Monday, July 14th, 2008
FWAuto (Firewall Rulebase Automation) is a Perl script and should work on any system with Perl installed. Provide the running config of a PIX firewall to fwauto. It will analyze and give you a list of weak rules in your rule base and store the result in multiple output files.
Maybe ...
Posted in Internet, Privacy, Security, Software | No Comments
Sunday, June 1st, 2008
XSS (Cross-Site Scripting) Very Much Alive and Kicking
We were about to investigate further on malicious activities related to banner82(dot)com/b.js but the URL was already inaccessible around Tuesday. Soon enough the malicious script in www(dot)adw95(dot)com caught our interest. A rough survey of the sites compromised by this script reveal that the ...
Posted in Coding, Internet, Security | No Comments
Monday, May 12th, 2008
For years, organizations have focused on the evil outsiders that were behind attacks on their networks. Firewalls, IDS, IPS technologies have come to the rescue and have resulted in impregnable walls protecting organization networks. Now with strong walls, the challenge is ensuring the trusted insiders don't walk out with the ...
Posted in Hardware, Networking, Privacy, Security | No Comments
Thursday, May 8th, 2008
It takes the average attacker less than 10 seconds to hack in and out of a database -- hardly enough time for the database administrator even notice the intruder. So it’s no surprise that many database attacks go unnoticed by organizations until long after the data has been compromised.
And surprisingly, ...
Posted in Internet, Security | No Comments
Friday, May 2nd, 2008
The developers of the PHP scripting language have issued Version 5.2.6, which fixes numerous bugs and plugs some security holes. The changes are comprehensive, including bug fixes to modules that link to third-party products. PHP 5.2.6 also rectifies several flaws that could have caused a crash.
The developers have eliminated errors ...
Posted in Coding, Internet, PHP, Security | No Comments
Wednesday, April 23rd, 2008
Malware authors will often have their files display something to the user so that they actually believe the file is legitimate. Many of us have experienced such tricks, including fake errors stating that a specific file could not be found or that the application failed to load properly. Today we ...
Posted in Coding, Internet, Privacy, Security | No Comments
Monday, April 21st, 2008
Abstract
Windows PowerShell™ is a new Windows command-line shell designed especially for system administrators. The shell includes an interactive prompt and a scripting environment that can be used independently or in combination.
Introducing Windows PowerShell
Most shells, including Cmd.exe and the SH, KSH, CSH, and BASH Unix shells, operate by executing a command ...
Posted in Coding, Linux, Windows | No Comments
Saturday, April 19th, 2008
Back in the '60s, when the spy craze first hit, would-be snoops had to satisfy their desire for spy gear with products like 007 cologne and aftershave, when what they really wanted was the bug Bond hid beneath the bumper of a quarry's car, or the greenscreen mapping device mounted ...
Posted in Hardware, Networking, Privacy, Security | No Comments
Wednesday, April 16th, 2008
Security researchers on Monday spotted malicious code that triggers a critical vulnerability in the Chinese version of Windows 2000, and warned users of other editions to expect attacks.
Symantec confirmed that the proof-of-concept code publicly posted to the milw0rm.com site earlier in the day successfully attacks Chinese editions of Windows 2000 ...
Posted in Coding, Internet, Security, Windows | No Comments
Wednesday, April 16th, 2008
With JJ blogging about 802.1x, I thought it would be timely to talk about why I think small and medium sized enterprises (SMEs) do not and probably never will deploy 802.1x for wired networks.
I make a point of meeting with customers whenever I can. Amongst the small and medium ...
Posted in Hardware, Internet, Networking, Privacy, Security | No Comments
