Rodney Campbell's Blog

Mac OS Bluetooth exploit – Inqtana.d

Inqtanad is a proof-of-concept exploit, which has not yet been seen in the wild, that is installed on a Mac OS X computer via Bluetooth from a computer or PDA running a Linux system.

BT acquires Counterpane Internet Security

BT has announced that it has acquired Counterpane (Bruce Schneier) Internet Security, a provider of managed networked security services, as part of its strategy to expand and develop its global professional services capabilities.

Security Vendor Bypasses Microsoft’s Vista PatchGuard

Authentium contends that it wasn’t hard to create a product that defies Vista’s kernel protection program, but said it will continue to work with Microsoft to find alternative development techniques.

Researchers warn over RFID cards

Without even removing their cards from wallets or pockets, consumers can potentially see their privacy and security compromised.

Unified Threat Management – Friend or Foe?

One of the latest trends in information security is Unified Threat Management (UTM). In a nutshell UTM is the combining of security functionality (i.e. anti-virus and network traffic scanning, alerting, firewalling, etc.) into a single appliance or software suite. Many articles cover aspects in favor of UTM but fail to consider any of the risks.

Is The Metasploit Hacking Tool Too Good?

The open source project already offers penetration testing tools and exploit code. Now it’s going further, offering eVade-o-Matic, a tool to make it harder to detect exploit code aimed at Web browsers. Has the group gone too far?

Is IE 7 Really More Secure Than IE 6?

Microsoft released its long-awaited Internet Explorer 7.0 browser on Oct. 19. The free download allows Windows users to replace IE 6.0, which hasn’t had a serious feature update since it first came out in 2002.

Unlocking the iPod

Jon Johansen became a geek hero by breaking the DVD code. Now he’s liberating iTunes – whether Apple likes it or not.

Windows Defender Final v1.1.1592.0

Windows Defender is a free program that helps you stay productive by protecting your computer against pop-ups, slow performance and security threats caused by spyware and other potentially unwanted software.

Beware the Bots

Malicious code that turns computers into zombies is wreaking all kinds of havoc.

Teleworkers know (and ignore) security risks, study says

The majority of telecommuters are aware of the security dangers that go along with using mobile devices and remotely logging onto their employers’ networks, yet their behavior for the most part contradicts this awareness, according to a study by Cisco Systems and research firm InsightExpress.

Less Than Zero Threat, Part 1

The security industry and trade press have directed a lot of attention toward the ‘Zero-day attack,’ promoting it as THE threat to guard against. According to the marketing hype, the Zero-Day attack is the one that you should most fear, so you must put in place measures to defend your organization from it.

Less Than Zero Threat, part 2

In part 1, we introduced the idea of a Less-Than-Zero threat and defined it relative to a Zero-Day threat. Now, I’ll go a little deeper on each and discuss ways to protect your organization from them.

Turn Off WiFi and Bluetooth When Not In Use

Metasploit is working on a module to transition kernel mode exploits into user mode.

Firefox 2.0 goes live

Get it while it’s hot Updated Firefox 2.0 was due to be released on Tuesday in the US but the final version of the source browser was available from Mozilla FTP site early on Monday. Firefox 2.0 boasts a raft of new features including an integrated in-line spell checker, as well as an anti-phishing tool, tightly-integrated search, and improvements in tabbed browsing.

Q&A – Why Metasploit Publishes Hacker Tools

H.D. Moore, head researcher of hacker organization Metasploit, talks about why it’s important to publish security exploits.

eEye Introduces Personal freeware

eEye Digital Security, the developer of endpoint security and vulnerability management software solutions, has announced the release of Blink Personal, a free version of its award-winning Blink endpoint security technology, developed for non-commercial users.

US court denies request to suspend Spamhaus domain

Spam roadblock remains in place A US judge has denied a request to order internet registrars to suspend Spamhaus’s domain, easing concerns that the spam blocking service might be interrupted.

Spam Trojan Installs Own Anti-Virus Scanner

SpamThru Trojan uses P2P technology to send commands to hijacked computers and an anti-virus scanner that introduces a never-before-seen level of complexity and sophistication. Also SpamThru trojan analysis.

The threat posed by portable storage devices (pdf)

In a society where the use of portable storage devices is commonplace, the threat that these devices pose to corporations and organizations is, more often than not, ignored. This paper examines the nature of the threat that these devices present and the counter-measures that organizations can adopt to eliminate them.

IE7 is already vulnerable

Microsoft has just released the final version of IE7 for Windows XP and security research firm Secunia has already found a security vulnerability in newly unleashed IE7.

Instant messaging: Problems and solutions

You’ve heard about the benefits and the drawbacks of allowing instant messaging on your network, but have you heard them all? John takes the view that it’s best to lay all the IM security cards on the the table — and then plan how you’re going to trump them.