dos

Good afternoon everybody! I hope your day is going well. Sorry for missing yesterday. I had a brutally busy day and then we had a power outage at home to boot.

Here are today's Interesting Information Security Bits from around the web.

  1. A new packet challenge is up at I Smell Packets.
    Packet Challenge - Name that Exploit << I Smell Packets
    Tags: ( challenge packet-capture )
  2. This is an interesting post with some thoughts that can be extended well beyond virtualization.
    View Yonder >> Free the Gladiators!
    Tags: ( virtualization )
  3. This time a peak at php and sessions.
    AppSec Street Fighter - SANS Institute >> Session Attacks and PHP
    Tags: ( session )
  4. Anton opines on the contents of the letter sent to the PCI council by the National Retail Federation and other retail associations.
    On "PCI Letter"
    Tags: ( pci letter )
  5. Mozilla has been at work to come up with a method of getting rid of XSS problems. They believe they have it with Content Security Policy.
    Shutting Down XSS with Content Security Policy at Mozilla Security Blog
    Tags: ( csp mozilla )
  6. Christofer has a nice couple of graphics that help describe cloud computing from a high level perspective.
    Rational Survivability >> Incomplete Thought - Cloudanatomy: Infrastructure, Metastructure & Infostructure
    Tags: ( cloud )
  7. The ISC diary points out some ways to protect your webserver from being DOSed by the tool released by Rsnake recently.
    Apache HTTP DoS tool mitigation
    Tags: ( apache dos )
  8. RSnake take a look at detecting man-in-the-middle proxies.
    Detecting MITM/Hacking Proxies Via SSL ha.ckers.org web application security lab
    Tags: ( mitm )
  9. Lori offers some thoughts on IPv6 that you should also be thinking about.
    You are the new number 3ffe:1900:4545:3:200:f8ff:fe21:67cf
    Tags: ( ipv6 )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. ISC has a nifty services file that also includes a bunch of ports on which different trojans and malware listen.
    http://isc.sans.org/services.html
    Tags: ( ports malware )
  2. Here's a little something to play with in your reversing lab, the Kindle machine readable source code.
    Amazon.com: Help > Digital Products Help > Amazon Kindle Wireless Reading Device > Amazon Kindle Terms, Warranties, & Notices > Source Code Notice
    Tags: ( kindle )
  3. Amusing.
    YouTube - 50 Ways to Inject Your SQL
    Tags: ( humor sql )
  4. The entire Penetration Testing and Vulnerability Analysis course at Polytechnic Institute of New York University is now available on the web for free. Very cool.
    Penetration Testing and Vulnerability Analysis - Home
    Tags: ( education )
  5. The start of what looks to be an interesting series on session attacks against ASP.NET.
    AppSec Street Fighter - SANS Institute >> Session Attacks and ASP.NET - Part 1
    Tags: ( asp.net session )
  6. Opera release version 10 of its browser yesterday and it contains something new called Unite. It should scare you if you are responsible for protecting your enterprises data assets. Any user can now quickly and, supposedly, easily setup a web server/service.
    Boaz Gelbord: Opera Invites You to Join the Cloud
    Tags: ( opera browser )
  7. A new version of Wireshark has been released. Wireshark is an awesome open source network sniffer that is very robust and full of functionality.
    Wireshark 1.2.0 released
    Tags: ( wireshark packet-capture sniffer tools )
  8. Interesting. Low bandwidth denial of service on a web server without affecting other services and easily started and stopped.
    Slowloris HTTP DoS ha.ckers.org web application security lab
    Tags: ( dos http apache )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Interesting tool available from Microsoft. Could be useful for those that use IIS.
    Microsoft releases beta tool for fighting DoS attacks - Ars Technica
    Tags: ( dos )
  2. SANS and DSHIELD (a great project) have another cool thing going on. And it's free.
    SANS Internet Storm Center; Cooperative Network Security Community - Internet Security - isc
    Tags: ( honeypot )
  3. Good stuff here as usual.
    Everything I know about security, I learned from Ghostbusters... | The Guerilla CISO
    Tags: ( general )
  4. An interesting post by Martin that looks at an interesting question.
    Network Security Blog >> Are credit cards worth the risk?
    Tags: ( pci )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }