May 16, 2008
You may have all seen this already, but I just came across it. It’s been around for a while, but I thought it was interesting. How to Become a Hacker by Eric Steven Raymond.
May 16, 2008
Howdy, here are some things to take a look at for today.
Dave Aitel writes about automatic exploit generation from patches. According to Dave, it isn’t as easy as it sounds. I agree with him. Go give it a read.
Kees, as usual, has a thought provoking post up which points out that Perception IS Reality (emphasis added). Go read it.
Later folks. Have a great day.
May 16, 2008
We all know and love Nessus. Well today, Tenable made it even better. Nessus now fully supports su and sudo for audit and patch compliance checks. This is very cool.
Next, in response to the ssh key bruhaha this week, there are now a couple of plugins that will check for weak keys in SSH and SSL protected webservers.
Caveat: It appears that you need to be Direct Feed/Professional subscriber to use these features.
May 15, 2008
Man, I just keep falling farther and farther behind on these posts. Anyway, here we go:
Jeremiah has a nifty post up about crossdomain.xml.
Jeff Jones has a short paper available that compares Windows Vista vulnerabilities compared to Windows XP SP2 vulnerabilities in 2007.
Patrick Romero discusses Electronic Medical Records over on Security Catalyst.
Nitesh has an interesting article posted about some issues in Safari and Apple’s response.
Innismir has posted a helpful guide on how to created new ssh system keys for those of us who are susceptible to the openssl issue on Debian based linux distros.
That’s it for today. Have a good one.
May 14, 2008
Hi folks. Good afternoon. Here are a few things to look at today.
There is a post on the nCircle blog about some interesting issues regarding some IPv6 issues we need to be aware of.
Sam Ryder has an interesting post up on alert blogic about SaaS and its impact on the channel.
The May issue of “IT Compliance in Realtime” is available from Rebecca. Go here for a teaser 🙂
Frank Cassano has a post up at bloginfosec about building out a framework to structure your information security program around. I have only skimmed it so far, but looks interesting.
As other have noted, there does not appear to be a fee (that’s a link to a pdf) any longer for real-time vulnerability updates for Nessus any longer for home and non-commercial users.
Have great rest of your day!
May 13, 2008
Hi folks. Here are some things to take a look at.
Dave Whiteleggg has written a tutorial for Appscan.
Jeremiah points out three good reads on web application security.
Jeff Jones points us to a missive penned by Dr. Crispin Cowan about User Access Control and whether it is a convenience feature or a security feature. I won’t spoil to suprise. Go give it a gander.
Techdulla has post up about a new hire and there are some tidbits in there that are very good.
Jack has a list of some good Information Security based podcasts that you should check out.
There ya go. Have a great one.