[ hardening your macintosh ]
Looks like this site has loads of good information on Mac OSX security including stuff regarding Pen testing OSX machines...
Unicornscan
Interesting sounding port scanner to try out.
SecurityFocus HOME Infocus: Windows NTFS Alternate Data Streams
A good security article at securityfocus.com covering Alternate data streams in windows. There are 2 tools mentioned in the article which I think are well worth using, either on a periodic basis as a audit tool, or on a machine which you think may have been compromised.....
Main Page - SecurityForest
Now this is interesting, I've not had the chance to download/look at the software from the site but it claims to be similar to metasploit but with far more exploits.....
Which would be cool. one to look at anyway...
Ask me no secrets and I'll tell you no lies
A write up at Arstechnica of another successful social engineering excercise in London.... of course there's the usual point about how much of the information gathered is actually accurate, but I think it's still a good example of why humans can, in many cases, be the weak link in a security solution.
Surftp - Web Based FTP
handy site for accessing FTP sites from locations where you only have HTTP access. Of course, if you're paranoid like me then you wouldn't trust this service to transfer any sensitive data in the clear, as while they say they won't use any of the info. gained there's nothing to guarantee that..... (not that I'm implying they will, I'm just paranoid !!)
Breaking Firewalls with OpenSSH and PuTTY
This is a good walkthough on using SSH to tunnel other protocols through firewalls.
Usually though, I find that the protocols which are left open on firewalls these days are HTTP and sometimes SMTP....
Of course HTTP is all you need as things like SSL VPNS can be used to tunnel arbitrary protocols.... over HTTPS... while I think of it, there's a handy free one called SSL explorer
Security Clinics & Labs
Cool security info. from Microsoft.....
Martin McKeay's Network Security Blog: Still trying to absorb this one
A pointer to an interesting article to read...
Legal threat stops flaw info release - Computerworld
Well this isn't a good thing for security research in my opinion. Whilst I don't always think that security companies getting press by releasing exploits is a good thing, it is one of the main ways that software companies seem to be put under pressure to improve the security of their software.
Ideally companies would always be proactive about improving the security of their systems, but in the real world other things tend to take precedence, unless it's made a priority for them by external people, either security researchers pointing out flaws, or "black hats" exploiting their software...
Arguably if Microsoft hadn't developed such a bad reputation for security a couple of years ago, we wouldn't have seen all the excellent initiative their producing now.....
