January 31, 2006
NMAP 4's out!
Well NMAP 4's out and from the link it looks like there are a fair number of cool new features and enhancements to it...
One to try out over the next couple of days.
Some good points on Client Security
Security Fix - Brian Krebs on Computer and Internet Security - (washingtonpost.com)
An interesting posting on a somewhat neglected area of risk to client machines.
The point that potentially exploitable 3rd party Active X controls will be installed on many, if not all client PC's is a good one.
I've seen companies that more or less successfully patch browsers and audit client software, but I'm not aware of any that track Active X component versions...
Sounds like a good reason to lock down Active X installations on Corporate Clients..
January 29, 2006
Overview of security updates in .NET 2.0
Interesting looking developer-level view of some of the new security related features in .NET 2
January 26, 2006
Oracle Security Slowness
Zero-day details underscore criticism of Oracle
Article about the slowness with which Oracle is patching its software. Given the fact that many companies will be using Oracle software to store a lot of their critical information, it's quite worrying that they can take over 2 years to deploy a fix for a bug.
We've seen with the current worm/botnet problems, a trend for security exploits to be part of professional criminal activities. So I wonder what the likelihood that there are Blackhats actively working on finding database flaws... I'd say reasonably likely, with that likelihood increasing over time.
So if we assume that, then we can assume that they'll be finding the same things that security researchers have been finding and notifying Oracle of, at which point it becomes pretty worrying that Oracle are so unresponsive in terms of patching these flaws...
Blog Worm....
Although my paranoia does make me worry as to whether there are any potential downsides to this, it's too funny to pass up
UPDATE : now edited to use a non-updating version, in case of malicious alteration of source... for more info. see link here
January 20, 2006
Web 2.0
The Best Web 2.0 Software of 2005 (web2.wsj2.com)
Some interesting information on web 2.0 sites.
January 19, 2006
Good Guide for Home user Internet Security
A Brief Guide to a Painless Internet Experience
A good guide with recommendations for home user security software. Also chimes in with the setup I tend to use when setting up PC's for people...
January 12, 2006
Analysis of a host file hijack
Sunbelt BLOG: Anatomy of a malicious host file hijack
A good analysis of a current host file hijacking trojan.. A couple of points I thought were really significant was the quality of the fake website and the range of hosts attacked.
It really shows significant efforts are being put into this if someone's producing that number of fake sites, and I'd imagine if the server they're currently on is taken down the setup of another will be relatively easy, making it easy to redploy this attack.
Realistically if a usual end-user got this, there's almost no way they could detect the forgery (although it doesn't mention whether the SSL cert. is faked well)
Also worringly there's a list of A-V programs, at the bottom of the post, several of which don't currently detect this trojan...
Vulnerability management article
Five mistakes of vulnerability management - Computerworld
Interesting article with some sensible points on Vulnerability management...
January 10, 2006
Choosing a Wiki
I was looking for a decent way to choose a wiki the other day and came across wiki matrix. Very handy as it lets you compare several wikis by a variety of criteria
January 9, 2006
Something to do, 'cause all the cool kids are.
well I've picked up a new thing to learn about...
Ruby and Ruby on Rails (RoR).. so here's some info. that I've found so far
Start here - cool article on Rails http://www.onlamp.com/pub/a/onlamp/2005/01/20/rails.html
Rails Site - http://www.rubyonrails.org/
Ruby links
http://www.ruby-lang.org/en/
http://www.rubygarden.org/ruby - Ruby Garden Wiki
Ruby Eclipse Plug-in
http://www-128.ibm.com/developerworks/opensource/library/os-rubyeclipse/?ca=dgr-lnxw07Ruby4Eclipse
http://rubyeclipse.sourceforge.net/
a handy Ruby on Rails Cheetsheat