One thing I’ve noticed when the subject of penetration testing is raised is that commonly the goal is seen as being finding a vulnerability in a system and expoliting it. This is seen as a successful penetration test. But, the question I think really is, why was that vulnerability there in the first place? Say […]
I came across an interesting article on nist.gov which goes into some details on the strength of various passwords in bits of entropy per character, amongst other things. One point that interested me was that in most of the projections the marginal gain in entropy decreased as the password length increased, so going from say […]
one thing that occurred to me recently when reading a security mailing list is the extent to which analogies to the physical world tend to be drawn as soon as the subject of computer crime starts being discussed. For example whenever a discussion of the legality of port scanning starts you can generally expect to […]
I read an interesting article on phishing last week over at netcraft which seems to show that it is possible for a phisher to create a SSL session and display the familiar padlock item, without having a valid certificate….. However I’ve since seen some disagreement about whether the “plain text” SSL method would work in […]
Looks like there are a couple of very interesting new books out if you’re interested in software security… The Shellcoder’s Handbook: Discovering and Exploiting Security Holes and Exploiting Software: How to Break Code I wonder if this is the start of a trend along the lines of all the network security related books of the […]
Well, after being subscribed to bloglines, and reading a large number of excellent blog on the subjects of security and IT , I decided to give it a shot. Also I’m hoping this will give me a way of keeping track of all the interesting documents and URL’s I come across in my wanderings…..