Rodney Campbell's Blog

Security

2007.04.10 Daily Security Reading

by on Apr.10, 2007, under Security

Image Spam: Getting the Picture?

Spam. We’ve all seen enough of it. But just as familiarity has bred contempt (and stopped most email users responding to it), spammers have come up with a new technique to snare the unwary and get around corporate security measures.

ShmooCon 2007 Videos

Four steps to battling botnets

How do you know if your computer, or any of the computers in the network you manage, has become infected with zombie code? After all, the programs that turn a computer into an undead slave for spammers and phishers don’t install a desktop icon or an entry on the Windows Start menu. A survey of experts reveals some agreement on basic steps you can take to reduce the risk of having your machines join the army of the evil botnet undead.

New class of attack targets embedded devices

Researcher finds vulnerability in embedded chips that can compromise routers or mobile phones… Often, it’s simply too expensive for hardware makers to shut down JTAG access

JavaScript Hijacking (pdf)

An increasing number of rich Web applications, often called Ajax applications, make use of
JavaScript as a data transport mechanism. This paper describes a vulnerability we term JavaScript Hijacking, which allows an unauthorized party to read confidential data contained in JavaScript messages.

Top 12 OS X Tiger Security Issues

It’s been called one of the safest operating systems of all time, but Mac’s OS X Tiger may not be as safe as it seems. This list provides its top security issues and how to plug them.

Comments Off on 2007.04.10 Daily Security Reading more...

2007.03.12 Daily Security Reading

by on Mar.12, 2007, under Security

SubVirt: Implementing malware with virtual machines (pdf)

Attackers and defenders of computer systems both strive to gain complete control over the system. To maximize their control, both attackers and defenders have migrated to low-level, operating system code. In this paper, we assume the perspective of the attacker, who is trying to run malicious software and avoid detection.


DNS Security Basics

Your DNS is a sweet spot for hackers who want to compromise your network; learn to protect it.

One-third of security IT/security managers don’t secure their home machines

A survey of security and IT managers at the recent RSA conference shows that one-third don’t secure their home files or communications.

Comments Off on 2007.03.12 Daily Security Reading more...

2007.03.08 Daily Security Reading

by on Mar.08, 2007, under Security

Herding the Mob

On the Web, we let strangers tell us who to trust, what to read, and where to go. Which means your good name can be worth real money. And reputation hacking can be big business.

SYN Flooded: Nothing To See Here

It is not always a good idea to assume the world is out to get you when a stray packet arrives at your doorstep.

How dangerous is Skype?

Skype expert Michael Gough examines the top five security misconceptions.

Microsoft WGA Phones Home Even When Told No

When you start WGA setup and get to the license agreement page but decided NOT to install the highly controversial WGA component and cancel the installation, the setup program will send information stored in your registry and the fact that you choose not to install WGA back to Microsoft’s servers.

Comments Off on 2007.03.08 Daily Security Reading more...

2007.03.07 Daily Security Reading

by on Mar.08, 2007, under Security

Port Scanning using Javascript

This is a proof of concept page for port scanning arbitrary IP addresses from JavaScript. Given a range of IP addresses, the scanner will detect if there is a host running at that IP. It will then look for a web server running on port 80 and try to fingerprint what kind of web server it is.

Comparing Solaris Trusted Extensions and Red Hat Enterprise Linux Systems

Sun Microsystems and Red Hat have both submitted new versions of their trusted operating systems (OS) for Common Criteria (CC) certification evaluation. While these systems are being evaluated against the same CC protection profiles and at the same evaluation assurance level, these systems differ in significant ways that affect how a customer might choose to use such systems.

Backtrack 2 Penetration Testing Live Linux Distribution Released

Backtrack provides a thorough pentesting environment which is bootable via CD, USB or the network (PXE). The Torrent is available here.

Comments Off on 2007.03.07 Daily Security Reading more...

2007.03.01 Daily Security Reading

by on Mar.01, 2007, under Security

Legal threat forces cancellation of Black Hat RFID hacking demo

A security researcher scheduled to present information on issues with radio-frequency identification (RFID) technology at the Black Hat Federal conference this week was silenced by security technology giant HID Global, which claimed the presentation would violate its intellectual property.

Five mistakes of data encryption

This article covers some of the other mistakes that often occur when organizations try to use encryption to protect data at rest and data in transit and thus improve their security posture.

Firefox, IE7 open to URL spoof

Firefox and IE7 do not properly handle JavaScript “onUnload” events and can be tricked into taking the user to an unintended destination.

Xbox 360 Hypervisor Security Protection Hacked

We have discovered a vulnerability in the Xbox 360 hypervisor that allows privilege escalation into hypervisor mode. Together with a method to inject data into non-privileged memory areas, this vulnerability allows an attacker with physical access to an Xbox 360 to run arbitrary code such as alternative operating systems with full privileges and full hardware access.

Comments Off on 2007.03.01 Daily Security Reading more...

Looking for something?

Use the form below to search the site:

Still not finding what you're looking for? Drop a comment on a post or contact us so we can take care of it!

Copyright © 2015 Rodney Campbell

Images contained on this web site may not be used or reproduced in any way without prior permission.