NEWS

Spam served as visual poetry
IT security spending on the rise
Aladdin Knowledge Systems acquires SafeWord product line
Secure Computing to acquire Securify
The RFID Security Alliance (RFIDSA) formed

Reverse Engineer's Swiss Army Knife

REVIEWS

Security Power Tools
Network Warrior
Google Apps Hacks
Crimeware: Understanding New Attacks and Defenses
Big Book of Windows Hacks

WINDOWS

LANguard Network Security Scanner 8 ***
Password Safe 3.14
Cute Password Manager Pro 2008.1.3.8
Data Guardian 1.5.1
CryptoExpert 2008 Professional 7.4.3
Cain & Abel 4.9.20
Outpost Firewall Pro 6.5.2358.316.0607
AVG Anti-Virus Free Edition 8.138.1332

ADVISORIES

Mandriva Linux Security Update Advisory - python (MDVSA-2008:186)
Gentoo Linux Security Advisory - MySQL: Privilege bypass (GLSA 200809-04)
Gentoo Linux Security Advisory - RealPlayer: Buffer overflow (GLSA 200809-03)
Articles

Audio (20)
Authentication (29)
Compliance (15)
Cryptography (9)
Database (15)
Editorials (314)
General Security (114)
Hacking History (30)
Interviews (120)
Intrusion Detection (20)
Linux (16)
Mac OS X (19)
Malware (41)
Opinions (142)
Podcasts (13)
Security Products (49)
Storage (20)
Various (71)
Video (23)
Web Security (72)
Wireless (22)


Last 10 added articles

Discovery and Fuzzing for SQL injections with Web 2.0 Applications (Web Security)
This paper describes some techniques and approaches to perform effective assessment on Web 2.0 applications on the basis of our recent experience and cases which were analyzed on the field.
Rootkit Evolution (Malware)
Rootkit evolution is following the same path as spyware. First, rootkits were identified as a separate class of malware. Then there was a lot of media hype which led to a large number of anti-rootkit tools and products together with a noticeable reaction from the antivirus industry. Today both rootkits and spyware have merged into the general malware stream and no longer cause any particular excitement. However, the concept of evading system features to hide something is obviously still valid and we are very likely to see new threats implementing stealth.
Application Security Matters: Deploying Enterprise Software Securely (Compliance)
This laundry list of security requirements is a lot to think about for every application deployment, but vigilance in this area can drastically improve an organization’s security posture. The requirements can be put into a standardized template, and at the end of the process each requirement should have a mark for pass, fail, or perhaps not applicable. Anything marked as a failure should be noted and can be escalated or accepted as a risk.
Security Risks for Mobile Computing on Public WLANs: Hotspot Registration (Wireless)
The article illuminates the effectiveness of VPN security mechanisms, data encryption, strong authentication and personal firewalls and shows how optimal protection can be achieved by dynamically integrating each of these technologies.
Reverse Engineering: Smashing the Signature (General Security)
Many antivirus and antispyware solutions identify malicious programs by looking for known unique signatures contained inside them. Those signatures are stored inside a database which is constantly updated. This tutorial guides you through a number of steps to encrypt the executable file code section in order to render antivirus signature checking techniques ineffective against identifying the malicious code.
Internet Terrorist: Does Such A Thing Really Exist? (Opinions)
In this article, a former CISO discusses the notion of worrying about the potential risk of terrorism against his organization and how it seems to be the lowest priority given the choices at hand. Ironically, terrorism today seems to be an emerging concern in the commercial world and many are actively pursuing methods and technology to help combat the problem. As a result, he began to research this trend to determine its drivers and potential implications to information security as we know it today.
Reputation Attacks: A Little Known Internet Threat (General Security)
Reputation attacks target both individuals and companies, and their goal is to ruin the victim’s reputation. While attack techniques are varied, the consequences are often the same: a damaged reputation resulting in many cases in financial loss.
DTrace: The Reverse Engineer's Unexpected Swiss Army Knife (Video)
David Weston is a security engineer at Science Applications International Corporation. In this video, made at Black Hat Europe, David illustrates his research related to DTrace. Created by SUN and originally intended for performance monitoring, DTrace is one of the most exciting additions to OS X Leopard and is being ported to Linux and BSD.
How B2B Gateways Affect Corporate Information Security (General Security)
B2B gateways were introduced in 2003, marking the first time IT professionals could deploy best-of-breed managed file transfer tools without sacrificing their larger investment in enterprise business applications. Today, that value proposition has an added advantage: gateways have become building blocks for a secure information strategy.
Q&A: Views on Privacy and Identity Theft (Interviews)
Jonathan Moneymaker is VP of Operations at Anonymizer. In this interview he tackles headaches related to privacy and identity theft.




Qualys: This free security guide describes the scanning requirements for PCI-DSS and provides a quick-reference requirements matrix for both Merchants and Service Providers of all levels.










Vulnerability Scanning

Network Vulnerabilities

Event Log Security