Blog (Default)

Jun 26th, 2004

Comments: 0
Category: General Security
Read More

Interesting Post on MS & Least privilege

Dana Epp’s ramblings at the Sanctuary : Microsoft, You’re not setting a very good example. I am disappointed. An interesting post on Dana Epp’s blog talking about running as least privilege (or in this example not) in Windows (also you can read the odd comments from someone I can only assume was trolling ?!) It’s […]

Jun 24th, 2004

Comments: 0
Category: Phishing
Read More

Another anti-phishing initiative

There’s an article about a MasterCard program which combats phishing. I’ve got to say that I’m not that impressed by this kind of approach to combating phishing. If what’s in the article is accurate it basically amounts to looking through content from the entire Internet for potential phishing scams and then shutting them down when […]

Jun 24th, 2004

Comments: 0
Category: E-Mail Security
Read More

Outsourcing mail security, hmmm…

In an article over at Yahoo we’re told Mail Security Service Model Marches On. Its interesting as there definately is an interesting proposition on outsourcing things like management of e-mail security. However I must say, I’d not be too comfortable outsourcing something as critical as e-mail without some very good assurances and SLA’s surrounding it. […]

Jun 22nd, 2004

Comments: 3
Category: General Security
Read More

Security managers in court?!

Now I’ll start this post with the obligatory IANAL, but there’s a story over at Security pipeline, which seems to be saying that Security Managers Could Face Court Penalties for poor security or for making lists of top measures that companies should follow and then not implementing them all… I’ve got to say that the […]

Jun 22nd, 2004

Comments: 0
Category: Misc.
Read More

Slashdot story on Cool DNS tricks…

Slashdot | Dan Kaminsky Suggests Having Fun with DNS There’s a story over at slashdot covers a presentation from Dan Kaminsky (of paketto Keiretsu fame) covering some… very interesting ideas about using DNS as a communications channel for arbitrary data (in a similar fashion to things like httptunnel ). Cool stuff this ’cause it drives […]

Jun 21st, 2004

Comments: 0
Category: Penetration Testing
Read More

Scanrand info

A interesting article at LURHQ presents – Scanrand Dissected. It’s a great explanation of how scanrand works and also a speed comparison between it and nmap, although the author does point out that nmap has far more functionality than scanrand…. Looks like a great tool for quickly scanning networks for rogue servers….

Jun 21st, 2004

Comments: 0
Category: Security Policy
Read More

Interesting Article about Security Policies

An interesting article at nwfusion give us The scoop on security policies. There are some good points in the article about keeping the policy short and to the point, although I’ve tended to find that in larger companies it is a real challenge to convey all the information that you need to, to your userbase […]

Jun 19th, 2004

Comments: 0
Category: Wireless Security
Read More

Wardriving site

There’s a good list of wardriving tools over at The Official WorldWide WarDrive site… Also there are some interesting stats about the number of Wi-fi networks around.