Hidden fraud risk in Sarbanes-Oxley? | CNET News.com
Interesting perspective on SOx in this article, that the huge amounts of data being assembled for SOx compliance purposes will cause frauds to go unnoticed... I did notice that the quote came from a company whose business involves selling data analysis tools!
SANS - Internet Storm Center - Cooperative Cyber Threat Monitor And Alert System - Current Infosec News and Analysis
Interesting to see new categories of attacks gaining in popularity, as highlighted in this handlers' diary entry.
Adding malicious content to hosted websites is a handy way for malware authors to ensure that their code will be executed, rather than relying on e-mails with links which (hopefully) are a less useful vector (Surely by now a decent percentage of Internet users don't go around clicking links sent in e-mail....)
Also another good example (as if anyone needed more) of why patching is critical to protecting PC's at the moment.
Financial Cryptography: Cryptographers have a Responsibility to Explain Results
An interesting post over at financial crpytography looks at the practical implications of a recent paper on collisions in MD5 and possible effects on the security of certificates.
I'd agree that the paper has been taken out of context in a lot of stories, but then that seems to happen a lot when the journalists covering something aren't maybe experts in that field, also I suppose there must be a temptation for the researchers to talk up their findings...
well the blog's been offline for about 2 months, not really to plan....
Caused by a series of hardware failures in the old server, 1st the motherboard/processor and then the system disk, 2 days later!
Combined with a 3 week holiday in India, left me sans server for quite a while...
But I'm back up and running now better than ever, the servers gone from a PII-450 to a Athlon64 2800+ which should make things a bit nippier.....
Martin McKeay's Network Security Blog: Is your webcam one of these?
From the post on Martin McKeay's blog, looks like I'm not the only one worried about where people are putting network webcams...
There's more info for a wide variery of cams Here and Here ...
there's some more comment on the ongoing Chip & PIN implementation in the UK at Schneier on Security and Financial Cryptography , with some interesting points being made about how this move co-incides with one to shift the liability for fraudulent transactions from banks to retailers where the terminals haven't been upgraded.
Interesting to note that I've recently received a credit card with an expiry in 2006 which doesn't have a chip on it... I wonder if retailers will start refusing to accept cards without chip&PIN in order to avoid liability.
There's an interesting post over at <a title="The Quiet Earth
Firefox Tuning - MozillaZine Forums
Information on firefox tuning. The section on pipelining is particularily cool. I've switched it on and definately see a speed up in my browsing...
Looking at a couple of tools I found on the web CGIProxy and PHProxy it seems to me that content based blocking by companies becomes a bit pointless, as you can put one of these scripts on a home PC on a DSL/cable modem connection and bypass anything which blocks based on URL, unless you use a "everything not explicitly allowed is denied" setup, which is kind of a hard sell in most companies.
Additionally, if you access these over a SSL connection, any proxies or content checkers won't see anything apart from the original URL so content scanning wouldn't work either...
Just goes to show, open one port on a firewall and be prepared for the fact that almost any content can come through....
Over at cryptome.org there's a page - British Military Intelligence Website Hijacked
Looks like the MOD forgot or didn't want to renew the DNS for intelligencecorps.co.uk!
As a result someone in the US (cryptome say that it's a former british agent, not sure where that info. comes from) has registered the domain, and will be getting e-mails sent by people using the Intelligence Corps part of the mod site... (as well as any other mail that may be sent to that domain!!)
DNS management.. It's important!
