Quiet Encoding: How Your Laser Printer Manufacturer Has Embedded An ID Code On Every Page You Print - Robin Good's Latest News
------------
Blue LED Flashlight + loupe = Gotcha!
Monday, November 29, 2004
Wednesday, November 10, 2004
the Bleeding Edge of Snort - Breaking Snort Signatures
the Bleeding Edge of Snort - Breaking Snort Signatures: "The Aggregation Point for Snort Signatures and Research"
If you use Snort, then you should be familiar with this site...I was going through my bookmarks and re-discovered this one today. Good stuff!
If you use Snort, then you should be familiar with this site...I was going through my bookmarks and re-discovered this one today. Good stuff!
Tuesday, November 09, 2004
Sender Policy Framework
Sender Policy Framework
SPF: Sender Policy Framework
The Anti-Forgery solution
That's making the world a
Safer place for email.
---------------------
SPF: Sender Policy Framework
The Anti-Forgery solution
That's making the world a
Safer place for email.
---------------------
Friday, October 22, 2004
remote-exploit.org
remote-exploit.org: "News: Auditor 081004-01 released
remote-exploit.org
Again it is time to make a major release of the Auditor Security Collection. It has hughe changes on it. Check out the project web site and the changes file. The Auditor Security Collection is the most advanced and up-to-date penetration testing linux live distro available. Its perfect for security analyses, wireless security analysis and ...... check it out."
...Old news, but a great set of tools for auditing networks. Check it out even if only to find out what kinds of snooping can take place.
Cheers,
-Bryan
remote-exploit.org
Again it is time to make a major release of the Auditor Security Collection. It has hughe changes on it. Check out the project web site and the changes file. The Auditor Security Collection is the most advanced and up-to-date penetration testing linux live distro available. Its perfect for security analyses, wireless security analysis and ...... check it out."
...Old news, but a great set of tools for auditing networks. Check it out even if only to find out what kinds of snooping can take place.
Cheers,
-Bryan
Friday, October 15, 2004
Schneier on Security
Schneier on Security
Bruce Schneier on Security
A weblog covering security and security technology.
Schneier: Security outsourcing widespread by 2010
Bruce Schneier is founder and chief technology officer of Mountain View, Calif.-based MSSP Counterpane Internet Security Inc. and author of Applied Cryptography, Secrets and Lies, and Beyond Fear. He also publishes Crypto-Gram, a free monthly newsletter, and writes op-ed pieces for various publications. Schneier spoke to SearchSecurity.com about the latest threats, Microsoft's ongoing security struggles and other topics in a two-part interview that took place by e-mail and phone last week. In this installment, he talks about the safety of open source vs. closed source, the future of security management and spread of blogs.
.........If you have not read any of Bruce's books or articles...then your geekdom is in question. Here is your chance to gain some knowledge from an expert whom I consider to be a very practical and realistic security expert. -Bryan
Bruce Schneier on Security
A weblog covering security and security technology.
Schneier: Security outsourcing widespread by 2010
Bruce Schneier is founder and chief technology officer of Mountain View, Calif.-based MSSP Counterpane Internet Security Inc. and author of Applied Cryptography, Secrets and Lies, and Beyond Fear. He also publishes Crypto-Gram, a free monthly newsletter, and writes op-ed pieces for various publications. Schneier spoke to SearchSecurity.com about the latest threats, Microsoft's ongoing security struggles and other topics in a two-part interview that took place by e-mail and phone last week. In this installment, he talks about the safety of open source vs. closed source, the future of security management and spread of blogs.
.........If you have not read any of Bruce's books or articles...then your geekdom is in question. Here is your chance to gain some knowledge from an expert whom I consider to be a very practical and realistic security expert. -Bryan
Tuesday, August 31, 2004
TaoSecurity Richard Bejtlich's Blog Post on Fascinating .gov and .mil Docs
TaoSecurity Fascinating .gov and .mil Docs
Perhaps 'fascinating' is too strong a word, but I've come across several intriguing government reports and documents which security professionals might find interesting. First, the CERT/CC and the Secret Service released a joint report titled Insider Threat Study. It's based on '23 incidents carried out by 26 insiders in the banking and finance sector between 1996 and 2002. Organizations affected by insider activity in this sector include credit unions, banks, investment firms, credit bureaus, and other companies whose activities fall within this sector. Of the 23 incidents, 15 involved fraud, four involved theft of intellectual property, and four involved sabotage to the information system/network.' One of the incidents, mentioned in the beginning of the report, was the case prosecuted by the DoJ on behalf of UBS."
-------------
A great find by Richard Bejtlich. Documents for security pro's and CXO's who want to know more about real exploit incidents, prosecution, threats, and security posturing.
Perhaps 'fascinating' is too strong a word, but I've come across several intriguing government reports and documents which security professionals might find interesting. First, the CERT/CC and the Secret Service released a joint report titled Insider Threat Study. It's based on '23 incidents carried out by 26 insiders in the banking and finance sector between 1996 and 2002. Organizations affected by insider activity in this sector include credit unions, banks, investment firms, credit bureaus, and other companies whose activities fall within this sector. Of the 23 incidents, 15 involved fraud, four involved theft of intellectual property, and four involved sabotage to the information system/network.' One of the incidents, mentioned in the beginning of the report, was the case prosecuted by the DoJ on behalf of UBS."
-------------
A great find by Richard Bejtlich. Documents for security pro's and CXO's who want to know more about real exploit incidents, prosecution, threats, and security posturing.
United States Secret Service: National Threat Assessment Center (NTAC)
United States Secret Service: National Threat Assessment Center (NTAC): "National Threat Assessment Center - Insider Threat Study
In August 2004, the U.S. Secret Service and Carnegie Mellon University Software Engineering Institute's CERT� Coordination Center (CERT/CC) announced the findings of the first Insider Threat Study report, a collaborative effort to better understand insider activities affecting information systems and data in critical infrastructure sectors."
--------------------
Even if you are not in the banking and finance industry, this is a revealing article on the who's, how's and why's of insiders and cybercrime.
Stay secure! -Bryan
---------------------
In August 2004, the U.S. Secret Service and Carnegie Mellon University Software Engineering Institute's CERT� Coordination Center (CERT/CC) announced the findings of the first Insider Threat Study report, a collaborative effort to better understand insider activities affecting information systems and data in critical infrastructure sectors."
--------------------
Even if you are not in the banking and finance industry, this is a revealing article on the who's, how's and why's of insiders and cybercrime.
Stay secure! -Bryan
---------------------
WinAmp flayed by skins attack | The Register
WinAmp flayed by skins attack | The Register
Take a widely used media player, find a hole and exploit it...this exploit is going around in the wild, so if you have Winamp installed on your system, read this article and download the new, safe version of Winamp here: http://www.winamp.com/player.
Stay safe! -Bryan
Take a widely used media player, find a hole and exploit it...this exploit is going around in the wild, so if you have Winamp installed on your system, read this article and download the new, safe version of Winamp here: http://www.winamp.com/player.
Stay safe! -Bryan
Monday, August 16, 2004
Microsoft Windows XP SP2 Screenshots
Microsoft Windows XP SP2 Screenshots Updated Aug. 2004
---------
You have to see the new SP2 for Windows XP screenshots....and look in the right side of the screen for other SP2 resources.
...click the link above for that page
---------
You have to see the new SP2 for Windows XP screenshots....and look in the right side of the screen for other SP2 resources.
...click the link above for that page
Secunia - Multiple Browsers Frame Injection Vulnerability Test
Multiple Browsers Frame Injection Vulnerability Test to see if your browser is vulnerable to the Multiple Browsers Frame Injection Vulnerability.
----------------
Take a 6 year old vulnerability and add some malicious intent to grab your identity...and cash.
Test your Browser at this page from Secunia. Click the link above to go to the test page.
----------------
Take a 6 year old vulnerability and add some malicious intent to grab your identity...and cash.
Test your Browser at this page from Secunia. Click the link above to go to the test page.
Sasser kid blamed for viral plague - The Register
By John Leyden
Published Friday 30th July 2004 10:26 GMT
A staggering 70 per cent of viral activity in the first half of this year can be linked to just one German teenager, according to anti-virus firm Sophos.
Sven Jaschan, 18, the self-confessed author of the NetSky and Sasser worms is blamed by Sophos for the vast majority of viral reports it recorded during the first six months of 2004. Just two of Jaschan's viruses - the infamous Sasser worm and NetSky-P - account for almost 50 per cent of all virus activity seen by Sophos up until the end of June. Counting Jaschan's other released variants of the NetSky worm, the total figure comes to over 70 per cent.
...
-----------
One bad apple can spoil the whole bunch. What would happen if there was a more concerted effort put to attacking the masses of unpatched systems out there? We are lucky that this kid did not have more malicious motives.
...click link above for the full article
Published Friday 30th July 2004 10:26 GMT
A staggering 70 per cent of viral activity in the first half of this year can be linked to just one German teenager, according to anti-virus firm Sophos.
Sven Jaschan, 18, the self-confessed author of the NetSky and Sasser worms is blamed by Sophos for the vast majority of viral reports it recorded during the first six months of 2004. Just two of Jaschan's viruses - the infamous Sasser worm and NetSky-P - account for almost 50 per cent of all virus activity seen by Sophos up until the end of June. Counting Jaschan's other released variants of the NetSky worm, the total figure comes to over 70 per cent.
...
-----------
One bad apple can spoil the whole bunch. What would happen if there was a more concerted effort put to attacking the masses of unpatched systems out there? We are lucky that this kid did not have more malicious motives.
...click link above for the full article
McAfee, Inc.
McAfee, Inc.: "McAfee Inc. To Acquire Foundstone, Inc. For $86 Million In Cash Combined Companies To Offer Market's First Dynamic Risk Management and Mitigation Solutions SANTA CLARA, Calif., August 16, 2004 McAfee, Inc. (NYSE: MFE), the leading provider of intrusion prevention solutions, today announced a definitive agreement to acquire Foundstone, Inc., the leader in vulnerability management, for $86 million in cash, less various adjustments. Together the companies will offer organizations and government agencies the market's first comprehensive solution to help protect IT infrastructure and optimize business availability in a dynamic risk environment."
-------------
Big news in the security industry today....and some telling numbers regarding the expected growth of the computer security industry:
"According to industry research firm IDC, the vulnerability assessment and management (VA&M) and intrusion detection market is expected to experience increasing growth over the next few years, reaching $1.6 billion by 2008. The most significant growth is expected during the next three years."
-----------
Click the link above for more info.
-------------
Big news in the security industry today....and some telling numbers regarding the expected growth of the computer security industry:
"According to industry research firm IDC, the vulnerability assessment and management (VA&M) and intrusion detection market is expected to experience increasing growth over the next few years, reaching $1.6 billion by 2008. The most significant growth is expected during the next three years."
-----------
Click the link above for more info.
Bay Area Free Wi-Fi Wireless Hotspots
Bay Area Free Wi-Fi Wireless Hotspots
Never pay for wi-fi access again!
The San Francisco Bay Area is full of free wi-fi locations so why pay for them? Skip Starbucks and other paid access locations and support local businesses and your community for free. Stop into your local free hotspot, buy a mocha, and let them know how much you appreciate the free wi-fi!
------------------
Not security news....although without a personal firewall and vpn encryption, you may be calling me to de-0wn your system from some hacker-punk...now that would be security news! Remember that all WiFi users who share the same WEP Key can snoop each others data very easily! VPN, antivirus and personal firewall use is a must when using wireless hot-spots, so that you leverage the security systems in place at your corporate network.
...click link above for more detail
Never pay for wi-fi access again!
The San Francisco Bay Area is full of free wi-fi locations so why pay for them? Skip Starbucks and other paid access locations and support local businesses and your community for free. Stop into your local free hotspot, buy a mocha, and let them know how much you appreciate the free wi-fi!
------------------
Not security news....although without a personal firewall and vpn encryption, you may be calling me to de-0wn your system from some hacker-punk...now that would be security news! Remember that all WiFi users who share the same WEP Key can snoop each others data very easily! VPN, antivirus and personal firewall use is a must when using wireless hot-spots, so that you leverage the security systems in place at your corporate network.
...click link above for more detail
IrishEyes: AirPort JustePort Crack
IrishEyes: AirPort JustePort Crack
August 12, 2004
AirPort JustePort Crack
GVSV -- Jon Johansen, author of DeCSS, has discovered the public key that the AirPort Express uses to allow software to play audio through it and posted it to So Sue Me. The public key for AirPort Express is out in the open (see below but no need to check Jon's blog because it's withering under the load). Until Apple "patch[es]" it, anyone could encrypt data using it and get Apple's device to play the music.
He's also released the source code to a JustePort, a small Windows command-line tool. His crack clears the DRM bridles around iTunes because other applications could now broadcast music to your home stereo wirelessly by using Express, rather than just iTunes 4.6. Andrew Orlowski says, "For users on Linux machines, or with WMA or OGG format files, this could be a boon, as iTunes supports neither format out of the box."
....see link above for more
August 12, 2004
AirPort JustePort Crack
GVSV -- Jon Johansen, author of DeCSS, has discovered the public key that the AirPort Express uses to allow software to play audio through it and posted it to So Sue Me. The public key for AirPort Express is out in the open (see below but no need to check Jon's blog because it's withering under the load). Until Apple "patch[es]" it, anyone could encrypt data using it and get Apple's device to play the music.
He's also released the source code to a JustePort, a small Windows command-line tool. His crack clears the DRM bridles around iTunes because other applications could now broadcast music to your home stereo wirelessly by using Express, rather than just iTunes 4.6. Andrew Orlowski says, "For users on Linux machines, or with WMA or OGG format files, this could be a boon, as iTunes supports neither format out of the box."
....see link above for more
netTracers Security News and Views Blog is now online!
Welcome to the netTracers Security blog site! This forum will provide a simple way for me to keep you up to date on the latest security issues that affect your data security. Come by often, as this will be updated constantly.
Cheers,
- Bryan K. Watson
- Proprietor of netTracers Security Consulting
- http://www.nettracers.com
Cheers,
- Bryan K. Watson
- Proprietor of netTracers Security Consulting
- http://www.nettracers.com
Subscribe to:
Posts (Atom)