Blog (Default)
Page 48 of 48« First...1020304445464748

Mar 23rd, 2004

Comments: 0
Category: Penetration Testing
Read More

Root Cause Analysis in penetration testing

One thing I’ve noticed when the subject of penetration testing is raised is that commonly the goal is seen as being finding a vulnerability in a system and expoliting it. This is seen as a successful penetration test. But, the question I think really is, why was that vulnerability there in the first place? Say […]

Mar 22nd, 2004

Comments: 0
Category: General Security
Read More

Good presentation on Password Strength

I came across an interesting article on nist.gov which goes into some details on the strength of various passwords in bits of entropy per character, amongst other things. One point that interested me was that in most of the projections the marginal gain in entropy decreased as the password length increased, so going from say […]

Mar 22nd, 2004

Comments: 0
Category: General Security
Read More

Analogies in the Security World

one thing that occurred to me recently when reading a security mailing list is the extent to which analogies to the physical world tend to be drawn as soon as the subject of computer crime starts being discussed. For example whenever a discussion of the legality of port scanning starts you can generally expect to […]

Mar 21st, 2004

Comments: 0
Category: Web Security
Read More

SSL phishing Article

I read an interesting article on phishing last week over at netcraft which seems to show that it is possible for a phisher to create a SSL session and display the familiar padlock item, without having a valid certificate….. However I’ve since seen some disagreement about whether the “plain text” SSL method would work in […]

Mar 18th, 2004

Comments: 0
Category: Security Books
Read More

Software security Books

Looks like there are a couple of very interesting new books out if you’re interested in software security… The Shellcoder’s Handbook: Discovering and Exploiting Security Holes and Exploiting Software: How to Break Code I wonder if this is the start of a trend along the lines of all the network security related books of the […]

Mar 17th, 2004

Comments: 0
Category: Misc.
Read More

Welcome

Well, after being subscribed to bloglines, and reading a large number of excellent blog on the subjects of security and IT , I decided to give it a shot. Also I’m hoping this will give me a way of keeping track of all the interesting documents and URL’s I come across in my wanderings…..