• The "Do Not Track" header, (Tue, May 22nd)

    Updated: 2012-05-22 19:06:14
    A recent proposal, supported by many current web browsers, suggests the addition of a Do Not T ...(more)...

  • NetAuthority Develops Dynamic Key Security Client for Accessing Web Apps

    Updated: 2012-05-22 18:21:13
    NetAuthority is a startup company that has just emerged from stealth mode with beta product that authenticates users and their registered devices seeking to log into Websites, corporate Web services or software as a service applications. - Device security startup NetAuthority emerged from stealth mode on May 22 with a beta product it says protects access to Websites, Web-based applications and software as a service apps with a layer of security that basic username and password technology doesnt provide. The NetAuthority security a...

  • Chrome continues its march to security domination. We nod knowingly.

    Updated: 2012-05-22 18:18:36
    As security researchers, we’re always looking for ways to put the security conversation in the spotlight; be it an interesting fact, figure or editorial. By now you’ve probably read about how Google Chrome has achieved the number one browser position, worldwide (according to StatCounter). Coming in at about 32.76% of the global browser market share, [...]

  • Free Wi-Fi: Friend or Foe? Infographic

    Updated: 2012-05-22 10:45:18
    Did you know that during the course of this year, the number of Wi-Fi connected devices will exceed the world’s population? This incredible statistic highlights the ubiquitous nature of Wi-Fi. However, the convenience of having public Wi-Fi available practically everywhere comes at the cost of greater risk to users. This infographic delves into the anatomy of a Wi-Fi hack and simple precautions Wi-Fi users should take to ensure that they are surfing safely.

  • BDD-Security and Resty-Burp

    Updated: 2012-05-22 04:07:54
    BDD-Security is a framework written in Java and based on JBehave and Selenium 2 (WebDriver) that uses predefined security tests and an integrated security scanner to perform automated security assessments of web applications. Don’t scanning tools already to that? Partly. Scanning tools are good at finding certain types of vulnerabilities, such as injection vulnerabilities (Cross [...]

  • ISC StormCast for Tuesday, May 22nd 2012 http://isc.sans.edu/podcastdetail.html?id=2551, (Tue, May 22nd)

    Updated: 2012-05-22 03:11:52
    ...(more)...

  • nmap 6 released, (Tue, May 22nd)

    Updated: 2012-05-22 02:22:05
    nmap 6 was released earlier today, which is a major upgrade to the old version of nmap. One feature ...(more)...

  • Massive Data Breach in Utah State Servers Caused by Configuration Errors

    Updated: 2012-05-21 22:06:22
    Revelations about a recent breach of confidential data in Utah highlights how configuration errors involving authentication and related areas can end up being costly. - Last week, the director of Utah's Department of Technology Services (DTS) resigned in the wake of a massive data breach that exposed the personal information of nearly 800,000 people to hackers believed to have been in Eastern Europe. The breach did not happen due to sophisticated malware, howev...

  • We updated our SSL certificate. Also note that we are deprecating various old hostname (isc.sans.org/incidents.org) and redirect now to isc.sans.edu. please update your bookmarks., (Mon, May 21st)

    Updated: 2012-05-21 18:25:55
    ------ Johannes B. Ullrich, Ph ...(more)...

  • Sam Harris Owning Illogical Liberals

    Updated: 2012-05-21 18:00:52
    To see how the denial of the obvious has become a new article of faith for secular liberals, consider the response I received from Chris Stedman. In an article published in The Huffington Post, Stedman urged me to visit a mosque with him. This invitation was much celebrated online. Many people appear to believe that [...]

  • DNS ANY Request Cannon - Need More Packets, (Mon, May 21st)

    Updated: 2012-05-21 17:28:47
    We have a report from our reader Tuukka, who observed a flood of DNS ANY requests from likely spoofe ...(more)...

  • Fables Should be Taught as Fables

    Updated: 2012-05-21 17:27:13
    Fables should be taught as fables, myths as myths, and miracles as poetic fantasies. To teach superstitions as truths is a most terrible thing. The child mind accepts and believes them, and only through great pain and perhaps tragedy can he be in after years relieved of them. ~ Hypatia of Alexandria Related ContentMistranslated Myths [...]

  • Concepts vs. Convention

    Updated: 2012-05-21 16:21:59
    .

  • Student Fail

    Updated: 2012-05-21 12:01:34
    Posted via email from danielmiessler.com | posterous Related Content4S FlowerFlowers and StoneCrescent Tree Shadows from EclipseOverlooking SFCouldn’t Care Less

  • Cyberwar: You're Doing It Wrong!

    Updated: 2012-05-21 12:00:00
    Cyberwar remains a hot topic of conversation in both political and technology circles. But Tenable Chief Security Officer Marcus Ranum asserts that much of the discussion has been--and remains--misleading and inaccurate. In this presentation from the 2012 RSA Conference, Marcus outlines his thoughts on the multiple problems that comprise cyberwar to get past the hype and articulate what risks actually exist. Watch now on YouTube.

  • วิธีการทดสอบเจาะระบบเว็บไซด์ที่ใช้ CMS ชื่อดัง

    Updated: 2012-05-21 09:23:00

  • IOSEC - HTTP Anti Flood Security Gateway Module

    Updated: 2012-05-21 09:11:00
    <img src="http://feedads.g.doubleclick.net/~a/HI7yrHCcD15yKek5Nn5PJil2X7s/0/di" border="0" ismap="true"

  • Crescent Tree Shadows from Eclipse

    Updated: 2012-05-21 02:45:52
    Posted via email from danielmiessler.com | posterous Related Content4S FlowerStudent FailFlowers and StoneOverlooking SFCouldn’t Care Less

  • ISC StormCast for Monday, May 21st 2012 http://isc.sans.edu/podcastdetail.html?id=2548, (Mon, May 21st)

    Updated: 2012-05-21 02:28:18
    ...(more)...

  • PHP 5.4 Exploit PoC in the wild, (Sat, May 19th)

    Updated: 2012-05-19 21:27:18
    Clarifications/Updates to the original diary: - This is NOT remote exploitable. An exploit would ...(more)...

  • Facebook Class Action Lawsuit Seeks $15 Billion for Privacy Violations

    Updated: 2012-05-18 19:53:19
    A class action lawsuit filed against the social networking giant combines 21 lawsuits from across the country. Separately, a German official has also expressed concerns about Facebook's privacy approach as well. - A class action lawsuit filed against Facebook in California is seeking a whopping $15 billion in damages for privacy violations tied to the tracking of Web users. The suit, which was filed by law firm Stewarts Law US, combines 21 privacy lawsuits filed against the social network in more than a do...

  • Revelo: The Javascript Deobfuscator!

    Updated: 2012-05-18 17:28:00

  • Weekly News Roundup

    Updated: 2012-05-18 16:38:04
    Happy Friday all, and I hope everyone had a great week. Here are the top headlines from this past week in the security world. Enjoy! Cyber Security Index: “Cyber Security Index Highlights Political Threats, Business Partner Risk” by Paul Roberts (@paulfroberts). This article from Threatpost looks at this year’s Index of Cyber Security score of [...]

  • ZTE Score M Android Phone backdoor, (Fri, May 18th)

    Updated: 2012-05-18 15:51:44
    The ZTE Score M phone, apparently available via Metro PCS in the US, comes with a special suid backd ...(more)...

  • File Integrity Auditing with Nessus

    Updated: 2012-05-18 12:00:00
    : Careers News Events About Tenable Contact Support Enter search text Solutions Solutions Overview Compliance Configuration Auditing Continuous Monitoring Federal Government Log Management Mobile Device Security SCADA Security Compliance SIEM Vulnerability Management Vulnerability Scanning Products Products Overview Nessus Scanner SecurityCenter Log Correlation Engine Passive Vulnerability Scanner Services Services Overview Nessus Perimeter Service QuickStart Services Partners Partners Overview Become a Partner Strategic Partners Enterprise Channel Partners Subscription Channel Partners Professional Services Partners Training Certification Training Certification Overview Become Certified Courses Delivery Methods Training Schedule eLearning Portal Resources Resources Overview Podcasts RSS

  • Silicon Valley’s View of Money

    Updated: 2012-05-18 11:35:28
    But here in one of the richest corners of the country, the tech elite display an ambivalent, sometimes contradictory approach to wealth. Money, as one scholar of the Valley described it, is treated as a measuring stick, gauging the power of the companies that entrepreneurs have built, rather than a thing to display. “They use [...]

  • The Starcraft 2 Debate

    Updated: 2012-05-18 07:20:37
    I’ve been having a long-running debate with two other hardcore gamer friends of mine about a comment that was made a couple years ago about Starcraft 2. The game had just come out and the three of us were chatting about it when they asked me what I thought of the end of the game. [...]

  • Cyber-Threats Pose Challenges for NATO Summit in Chicago

    Updated: 2012-05-18 05:18:48
    Security experts expect WiFi freeloaders, man-in-the-middle attacks and targeted attacks against those working at the Chicago site of the upcoming NATO Summit. - Occupy Wall Street is expected to protest alongside the anti-globalization movement. Traffic will induce migraines. Some schools have rescheduled their proms. But an onslaught of cyber-attacks and WiFi freeloading will likely be the nastiest cherry on the NATO Summit pie, security experts say. ...

  • Microsoft Holds Security Development Conference

    Updated: 2012-05-18 04:58:32
    Microsoft held its first Security Development Conference in Washington, D.C., to share information about computer security with industry, government and academia, as well as to promote the Microsoft Security Development Lifecycle (SDL). - At Microsoft's Security Development Conference 2012 in Washington, D.C., a diverse set of companies, government agencies and academic institutions shared their own experiences with adopting a Security Development Lifecycle (SDL). The event, held May 15 and 16 at Washington's Fairmont hotel, in...

  • HULK, Web Server DoS Tool

    Updated: 2012-05-18 04:23:00
    <img src="http://feeds.feedburner.com/~r/r00tsecblog/~4/2O0BTHEp3go" height="1" width="1"/

  • ISC StormCast for Friday, May 18th 2012 http://isc.sans.edu/podcastdetail.html?id=2545, (Fri, May 18th)

    Updated: 2012-05-18 03:25:55
    ...(more)...

  • eEye’s May Patch Tuesday Assessment Now Available On Demand

    Updated: 2012-05-17 23:00:22
    Miss our live VEF webinar earlier this week? In case you did, I’ve put all of the content together for you below. Enjoy! Additionally, access this month’s Security Bulletin, a list of all the Audit IDs, and the PDF of the presentation. If you have additional questions you’d like to ask the research team about [...]

  • ISC Feature of the Week: Tools-Information Gathering, (Thu, May 17th)

    Updated: 2012-05-17 21:39:55
    Overview One of the sections on the ISC Tools page is Information Gathering at https://isc.sans ...(more)...

  • Facebook, Gmail, Hotmail, Yahoo Users Hit by Zeus Debit Card Scam

    Updated: 2012-05-17 20:56:31
    Researchers at Trusteer uncovered a version of the notorious Zeus Trojan being used to steal financial data in a series of scams targeting Facebook, Hotmail, Gmail and Yahoo. - A malware campaign targeting Facebook, Google Mail, Hotmail and Yahoo user debit card data has been linked to the infamous Zeus Trojan. Zeus is one of the most prevalent pieces of financial malware on the Web. During the past several years, Zeus variants have been linked to major criminal opera...

  • Interview with Dan Guido at SOURCE Boston 2012 – Part 3

    Updated: 2012-05-17 16:18:42
    In this, our third and final interview segment with Dan Guido, Co-Founder and CEO of Trail of Bits, Dan talks about how organizations should prepare to face security threats, and attack vectors that pose the greatest threat to enterprises today. Watch the interview.

  • Work Smarter with Retina Insight Threat Analyzers

    Updated: 2012-05-17 15:00:45
    It keeps happening over and over again. I speak to a prospect, and they do not want yet another vulnerability report with pages and pages of assets and vulnerabilities. Every tool vulnerability assessment scanner can produce this with various degrees of customization and consolidation but a 1,000 page report for a few dozen assets doesn’t [...]

  • Plugin Spotlight: Mac OS X FileVault Plaintext Password Logging

    Updated: 2012-05-17 13:45:00
    : : Careers News Events About Tenable Contact Support Enter search text Solutions Solutions Overview Compliance Configuration Auditing Continuous Monitoring Federal Government Log Management Mobile Device Security SCADA Security Compliance SIEM Vulnerability Management Vulnerability Scanning Products Products Overview Nessus Scanner SecurityCenter Log Correlation Engine Passive Vulnerability Scanner Services Services Overview Nessus Perimeter Service QuickStart Services Partners Partners Overview Become a Partner Strategic Partners Enterprise Channel Partners Subscription Channel Partners Professional Services Partners Training Certification Training Certification Overview Become Certified Courses Delivery Methods Training Schedule eLearning Portal Resources Resources Overview Podcasts RSS

  • Diablo III Launch Woes

    Updated: 2012-05-16 22:58:17
    I am stunned that Blizzard has had such a poor launch for Diablo III. I couldn’t even get onto the server for two hours on the first night, and I just got killed by Belial because the lag was so bad that I was unable to even move. We’re talking FPM (frames per minute) here. [...]

  • BeyondTrust and eEye Acquisition Announcement Now On Demand

    Updated: 2012-05-16 22:22:47
    By now you’ve heard the exciting news that eEye was acquired by BeyondTrust. We are both very excited about the acquisition and look forward to what the future has in store. Earlier this week executives from both companies hosted a live webcast where they discussed the benefits, our joint value proposition and how our products will [...]

  • New Nessus Feature Added: CSV Export

    Updated: 2012-05-16 20:25:00

  • Google Patches 20 Chrome 19 Security Vulnerabilities, Adds Tab-Syncing

    Updated: 2012-05-16 20:09:42
    Google plugs 20 security holes in its new Chrome 19 release and adds a new tab-synchronization feature into the mix. It also handed out $16,500 to security researchers who ferreted out the flaws. - Google closed 20 security vulnerabilities in the latest edition of its Chrome browser, coupling a bevy of security fixes with a new tab-synchronization feature. In Chrome 19, Google closed eight vulnerabilities ranked quot;high, quot; seven ranked quot;medium quot; and five classified as quot;lo...

  • Attackers Hit Human Rights, Foreign Policy Websites With Drive-By Exploits

    Updated: 2012-05-16 19:01:36
    The Shadowserver Foundation reported that attackers are leveraging Adobe Flash Player and Java vulnerabilities to target human rights groups and political think tanks with drive-by exploits to infect visitors. - Hackers are targeting Websites for human rights and foreign policy think tanks to spread malware and to conduct cyber-espionage. According to the Shadowserver Foundation, attackers have launched a series of “strategic Web compromises” that infect users via drive-by exploits. Attacks targeting human...

  • Retina Now Offers Custom Audits for Android Devices

    Updated: 2012-05-16 15:00:21
    When a marketing buzz word sticks like BYOD (Bring Your Own Device), it is inevitable to see it everywhere in an effort to capitalize on the momentum; blogs, literature, SEO, social media, etc. In the past, we have seen great terms like “ecosystem”, “framework”, and my personal favorite “distributed computing”, rise and fall in marketing. [...]

  • Time To Say Goodbye To Static IPs

    Updated: 2012-05-16 14:30:00
    Network Computing www.networkcomputing.com RSS Newsletters Current Issue Issue Archives Slideshows Whitepapers About Us Mike Fratto Bio Archive Mike Fratto Network Computing Editor Home News and Analysis Research Tech Centers Deduplication End to End APM IPv6 Next Gen Network Private Cloud Public Cloud WAN Security Channels Backup Recovery Cloud Computing Cloud Storage Data Center Data Protection Networking Mgmt Openflow Servers Storage Storage Mgmt UC VoIP Virtualization WAN App Acceleration Wireless Bloggers Lee H . Badman Greg Ferro Stephen Foskett Mike Fratto David Hill Jeremy Littlejohn Jeff Loughridge Howard Marks Joe Onisick Upcoming Events Interop May 6-10 Interop is the only event to give you a comprehensive and unbiased understanding of all the latest innovations—including cloud

  • First Look at Dynamic Access Control in Windows Server 2012

    Updated: 2012-05-16 07:00:21
    The author takes a look at Dynamic Access Control in Windows Server 2012.

  • Apple Protects OS X 10.5 Leopard From Flashback Malware

    Updated: 2012-05-16 04:15:13
    Apple issued an update that will detect and remove the Flashback exploit, which at one time had infected more than 600,000 Macs worldwide. - Apple has released a tool that will detect and remove the notorious Flashback malware from Macs running the older Mac OS X 10.5 Leopard operating system. Apple in April had issued a similar tool for the current Mac OS X 10.7 Lion and more recent 10.6 Snow Leopard operating systems, but until May 14...

  • Apple Security Updates Targets Mac OS X Leopard, Flashback Trojan

    Updated: 2012-05-16 00:13:21
    Apple released two updates on May 14 to remove older versions of Adobe Flash Player and thwart the infamous Flashback Trojan. - Apple released a pair of security updates May 14 for Mac OS X 10.5 to disable outdated versions of Adobe Systems' Flash Player and fight off Flashback infections. The Flashback Trojan was at the center of news reports last month when it was discovered attackers had used it to build a botnet of more...

  • Cloud Storage Security Isn't as Solid as Vendors Want You to Believe

    Updated: 2012-05-15 22:14:45
    NEWS ANALYSIS: Recent surveys show that businesses are feeling confident about cloud security. Anyone care for a grain of salt? - In cloud storage land, it's all roses, sunny skies and rock-solid security with fewer employees frittering away less time on securing data that is, if you trust vendor-funded studies. For example, Microsoft released on May 14 a study that shows that 35 percent of small and midsize businesses have e...

  • Interview with Dan Guido at SOURCE Boston 2012 – Part 2

    Updated: 2012-05-15 17:11:05
    In this second segment of the interview with Dan Guido, CEO and co-founder of Trail of Bits, Dan focuses on vulnerabilities in mobile devices, and shares the outcome of his research findings that he presented at SOURCE called “Mobile Exploit Intelligence Project”.

  • Private, Public and Hybrid Clouds Will All Need an IT Service Culture

    Updated: 2012-05-15 14:22:00
    , Network Computing www.networkcomputing.com RSS Newsletters Current Issue Issue Archives Slideshows Whitepapers About Us Home News and Analysis Research Tech Centers Deduplication End to End APM IPv6 Next Gen Network Private Cloud Public Cloud WAN Security Channels Backup Recovery Cloud Computing Cloud Storage Data Center Data Protection Networking Mgmt Openflow Servers Storage Storage Mgmt UC VoIP Virtualization WAN App Acceleration Wireless Bloggers Lee H . Badman Greg Ferro Stephen Foskett Mike Fratto David Hill Jeremy Littlejohn Jeff Loughridge Howard Marks Joe Onisick Upcoming Events Interop May 6-10 Interop is the only event to give you a comprehensive and unbiased understanding of all the latest innovations—including cloud computing , virtualization , security , mobility and data

  • LFI with SQL Injection

    Updated: 2012-05-15 04:49:00

  • SMB Confidence in Cloud Security Grows, Surveys Say

    Updated: 2012-05-15 03:43:41
    A Microsoft study shows 35 percent of small and midsize businesses have experienced higher levels of security in cloud environments, dispelling the notion that security qualms make businesses reluctant to go to the cloud. - A study released May 14 by Microsoft reveals that security worries among small and midsize businesses about embracing cloud computing are easing. A similar survey from Symantec shows SMBs are seeing improved disaster preparedness in virtual or cloud environments. The global Microsoft study, con...

  • Americans Rate Cyber-Security as Hot Issue in Presidential Election: Survey

    Updated: 2012-05-15 01:37:52
    Cyber-security is considered by many Americans to be a “very important” issue for this years election candidates. In particular, a focus on defending utilities and transportation systems from cyber-attacks is important, according to a survey by Unisys. - Cyber-security has worked its way onto Americans list of hot-button issues in the coming presidential election, according to research from the Unisys Corporation. According to the bi-annual Unisys Security Index, 74 percent of those surveyed listed protecting government systems from hackers as a ...

  • What is Data Integrity? Learn How to Ensure Database Data Integrity via Checks, Tests, & Best Practices

    Updated: 2012-05-14 14:26:53
    Data integrity is a fundamental component of information security. In its broadest use, “data integrity” refers to the accuracy and consistency of data stored in a database, data warehouse, data mart or other construct. The term – Data Integrity – can be used to describe a state, a process or a function – and is [...]

  • Nice backdoor, ZTE.

    Updated: 2012-05-14 09:28:00

  • Plugin Spotlight: RuggedOS Telnet Server Default 'factory' Account Backdoor

    Updated: 2012-05-14 04:08:41
    : : Careers News Events About Tenable Contact Support Enter search text Solutions Solutions Overview Compliance Configuration Auditing Continuous Monitoring Federal Government Log Management Mobile Device Security SCADA Security Compliance SIEM Vulnerability Management Vulnerability Scanning Products Products Overview Nessus Scanner SecurityCenter Log Correlation Engine Passive Vulnerability Scanner Services Services Overview Nessus Perimeter Service QuickStart Services Partners Partners Overview Become a Partner Strategic Partners Enterprise Channel Partners Subscription Channel Partners Professional Services Partners Training Certification Training Certification Overview Become Certified Courses Delivery Methods Training Schedule eLearning Portal Resources Resources Overview Podcasts RSS

  • WebVulScan - web application vulnerability scanner

    Updated: 2012-05-13 11:36:00

  • sqlcake - Automatic SQL injection and database information gathering tool.

    Updated: 2012-05-13 06:04:00

  • Every issue of New Scientist from its launch in November 1956 up to December 1989 available online for free.

    Updated: 2012-05-12 22:19:32
    .

  • iOS Getting Native Maps Soon?

    Updated: 2012-05-11 22:26:01
    iOS is by no means feature-complete. But it’s getting harder to identify the low-hanging fruit — the things you just know Apple has to be working on, not just the stuff you hope they are. The biggest one left is mapping. Today brings a report from 9to5Mac that Apple is set to switch the back-end [...]

  • Be Worthy of a Wikipedia Entry

    Updated: 2012-05-11 21:49:11
    I had an idea the other day about life achievement: if you currently have no plans to be worthy of a minor blurb on Wikipedia then you don’t really have any plans. That’s a low bar, and yet it’s miles above what 99% of people I know will ever accomplish. Let’s unpack that. What could [...]

  • Weekly News Roundup

    Updated: 2012-05-11 18:09:31
    Happy Friday all! Make the day go by a little faster by taking some time out to catch up with a few highlights from this week’s news stories: Twitter In The News: An interesting occurrence with Twitter this week was the supposed hack that resulted in the posting of over 50,000 user names and passwords [...]

  • Interview with Dan Guido at SOURCE Boston 2012 – Part I

    Updated: 2012-05-10 16:38:35
    We recently sat down with Dan Guido, CEO and Co-Founder of Trail of Bits at SOURCE Boston 2012, to get his views on topics related to application security. In the first of a three part segment, Dan's commentary focuses on vulnerabilities in general. You can watch the interview here.

  • eEye Digital Security Acquired by BeyondTrust

    Updated: 2012-05-10 01:46:09
    Earlier this morning we announced that eEye Digital Security has agreed to be acquired by BeyondTrust, the industry’s leading provider of Privileged Identity Management (PIM) solutions. This is a very exciting milestone in the history of eEye Digital Security, a company that has long been at the forefront of security product leadership and innovative security [...]

  • PVS and Facebook Game Detection

    Updated: 2012-05-09 15:35:00
    : Careers News Events About Tenable Contact Support Enter search text Solutions Solutions Overview Compliance Vulnerability Scanning Vulnerability Management SIEM Log Management Configuration Auditing Continuous Monitoring SCADA Security Compliance Mobile Device Security Products Products Overview Nessus Scanner SecurityCenter Log Correlation Engine Passive Vulnerability Scanner Services Services Overview Nessus Perimeter Service QuickStart Services Partners Partners Overview Become a Partner Strategic Partners Enterprise Channel Partners Subscription Channel Partners Professional Services Partners Training Certification Training Certification Overview Become Certified Courses Delivery Methods Training Schedule eLearning Portal Resources Resources Overview Tenable Blog Webinars Whitepapers

  • To Whitelist or To Not Whitelist

    Updated: 2012-05-09 07:00:03
    In this article the author investigates whitelisting methods as a way to control which applications users can use, as opposed to privilege management solutions which can dramatically reduce the attack surface within an organization.

  • Our Newest Release – Retina CS 3.1

    Updated: 2012-05-07 15:08:13
    Our product team has just put the finishing touches on the newest release of Retina CS, our award-winning Threat Management Console. Version 3.1 expands our market leadership in innovation for helping IT secure the technologies being widely deployed today. As it has been since halfway through 2011, Retina CS remains the only unified vulnerability and [...]

  • NMAP Script - NSE for detecting vulnerable PHP-CGI setups (CVE2012-1823)

    Updated: 2012-05-05 04:36:00

  • Monitoring Internet-facing Servers with SecurityCenter & Nessus

    Updated: 2012-05-04 12:00:00
    : Careers News Events About Tenable Contact Support Enter search text Solutions Solutions Overview Compliance Vulnerability Scanning Vulnerability Management SIEM Log Management Configuration Auditing Continuous Monitoring SCADA Security Compliance Mobile Device Security Products Products Overview Nessus Scanner SecurityCenter Log Correlation Engine Passive Vulnerability Scanner Services Services Overview Nessus Perimeter Service QuickStart Services Partners Partners Overview Become a Partner Strategic Partners Enterprise Channel Partners Subscription Channel Partners Professional Services Partners Training Certification Training Certification Overview Become Certified Courses Delivery Methods Training Schedule eLearning Portal Resources Resources Overview Tenable Blog Webinars Whitepapers

  • Religious Websites Riskier Than Porn Sites

    Updated: 2012-05-04 01:06:28
    http://www.rawstory.com/rs/2012/05/01/religious-websites-riskier-than-porn-fo… Sent from my mobile device; please forgive any brevity or errors. Posted via email from danielmiessler.com | posterous Related ContentOnline Porn and the Bible BeltAtheists More Generous Than Religious When Helping Others | NY Daily NewsU.S. Religious Knowledge Survey – Pew Research CenterVery Religious Americans Lead Healthier Lives | GallupHulu and Others Using New [...]

  • Google as DoS/Bandwidth Weapon | Security Affairs

    Updated: 2012-05-03 15:53:08
    The steps to conduct similar attacks are: Collect a large number of URLs from the targeted website. Preferably big media files (jpg, pdf, mpeg and similar) Put these URLs in a Google feed, or just put them in a Google Spreadsheet Put the feed into a Google service, or use the image(url) command in Google [...]

  • DDoS Attacks Move to Server Scripts | Network World

    Updated: 2012-05-03 15:50:21
    Internet criminals are sidestepping the need to launch DDoS attack from large networks of malware-compromised bot PCs by using simpler server ‘booter shells’, mitigation firm Prolexic has warned. America’s 10 most wanted botnets ‘Booter shells’ or plain ‘booters’ are simple PHP, .ASP or Perl script template files planted on compromised servers to direct Get/Post commanded [...]

  • DDoS Attacks Move to Server Scripts | Network World

    Updated: 2012-05-03 15:50:20
    Internet criminals are sidestepping the need to launch DDoS attack from large networks of malware-compromised bot PCs by using simpler server ‘booter shells’, mitigation firm Prolexic has warned. America’s 10 most wanted botnets ‘Booter shells’ or plain ‘booters’ are simple PHP, .ASP or Perl script template files planted on compromised servers to direct Get/Post commanded [...]

  • 20 of the Best IT Security Lessons Ever Learned | The State of Security

    Updated: 2012-05-03 15:45:24
    What follows is a list of the best advice from security gurus, network administrators, and those responsible for securing company information. The lessons were passed down to them from real-world experience, a supervisor, an industry colleague, or in one case, a complete stranger. Tip #1: Security must enable business, not prevent it “I don’t know [...]

  • “Life is Beautiful” | Reddit Comments

    Updated: 2012-05-03 04:38:36
    I want to share something else. I have seen so much death in my short life. I have had to do procedures called “Infant Trauma Surveys” which required us to image every single bone in a babies body. The purpose of these exams were to determine whether or not the child was being abused. The [...]

  • Security Considerations for Cloud Computing (Part 4) - Resource Pooling

    Updated: 2012-05-02 08:00:09
    In this article, we will continue with the theme and pick up on the third essential characteristic of cloud computing: pooled resources.

  • Network Security Podcast, Episode 275

    Updated: 2012-05-02 01:58:31
    By the grace of FSM, schedules synced up this week so we could all get together (despite Martin’s perpetual jet lag). Narrowly avoiding a discussion of CISPA (we’ll save that for later), the gang touches on some vulnerability disclosure gaffes, an “attack back” proposal (what year is this?), and more. Network Security Podcast, Episode 275, May [...]

  • NBC Chicago Interviews Marc Maiffret on Email Security

    Updated: 2012-05-01 18:55:52
    Recently, Marc Maiffret was interviewed on NBC Chicago about the security risks involved when unsubscribing from emails and how to best avoid being compromised by email spam (it does make up 80% of all email traffic in the United States, after all). Below is that interview and an excerpt from the article. Read the entire [...]

  • CapLoader Video Tutorial

    Updated: 2012-04-30 15:35:00
    Below is a short video tutorial showing some of the cool features in CapLoader 1.0. The functionality showed in the video includes: Loading multiple pcap files into a single flow view Port Independent Protocol Identification (PIPI) Fast extraction of packets related to one or several flows Exportin[...]

  • Permanent Reverse Backdoor for IPhone / IPad By CoreSec

    Updated: 2012-04-30 08:38:00

  • Great Song, Great Video

    Updated: 2012-04-30 04:03:38
    ,

  • Hotmail, AOL and Yahoo Password Reset 0Day Vulnerabilities

    Updated: 2012-04-29 05:10:00

  • Skype user IP-address disclosure

    Updated: 2012-04-27 14:56:00

  • Kaspersky Enterprise Space Security - Voted WindowSecurity.com Readers' Choice Award Winner - Anti Virus

    Updated: 2012-04-26 10:00:03
    Kaspersky Enterprise Space Security was selected the winner in the Anti Virus category of the WindowSecurity.com Readers' Choice Awards. avast! Server Edition and McAfee VirusScan Enterprise were runner-up and second runner-up respectively.

  • Tor Browser on iOS

    Updated: 2012-04-26 01:03:00

  • Video: Windows Local Password Policy

    Updated: 2012-04-25 08:00:24
    This video demonstrates the process of configuring Windows local password policy through Active Directory policies.

  • Network Security Podcast, Episode 272 v2

    Updated: 2012-04-25 01:30:22
    As a follow up to last week’s episode, Martin was joined last week by Josh Corman to talk to Wade Baker about the 2012 Verizon Data Breach Investigation Report.  Wade talks to us about how the information for the report was gathered, some of the strengths and weaknesses of the analysis and finally how the amazing puzzle [...]

Previous Months Items

Apr 2012 | Mar 2012 | Feb 2012 | Jan 2012 | Dec 2011 | Nov 2011