There’s a Browser Security Test over here that allows you to check you’re browser configuration to see if it’s vulnerable. could be handy if you’re unsure of whether patches have taken correctly, or if you’re looking to demo how insecure unpatched versions of major browsers can be
Security tools target inside jobs This article is talking about some new products which are focusing on business/application level analysis of a companies traffic. I’m a little cynical about this kind of thing, as I would expect that the same kind of “data flood” problem which affects network level IDS systems to affect this kind […]
In an article Help Net Security – The Future of Phishing, presents an interesting idea for combating the current (and potential future) phishing attacks by communicating transactions out-of-band (for example by SMS message) and then getting the user to authorize that transaction by putting in a one-time password sent to them via the SMS message.
There’s an interesting program over at sourceforge, ICMP-Chatwhich gives allows you to communicate with someone purely over ICMP (you can choose which type of ICMP message is used). This provides a good illustration of the dangers in security of assuming that a system or protocol will only be used for its intended, or well known, […]
well I think ive finally found the right handheld computer for me… A sharp Zaurus c860. Its linux based, has lots of good security software available, can take SD and CF cards, has an excellent 640×480 display and isnt too bulky or heavy. also the keyboard is fairly good… as Im writing this entry using […]
Martin McKeay’s Network Security Blog: Scary uses for Google Found a link to an interesting story at seccurityfocus about using google for looking for things like passwords that the owners of the pages probably don’t realise are public. Also got another blog for my blogroll :o)
Eweek are carrying a story covering some forrester research comparing vulnerability levels and response times across a range of vendors. The thing that always strikes me about this kind of research is whether they are comparing like with like. For example if they are comparing ALL vulnerabilities on Microsoft software with ALL vulnerabilities in software […]
NewsForge | Open Source Vulnerability Database Goes Live There’s a story over at newsforge covering a new Open Source Vulnerability database. It’s not too clear to me at the moment how this differs from things like CERT?