Blog (Default)

Apr 7th, 2004

Comments: 0
Category: Web Security
Read More

Online Browser Security Test

There’s a Browser Security Test over here that allows you to check you’re browser configuration to see if it’s vulnerable. could be handy if you’re unsure of whether patches have taken correctly, or if you’re looking to demo how insecure unpatched versions of major browsers can be

Apr 6th, 2004

Comments: 0
Category: General Security
Read More

New Internal Network Monitoring Tools

Security tools target inside jobs This article is talking about some new products which are focusing on business/application level analysis of a companies traffic. I’m a little cynical about this kind of thing, as I would expect that the same kind of “data flood” problem which affects network level IDS systems to affect this kind […]

Apr 6th, 2004

Comments: 0
Category: Web Security
Read More

Out-of-Band communications to combat phishing

In an article Help Net Security – The Future of Phishing, presents an interesting idea for combating the current (and potential future) phishing attacks by communicating transactions out-of-band (for example by SMS message) and then getting the user to authorize that transaction by putting in a one-time password sent to them via the SMS message.

Apr 4th, 2004

Comments: 0
Category: General Security
Read More

ICMP chat

There’s an interesting program over at sourceforge, ICMP-Chatwhich gives allows you to communicate with someone purely over ICMP (you can choose which type of ICMP message is used). This provides a good illustration of the dangers in security of assuming that a system or protocol will only be used for its intended, or well known, […]

Apr 3rd, 2004

Comments: 0
Category: Hardware
Read More

linux palmtop goodness

well I think ive finally found the right handheld computer for me… A sharp Zaurus c860. Its linux based, has lots of good security software available, can take SD and CF cards, has an excellent 640×480 display and isnt too bulky or heavy. also the keyboard is fairly good… as Im writing this entry using […]

Apr 2nd, 2004

Comments: 0
Category: General Security
Read More

Hard Drive Information Leakage

ATAC: Abusable Technologies Awareness Center: Used Hard Disks Packed with Confidential Information Interesting information about the types and quantity of sensitive information that is available on old hard disks….

Mar 31st, 2004

Comments: 0
Category: Penetration Testing
Read More

link to article about google hacking

Martin McKeay’s Network Security Blog: Scary uses for Google Found a link to an interesting story at seccurityfocus about using google for looking for things like passwords that the owners of the pages probably don’t realise are public. Also got another blog for my blogroll :o)

Mar 31st, 2004

Comments: 0
Category: Vulnerability Management
Read More

Vulnerability Management Stats, Apples and Oranges?

Eweek are carrying a story covering some forrester research comparing vulnerability levels and response times across a range of vendors. The thing that always strikes me about this kind of research is whether they are comparing like with like. For example if they are comparing ALL vulnerabilities on Microsoft software with ALL vulnerabilities in software […]