|
|
Hackers Bypassing Registration With PyCurl
Interesting hacking attack going on at a social networking site that I am working on today. Seems that the hacker is using PyCurl to bypass the registration page and dump user's right into the system..
Date: 2007-12-12
Smartphone Security Concerns Slowly Arriving
A rise in threats to smartphones, as their capabilities have approached those of a typical laptop computer, looks like a credible problem in the future of mobile platforms.
Date: 2007-11-21
IT Managers Stressed By Employees
IT managers are more worried about end users creating a problem for their IT Systems than about attacks from hackers, according to the, "2007 State of Security Report", sponsored by Websense.
Date: 2007-10-31
Rackspace: Supporting more than just your configuration
Starting with Fanatical Support™, Rackspace is about one thing and one thing only—supporting you. It goes way beyond just your box or configuration. What's outside the box? Our people, Zero-Downtime Network™, data centers and technical expertise backed by our guarantees which all exist to make your IT life easier. It's what makes us the hosting experts and everyone else just hosting providers.
Date: 2007-09-28
Google's Checklist Of Helpful Webmaster Security Tips
The official Webmaster blog has a helpful post has a list of Quick security checklist for webmasters. "Check your server configuration. Apache has some security configuration tips on their site and Microsoft has some tech center resources for IIS on theirs.
Date: 2007-09-27
Ajax Security Features In ColdFusion 8
There are some interesting new features in ColdFusion 8 related to security that I thought I'd share. I just discovered them myself (I'm writing one of the Ajax chapters for CFWACK) and I thought I'd share.
Date: 2007-08-15
Maiffret Talks REM, Apple, And Black Hat
eEye CTO Marc Maiffret chatted with SecurityProNews ahead of his firm's release of their hardware appliance for managing security and asset vulnerability assessment ahead of the Black Hat conference.
Date: 2007-07-24
Securing SSH Sessions The Easy Way
Recently I've had a good deal of people ask me about SSH connections, and how they can better secure them, and I've been shocked at the sheer number of people that still use keyboard-interactive password authentication to log into SSH daemons.
Date: 2007-07-11
The Horror Of Spyware
Coding Horror's Jeff Atwood ventured onto the Internet in search of no-cd game patches for a fresh re-installation of Windows XP SP2, and got nailed by a drive-by malware installation.
Date: 2007-06-20
Firefox Automatic Update
Firefox automatic update might be something security folks need to watch out for when they automatically update. Most companies do not want employees to automatically update their software, they usually have some kind of patch management system that allows them to push patches to the clients across the enterprise in either staggered or depending on size, all at once.
Date: 2007-05-30
Unifying Fragmented Security Systems
One of the promises of Web 2.0 widgets is that it can take data from various inputs and output them into various formats, and views. Some of the more interesting technology like prediction models, state models, and data aggregation promise to change how information security data is presented to security engineers.
Date: 2007-05-09
Retiring The Browser
The time when Internet Explorer, Safari, Netscape, and Firebox as your window to the internet is just about done for. What is going to replace it? Rich internet applications that use components of your desktop and your browser make a more complex security model.
Date: 2007-04-25
Web 2.0 Information Security Booming
Information Security is booming, it is a large business, with software and technology that can be bought off the shelf and slapped onto a network. Policies, procedures, documented steps for everyone from service desk through to management responses to incidents are fairly well established.
Date: 2007-04-10
Web 2.0: Broad Risk Categories
There are two main broad categories of risk with Web 2.0, social engineering and flaws in developer's code. For people who are working web 2.0, having a risk table and mitigation standards for these two broad categories will help define policy and guidance when something bad happens.
Date: 2007-03-28
Meet The Carding Crew
Forget about selling drugs, the real money is in information, and according to an Australian security professional, the United States served as a more profitable territory for illicit hacking than illicit drugs.
Date: 2007-03-13
How Britney Spears Relates To Insider Threats
No, I am not nuts, but if you want a perfect example of personality changes that could precipitate into an insider threat to a company, look no further than people magazine.
Date: 2007-02-26
Penetration Testing Vs. Vulnerability Analysis Tools
Over the past several years I have heard people asking the question "should I use vulnerability analysis tools to assess my web based applications or should I look to penetration testing?"
Date: 2007-02-14
Review: SpiDynamics Web Inspect
Every once in a while, you run into a tool that becomes an essential member of your tool kit, like snort for IDS, Nessus for scanning a network, the new version of Web Inspect by SpiDynamics has become just as essential.
Date: 2007-01-31
Corporate Email Wanders
Technewsworld is running a story on company personnel who forward company e-mail to their MSN, Google, Yahoo, or other hosted e-mail accounts.
Date: 2007-01-16
Insider Threats
Organizations in many ways contribute the actions of their employees. Either through not wanting to lose a star player who sometimes does things that they shouldn't to not monitoring who is accessing what, and are those accesses in the performance of their job duties.
Date: 2007-01-03
|
|
