Rodney Campbell's Blog

The Evolution of Security (pdf)

What can nature tell us about how best to manage our risks?

Security Analogies Wiki

Dedicated to compiling good analogies used when explaining (computer) security matters.

Data Seepage – How to Give Attackers a Roadmap to Your Network

Robert Graham and David Maynor, the CEO and CTO of Errata Security. In this video they talk about how the days of widespread internet attacks are long gone. What’s more popular now are more directed or targeted attacks using a variety of different methods. This is where data seepage comes in. Unbeknownst to a lot of mobile professional’s laptops, PDAs, even cell phones can be literally bleeding information about a company’s internal network.

Piracy More Serious Than Bank Robbery?

Ars Technica covers NBC/Universal general counsel Rick Cotton who suggests that society wastes entirely too much money policing crimes like burglary, fraud, and bank-robbing, when it should be doing something about piracy instead.

Judge Orders TorrentSpy to Turn Over RAM!!

In an impressive example of the gap of understanding between legal officials and technology, U.S. Magistrate Judge Jacqueline Chooljian found that a computer server’s RAM, or random-access memory, is a tangible document that can be stored and must be turned over in a lawsuit.

Border Gateway Protocol Security (pdf)

Why DRM won’t ever work

A request for a DRM system is a sign that the customer is in denial, and isn’t dealing rationally with reality.

Why DoS and DDoS attacks are the plague of the Internet

DoS and DDoS attacks are not a new threat—they’ve been terrorizing the Internet for years. But after all these years, we’re still no closer to learning how to deal with this problem.

Germany outlaws ‘hacking tools’: An impossible ban for sysadmins?

A recent update to the German criminal code has outlawed so called “hacking tools.” This move has raised angry responses from security experts worldwide who have branded it as “ill considered and counterproductive.”

Little-known AV packages outdo those of Symantec, McAfee, Microsoft

Andreas Clementi, who runs the web site av-comparatives.org, has released his latest report that looks at how well antivirus programs do against threats that have not yet been identified and included in standard AV signatures.

Guidelines on Securing Public Web Servers (pdf)

An inside look at a targeted attack

It appears that more than one year after the initial attacks, the hostname is still successfully resolving.

Zero-day sales not fair — to researchers

Two years ago, Charles Miller found a remotely exploitable flaw in a common component of the Linux operating system, and as many enterprising vulnerability researchers are doing today, he decided to sell the information.

10 Anti-Phishing Firefox Extensions

One popular way to combat phishing attacks is to maintain a list of known phishing sites and to check web sites against the list. This hack highlights 10 anti-phishing Firefox extensions that can be used to mitigate the risk of being a victim of a phishing attack.