. After looking at many Content Management Systems and not really finding any that suited what I wanted (a quick simple site with content about a given subject, no forums, no news section, no logins...) I reverted to the fine art of the text editor, a book on HTML and CSS and some websites..
At the end of it is a site about Scottish Artist Isobel Ellis (or the mother-in-law as she's also known!)
SSL > Banks Abandoning SSL On Home Page Log-Ins > August 23, 2005" href="http://www.informationweek.com/story/showArticle.jhtml?articleID=169600305">InformationWeek > SSL > Banks Abandoning SSL On Home Page Log-Ins > August 23, 2005
Interesting story noting that some big financial players in the US are changing their banking login pages from SSL for the whole page, to just creating an SSL session when the credentials are submitted...
The obvious point is made in the story, that this makes a Man in the Middle attack against the bank far easier as the content of the page can be modified without any pesky encryption getting in the way...
Security Fix
story covering a conversation with the alleged author of the zotob worm. What's interesting from this is that his goal appears to have been to make it easy for spyware and other nasties to get installed on PC's through the modification of IE security levels...
It's a nasty attack as I bet most people wouldn't notice that the change had been made... (when was the last time you checked your IE Security Levels...)
SecuriTeam.com ™ - IIS Information Disclosure
(NB I've not tested/run this yet so dunno if it does what it says on the tin)
Interesting looking new exploit for IIS over at securiteam... This may allow you to get access to error information on IIS6 which would be very handy when looking for SQL injection /XSS vulnerabilities...
Security Fix
story referring to a new IE vulnerability, sounds reasonably nasty. According to the advisory here it affects XP SP2, which is interesting.
Upatched at the moment... so time to use Firefox/Opera for a while :o)
