SANS - Internet Storm Center - Cooperative Cyber Threat Monitor And Alert System
Another new 0-day for Internet explorer.. This has the potential to be quite nasty as there's Proof-Of-Concept code in the wild and there's no patch available as yet..
March 2006 Archives
Ethical Hacking and Computer Forensics: Fuzzers - The ultimate list
Link to a cool list of fuzzers which could be very useful for doing application security reviews.
Some interesting comment on BP's new deperimeterisation moves (more information here )
I'd agree with the sentiments expressed in TaoSecurity, I agree with the Jericho Forums position that every device should be able to stand on its own from a security perspective, however the idea of deliberately weakening the security afforded to laptops by connecting them directly to the Internet when they're on the Corporate LAN seems like a very bad plan, as it reduces the numbers of layers of protection afforded to them needlessly.
Also it renders the security of the laptops very brittle, so if for example there is a problem with a change deployed to these devices which leaves them vulnerable to an attack, they won't have the safety net of being behind a corporate firewall to allow the IT team time to fix the problem before it has an impact...
I've also been thinking, how is this going to work in practice? If the laptops are on the Internet, surely they'll need to connect to Corporate IT assets, so they'll need a VPN tunnel into the company. Also surely BP will still want to take advantage of centralised web site monitoring, Email Anti-Virus etc... So all the traffic from these laptops sitting in corporate offices will go through a VPN tunnel back into the corporate LAN then potentially back out onto the internet.... Surely that's not a great plan from a cost perspective..
