There's a great presentation on Web Application Security Testing tools over at OWASP . It breaks the available tools down into sensible categories and also has some quite comprehensive lists of available tools for each category.
EclipsePlugins : ratings for the EPIC - Eclipse Perl Integration Eclipse plugin (Languages)
I've been looking for a free perl IDE for a while now, to help my infrequent programming efforts. This seems to work quite well with eclipse....
An interesting demo of a MS patch being reversed engineered to make creation of an exploit simple.
This shows an good reason for installing any security patches as soon as possible.....
E-commerce now a turn-off - official | The Register
well not really, just growing more slowly.... But it's an interesting story all the same. It seems that, surprise surprise, Internet users are getting tired of all the phishing and spyware and viruses, and some are stopping useing the 'net for shopping and banking.
I actually think that this could become and accellerating trend. I don't see any magic bullets to make things easier for ordinary, non-technical, Internet users and without some sort of change more and more people will give up on using the 'net for e-commerce no matter how convenient it is.
The annoying thing is that this will hit all the banks and many retailers in the pocket, but because it's no one companies problem, none of them seem to be stepping up to take a lead in trying to combat this...
An interesting posting about the credit card industry's PCI security standard, and some commentary on it.
There's a great interview with Marcus Ranum over at Securityfocus. It's obvious from the responses that he's been around in network security for a while and knows what's what..
Also there's a couple of great quotes...
in response to "If a standard protocol is broken or insecure, what is the best solution? Maybe supporting only some features or adding a crypto layer?"
If it's broken, adding crypto just makes it broken and hidden. is a classic...
also there's some interesting thoughts on de-perimeterisation and advocacy of data-level protection as the solution to all evils
Link to a Pen Testing framework, looks interesting, but a little daunting to read at 1054 pages !!
Another to add to this years seemingly endless stories of large companies sufferering losses of customer information, in this case CC info...
What I'm very interested to see is what actual penalties/negative consequences affect the companies responsible for these breaches, as I think it will shape some of the internal debate in companies that handle this kind of data about appropriate levels of security.
One thing that does seem to have happened is a loss of share price for choicepoint... looking at their stock graph their trading down about 20% from around the point when their breach was publisised....
Actually maybe that's worth looking at (getting a list of the breaches from privacyrights and comparing stock prices before/after)
SysWear :: Programming t-shirts
Cool looking line of geek t-shirts... I particularly like this one
Schneier on Security: Attack on the Bluetooth Pairing Process
Here's a note from Bruce Schneier on an interesting new attack on the bluetooth protocol (or more accurately common implementations of the protocol)...
Following this, if there are tools released which implement the attack, it'll really reduce where bluetooth should be used in corporate settings... all those lovely bluetooth headsets that people in the UK have bought...
CyMotion Linux Cherry Keyboard
Link to instructions to get the cool cherry linux keyboard working without using the supplied software (which appears to be Suse only).
Nice keyboard as well as having cute penguins on in :o)