NEWS

Discovery of a crimeserver with over 1.4 gb of stolen data
Compromised file found inside a localized Firefox 2.0 language pack
Free kits for launching phishing attacks
New SDK for multi-biometric face-fingerprint identification systems
Belgium accuses chinese government of cyberespionage

Video: The Enigma Machine

REVIEWS

Backup & Recovery
Mac OS X Leopard Phrasebook
The Book of Wireless (2nd Edition)
Mac OS X Leopard: The Missing Manual
Apache Cookbook (2nd Edition)

WINDOWS

LANguard Network Security Scanner 8 ***
Ad-Aware 2007 Free 7.0.2.7
Password Safe 3.13
WinSCP 4.1.1
PWGen 2.00
Revealer Keylogger 1.33
Spyware Terminator 2.2.0.411
Security System Analyzer 1.6b2

ADVISORIES

Gentoo Linux Security Advisory - InspIRCd: Denial of Service (GLSA 200805-08)
SUSE Security Announcement - SUSE Security Summary Report (SUSE-SR:2008:011)
Gentoo Linux Security Advisory - Linux Terminal Server Project: Multiple vulnerabilities (GLSA 200805-07)
Articles

Audio (20)
Authentication (28)
Compliance (13)
Cryptography (9)
Database (14)
Editorials (314)
General Security (108)
Hacking History (30)
Interviews (110)
Intrusion Detection (20)
Linux (16)
Mac OS X (18)
Malware (40)
Opinions (135)
Podcasts (9)
Security Products (49)
Storage (20)
Various (71)
Video (19)
Web Security (68)
Wireless (21)


Last 10 added articles

The Enigma Machine (Video)
The National Security Agency (NSA) had an Enigma machine in their booth at the RSA Conference 2008 in San Francisco. Here's a video that shows the machine and provides some history about it.
HNS Podcast: Jeremiah Grossman's top security conferences (Podcasts)
Jeremiah Grossman, the founder and Chief Technology Officer of WhiteHat Security attends quite a number of security conferences around the globe. A couple of weeks ago we had a chat with him and in this short podcast he discusses four of his favorite events.
Interview with Josh Corman, Principal Security Strategist for IBM Internet Security Systems (Interviews)
With more than ten years of experience in security and networking software development, Corman is currently leading an industry charge to evolve defenses against the latest generations and innovations of malicious code. In this Q&A session he discusses the Storm Worm.
Automatic Patch-Based Exploit Generation is Possible: Techniques and Implications (General Security)
The automatic patch-based exploit generation problem is: given a program P and a patched version of the program P', automatically generate an exploit for the potentially unknown vulnerability present in P but fixed in P'. In this paper, we propose techniques for automatic patch-based exploit generation, and show that our techniques can automatically generate exploits for vulnerable programs based upon patches provided via Windows Update.
The Fundamentals of Physical Security (Video)
Deviant Ollam works as a network engineer and security consultant but his strongest love has always been teaching. A supporter of First Amendment rights who believes that the best way to increase security is to publicly disclose vulnerabilities, Deviant has given lockpick demonstrations at ShmooCon, DefCon, HOPE, HackCon, HackInTheBox, and the West Point Military Academy. In this video, made at Black Hat Europe, he discusses the importance of physical security and illustrates that with a real-world example.
Changing Threats, Changing Solutions: A History of Viruses and Antivirus (Malware)
It is more than 20 years since the first PC virus appeared. Since then, the nature of threats has changed significantly. Today’s threats are more complex than ever before. In any field of human activity, the latest generation stands squarely on the shoulders of those who went before, learning from what has been done before, re-applying what has proved successful and also trying to break new ground. This is no less true of those who develop malicious code. Successive waves of malicious code have re-defined the threat landscape.
HNS Podcast: Penetration testing considerations (Podcasts)
In this HNS podcast, Anothony Alves from CORE Security Technologies talks about penetration testing. He dicusses the things you should look for when considering doing a penetration test.
Hacking Second Life (Video)
At Black Hat in Amsterdam we caught up with Michael Thumann, CSO of ERNW. In this video he discusses Second Life hacking. Beyond being an online game Second Life is a growing marketplace for big companies where lot of money is made. Living and acting in a virtual world gives the people the opportunity to do things they would never do in real life. Therefore it is not surprising that Second Life has increasingly attracted real world hackers.
Interview with Chris Sanders, Author of "Practical Packet Analysis" (Interviews)
Chris Sanders is a Senior Support Engineer for KeeFORCE, a technology consulting firm. Chris writes and speaks on various topics including packet analysis, network security, Microsoft technologies, and general network administration.
Data Loss Prevention: Where Do We Go From Here? (Opinions)
DLP is fast becoming one of the most overused yet misunderstood acronyms in an industry known for its cryptic abbreviations. The popular label for data loss prevention is appearing on a puzzling variety of security products, adding to the confusion and hype.

Meanwhile, the debate continues over where DLP should be deployed: on the network or the endpoint? What about stored data? And does it matter whether DLP is deployed as a standalone solution or as a feature in a broader product portfolio? To address those questions, organizations must first understand what DLP is, why it is important, and how it works.




Qualys: This free security guide describes the scanning requirements for PCI-DSS and provides a quick-reference requirements matrix for both Merchants and Service Providers of all levels.










Vulnerability Scanning

Network Vulnerabilities

Event Log Security