Jul 7th, 2006

Comments: 0
Category: Misc.
Read More

List of data breaches

A Chronology of Data Breaches Since the ChoicePoint Incident this list of all the data breaches since 2005 that the privacy rights clearing house have assembled looks quite handy.

Jun 26th, 2006

Comments: 0
Category: General Security
Read More

More data Loss

Australian IT – Bungle exposes bank files (Natalie O’Brien and Michael McKinnon, JUNE 26, 2006) Another story in a long line of articles about sensitive data being lost by organisations who should know better. This time it’s the turn of the Australian High-Tec crime unit. One thing I’ve noticed about these stories is that the […]

Jun 21st, 2006

Comments: 0
Category: Penetration Testing
Read More

New NMAP tool list

Top 100 Network Security Tools Updated list of Pen testing tools from insecure.org. Interesting to see that web app. tools are starting to make an appearance into the list (albeit mostly in the lower orders)

Jun 21st, 2006

Comments: 0
Category: Web Security
Read More

Sometimes doing the right thing is wrong

iKu Systemhaus AG – Sicherheit Advisory about a new(?) character encoding issue. The problem for Internet Explorer appears to be that they handle the encoding correctly but that A-V /Filtering systems may not, essentially obfuscating attacks on the browser….

Jun 19th, 2006

Comments: 0
Category: Penetration Testing
Read More

Article on AJAX security and Pen Testing

Ajax security basics Interesting article on Security Focus looking at the security implications of AJAX technologies and also the implications for Penetration testing AJAX enabled applications. In terms of the security risks of AJAX it will be interesting to see how well frameworks like Atlas and RoR take care of this for the developer. One […]

Jun 15th, 2006

Comments: 0
Category: Penetration Testing
Read More

and yet more tool updates…

SQL Power Injector Product Information A new release of SQL Power Injector. Not a tool I’ve played with much yet, but could be cool to try it out in conjunction with the hacme stuff from foundstone…

Jun 15th, 2006

Comments: 0
Category: Penetration Testing
Read More

New hacme sites available

Foundstone, a division of McAfee, Inc. Seems to be tool-tastic at the moment. Foundstone have updated their hacme books and hacme bank site and released hacme travel and shipping! Shipping is a Coldfusion app with a mysql database and travel is in C++ which should be interesting… (like the typo on the travel page which […]

Jun 14th, 2006

Comments: 0
Category: Penetration Testing
Read More

Presentation and information on iSeries Pen testing

“Hacking iSeries” references and links Just started to go through the blackhat europe 2006 media archives and found something useful to keep a note of (expect many more posts as I go). iSeries (more commonly known as AS/400) is not something which there’s a wide understanding of, both in IT security and pen testing (IME […]

Jun 13th, 2006

Comments: 0
Category: Misc.
Read More

Survey results on security.. spend more.. get less

Survey: gaping security holes – Network World Some interesting numbers relating to security trends. It’s not surprising really though it should be.. over half of companies admit they’re not doing a good job of working out what’s on the network (kinda’ hard to patch a box you don’t know you’ve got) And probably the worst, […]