Blog
Page 48 of 48« First...1020304445464748

Mar 24th

2004

By scotsts_admin
Category: Useful Links
Comments 0

Infosecpedia

I ran across an interesting looking wiki based information security encyclopedia today at securitygroup.org.

Mar 23rd

2004

By scotsts_admin
Category: Penetration Testing
Comments 0

Root Cause Analysis in penetration testing

One thing I’ve noticed when the subject of penetration testing is raised is that commonly the goal is seen as being finding a vulnerability in a system and expoliting it. This is seen as a successful penetration test. But, the question I think really is, why was that vulnerability there in the first place? Say […]

Mar 22nd

2004

By scotsts_admin
Category: General Security
Comments 0

Good presentation on Password Strength

I came across an interesting article on nist.gov which goes into some details on the strength of various passwords in bits of entropy per character, amongst other things. One point that interested me was that in most of the projections the marginal gain in entropy decreased as the password length increased, so going from say […]

Mar 22nd

2004

By scotsts_admin
Category: General Security
Comments 0

Analogies in the Security World

one thing that occurred to me recently when reading a security mailing list is the extent to which analogies to the physical world tend to be drawn as soon as the subject of computer crime starts being discussed. For example whenever a discussion of the legality of port scanning starts you can generally expect to […]

Mar 21st

2004

By scotsts_admin
Category: Web Security
Comments 0

SSL phishing Article

I read an interesting article on phishing last week over at netcraft which seems to show that it is possible for a phisher to create a SSL session and display the familiar padlock item, without having a valid certificate….. However I’ve since seen some disagreement about whether the “plain text” SSL method would work in […]

Mar 18th

2004

By scotsts_admin
Category: Security Books
Comments 0

Software security Books

Looks like there are a couple of very interesting new books out if you’re interested in software security… The Shellcoder’s Handbook: Discovering and Exploiting Security Holes and Exploiting Software: How to Break Code I wonder if this is the start of a trend along the lines of all the network security related books of the […]

Mar 17th

2004

By scotsts_admin
Category: Useful Links
Comments 0

Listing of Microsoft Hotfixes by Product

Saw an interesting link mentioned on a patch management mailing list which gives a listing of Microsoft Security Bullitins by product, here

Mar 17th

2004

By scotsts_admin
Category: Misc.
Comments 0

Welcome

Well, after being subscribed to bloglines, and reading a large number of excellent blog on the subjects of security and IT , I decided to give it a shot. Also I’m hoping this will give me a way of keeping track of all the interesting documents and URL’s I come across in my wanderings…..