Security Bloggers Network
ICANN blog
TeamSHATTER
Cryptography News
Ms. Smith
SANS Internet Storm Center, InfoCON: green
June 2013
Search
2013.04.17
2013.04.12
Metasploit Pro + OWASP Top Ten 2013 Test Capabilities
News, via Rapid7's Christian Kirsch, of the Metasploit 4.6 release. This time, with the inclusion of OWASP Top Ten 2013 testing capability support - once the Top Ten 2013 (currently in release candidate stage, as of this posting) are unleashed, that is.
2013.03.29
2013.03.20
Command Leadership Failure At DOD: Pirated Software, Defense Contractors
via San Francisco Chronicle and The Verge, by way of the Associated Press, comes the sorry tale of failed information security software development governance, leadership failures and jurisprudence [both military and civilian], otherwise known as "How To Build Patriot Missiles With Purloined Bits"...
2012.11.27
Malus Emergentium
A newly discovered and pernicious SQL Server targeting malware package has emerged, in this case targeting Microsoft Corporation (NasdaqGS: MSFT) SQL Server databases utilizing an OLEDB vector, specifically in the Middle East. Monikered W32.Narilam, this worm appears to function like most other infect code, copying and traversing drives and network file shares.
2012.11.19
2012.11.16
Flash-in-the-Box
Notwithstanding the goal of attack mitigation [admirable], this action fails to alleviate the Cruft-That-Is-Flash performance syndrome. which also affects availability, a key component of the oft-mentioned security triad [Confidentiality, Integrity, Availability].
2012.11.09
Sophos Fail
Oops...
Another flawed anti-virus vendor product is discovered, this time, by a security researcher at Google Inc. (NasdaqGS: GOOG). Surprised?
2012.10.31
2012.10.29
DKIM Rabbit Hole
via the inimitable Kim Zetter at Wired, comes this tale of information security intrigue, the failure of DKIM, employment recruiting and Google Inc (NasdaqGS: GOOG). Todays' Must Read.
2012.10.24
Where The Sun Shineth Not...
Solar collector systems management and control products are apparently vulnerable to attack. Certainly, in-line with other reported SCADA vulns, this news is not altogether surprising. Dark skies ahead, indeed...
2012.09.26
2012.08.20
2012.07.02
The LinkedIn - Dickensonian Reciprocity
Well crafted tale, worthy of Charles John Huffam Dickens, detailing the fascinating connection between the LinkedIn password fiasco and Charles Dickens. Highly Pickwickian.
2012.05.08
The Pulse of SSL
via Ivan Ristić, author of ModSecurity, and Apache Security, and one of the great minds in information security today, comes news of The Trustworty Internet Movement SSL Pulse. SSL Pulse, is essentially, a information dashboard provisioning significant data relevant to the current state of the SSL ecosystem, if you will. Absolutely Outstanding.
2012.05.01
TLS/SSL SNAFUs Lead To Flawed Site Security, Go Figure...
Evidently, site and web administrator's need a refresher course in socket and transport layer security configurations... Not particularly surprising, that.
2012.04.27
Cybercrime Statistics: Estimation is Futile
via ArsTechnica's Curt Hopkins, comes reportage of significance: Microsoft Corporations' (NasdaqGS: MSFT) Research group has released a fascinating report "Sex, Lies and Cyber-crime Surveys", detailing interesting statistical analytics, and the resultant scenarios thereof. I'll let you decide for yourself regarding the efficacy of both the report, and the fine art of cybercrime loss statistical analysis.
2012.04.26
Archive Team Targets Digital Dark Ages
Well crafted screed, via Long Now Foundation's Charlotte van den Hout, focusing on The Archive Team. Led by Jason Scott, the group targets the so-called Digital Dark Age. Deemed todays' MustRead.
"...Archive Team is a loose collective of rogue archivists, programmers, writers and loudmouths dedicated to saving our digital heritage. Since 2009 this variant force of nature has caught wind of shutdowns, shutoffs, mergers, and plain old deletions - and done our best to save the history before it's lost forever. Along the way, we've gotten attention, resistance, press and discussion, but most importantly, we've gotten the message out: IT DOESN'T HAVE TO BE THIS WAY. This website is intended to be an offloading point and information depot for a number of archiving projects, all related to saving websites or data that is in danger of being lost. Besides serving as a hub for team-based pulling down and mirroring of data, this site will provide advice on managing your own data and rescuing it from the brink of destruction. Feel free to join us on the IRC channel! We're on the EFnet network in a channel called #archiveteam, where we say truly awful things..." via The Archive Team
