Five steps to successful and cost-effective penetration testing

Tuesday, May 27th, 2008

Whether you hire outside consultants or do the testing yourself, here are some tips for making sure your time and money are well spent. 1. Set goals. Make sure you know before you start your penetration testing what you want the results to encompass. Adding in too many systems can be ...

HTTP Proxies Bypass Firewalls

Tuesday, May 20th, 2008

This may seem painfully obvious to some people, but I looked around and couldn’t find a reference to it, so I apologize ahead of time for anyone who already knew this. When we normally think of how attackers use proxies they are almost always just trying to hide their IP ...

Cisco alums readying firewall killer

Monday, May 19th, 2008

Five former Cisco engineers have co-founded a start-up called Rohati Systems whose products take dead aim at traditional perimeter firewalls. A traditional firewall and its access control lists "is not capable of doing its job today from an access-control perspective," says CEO and President Shane Buckley. "Nowadays, your ...

Debian and Ubuntu keys under attack

Friday, May 16th, 2008

A recently disclosed vulnerability in widely used Linux distributions can be exploited by attackers to guess cryptographic keys, possibly leading to the forgery of digital signatures and theft of confidential information, a noted security researcher said Thursday. HD Moore, best known as the exploit researcher who created the Metasploit penetration testing ...

Hacker writes rootkit for Cisco’s routers

Thursday, May 15th, 2008

A security researcher has developed malicious rootkit software for Cisco's routers, a development that has placed increasing scrutiny on the routers that carry the majority of the Internet's traffic. Sebastian Muniz, a researcher with Core Security Technologies, developed the software, which he will unveil on May 22 at the ...