Rodney Campbell's Blog

Writing an RFP for a Network Access Control Solution

When considering network security solutions, many organizations choose network access control (NAC) technology as an integral part of their security fabric. Many industry experts believe that NAC is vital to complete network security.

Solaris Telnet 0-day vulnerability

This is almost identical to a bug in AIX and Linux rlogin from way back in 1994.

HD-DVD has been hacked

According to the Doom9 forums HD-DVD has been hacked. Arnezami has found the volume key for King Kong, which should work for all HD-DVDs.

Yapbrowser: Directing you to Illegal Content

Web-browsers. They’re all around you, on every PC across the length and breadth of the planet, yet you probably don’t stop to think about them too much. Why would you? They’re just there, and that’s all that matters, like the mouse or the keyboard – a tool you just plug in to do something else, without worrying about what they happen to be doing internally.

Cisco going open source with NAC client

As it develops the next-generation of network security infrastructure, Cisco Systems Inc. is planning to cease development on its network admission control (NAC) client, the Cisco Trust Agent (CTA), and submit the source code for the software client to the open-source community.

Steal This Download [pdf]

Investigative reporter Kim Zetter spent a year probing the life of David Thomas, a high-tech grifter who became an FBI asset. In interviews with Thomas, his girlfriend, his associates in the underground and federal agents on the cybercrime beat, Zetter pieced together the strange world of the "boards," online bazaars where crooks and swindlers work together to scam everyone else.

Price of cybercrime tools shrinks

It’s becoming cheaper and easier to get hold of the tools needed to launch a cybercrime attack.

Essential lockdowns for Layer 2 switch security

Failing to secure your switch architecture is like sending hackers an engraved invitation to attack your network. Yet security administrators often neglect to lock down Layer 2 of their network infrastructure. This comprehensive guide explains the essential procedures that will enable you to properly configure and secure your switch infrastructure.

Hackers Attack Key Net Traffic Computers

Hackers briefly overwhelmed at least three of the 13 root DNS servers that help manage global computer traffic Tuesday in one of the most significant attacks against the Internet since 2002.

When Security Companies Fail

RSA Security conference… kiosks… running under the all-powerful administrator account.

PHP security from the inside

Stefan Esser is the founder of both the Hardened-PHP Project and the PHP Security Response Team (which he recently left). Federico Biancuzzi discussed with him how the PHP Security Response Team works, why he resigned from it, what features he plans to add to his own hardening patch, the interaction between Apache and PHP, the upcoming "Month of PHP bugs" initiative, and common mistakes in the design of well-known applications such as WordPress.

Securing Apache/PHP

Pointers to some interesting tools designed to harden your Apache/PHP environment.

The ABCs of IT Security

Information security is the process of protecting data from accidental or intentional misuse by persons inside or outside of an organization, including employees, consultants, and yes, the much-feared hacker. A security breach can involve anything from a website defacement to a computer virus, to an employee who inadvertently discloses his password, to a former employee who sabotages a customer database, to corporate spies who find out how many widgets your top customer bought last month.

A Brief Exaplnation of Diffie-Hellman Key Exchange

A cryptographic key exchange method developed by Whitfield Diffie and Martin Hellman in 1976. Also known as the "Diffie-Hellman-Merkle" method and "exponential key agreement," it enables parties at both ends to derive a shared, secret key without ever sending it to each other.

The Psychology of Security

Security is both a feeling and a reality. And they’re not the same.

Hacker to write autobiography

Kevin Mitnick says his story is the Catch Me if You Can of cyberspace.

Security zone shortcomings – why browsers and websites encourage phishing

For those of you unaware or unfamiliar with browser security zones, the short story is that web sites can be classified into ‘zones’.  There’s typically a zone for web sites you explicitly trust (such as your bank), a zone for local/intranet web sites (typical in a work environment), and then an Internet zone for everything else.

Study Finds Web Antifraud Measure Ineffective [pdf]

Internet security experts have long known that simple passwords do not fully defend online bank accounts from determined fraud artists. Now a study suggests that a popular secondary security measure provides little additional protection.

Windows Vista has barely been released, and already the driver signing on the 64 bit version has been circumvented. The 64 bit version only permits signed drivers in an attempt to enforce that every driver fully implements the Protected Media Path that was incorporated into Vista at the behest of the major media conglomerates (and at the cost of the consumers who now have to live with less stable/proven – drivers need to be re-engineered which takes time and money – drivers for crucial system components).

‘Contact us’ attack takes out mail servers

The contact us feature on many websites is often insecure and makes it easy to launch denial of service attacks on corporate mail servers.

Mac Developer mulling OS X equivalent of ZERT

Now that the Month of Apple Bugs project is done, Landon Fuller just wants some rest. Then, if his buddies are up to it, the brain behind the month of Apple fixes counter-project wants to expand the initiative to provide “zero-day patches” for critical issues affecting Mac OS X users.