dos

Interesting Information Security Bits for 06/23/2009

by kriggins on June 23, 2009

Good afternoon everybody! I hope your day is going well. Sorry for missing yesterday. I had a brutally busy day and then we had a power outage at home to boot.

Here are today's Interesting Information Security Bits from around the web.

A new packet challenge is up at I Smell Packets.
Packet Challenge - Name that Exploit << I Smell Packets
Tags: ( challenge packet-capture )
This is an interesting post with some thoughts that can be extended well beyond virtualization.
View Yonder >> Free the Gladiators!
Tags: ( virtualization )
This time a peak at php and sessions.
AppSec Street Fighter - SANS Institute >> Session Attacks and PHP
Tags: ( session )
Anton opines on the contents of the letter sent to the PCI council by the National Retail Federation and other retail associations.
On "PCI Letter"
Tags: ( pci letter )
Mozilla has been at work to come up with a method of getting rid of XSS problems. They believe they have it with Content Security Policy.
Shutting Down XSS with Content Security Policy at Mozilla Security Blog
Tags: ( csp mozilla )
Christofer has a nice couple of graphics that help describe cloud computing from a high level perspective.
Rational Survivability >> Incomplete Thought - Cloudanatomy: Infrastructure, Metastructure & Infostructure
Tags: ( cloud )
The ISC diary points out some ways to protect your webserver from being DOSed by the tool released by Rsnake recently.
Apache HTTP DoS tool mitigation
Tags: ( apache dos )
RSnake take a look at detecting man-in-the-middle proxies.
Detecting MITM/Hacking Proxies Via SSL ha.ckers.org web application security lab
Tags: ( mitm )
Lori offers some thoughts on IPv6 that you should also be thinking about.
You are the new number 3ffe:1900:4545:3:200:f8ff:fe21:67cf
Tags: ( ipv6 )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Interesting Information Security Bits for 06/17/2009

by kriggins on June 17, 2009

in Interesting Bits

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

ISC has a nifty services file that also includes a bunch of ports on which different trojans and malware listen.
http://isc.sans.org/services.html
Tags: ( ports malware )
Here's a little something to play with in your reversing lab, the Kindle machine readable source code.
Amazon.com: Help > Digital Products Help > Amazon Kindle Wireless Reading Device > Amazon Kindle Terms, Warranties, & Notices > Source Code Notice
Tags: ( kindle )
Amusing.
YouTube - 50 Ways to Inject Your SQL
Tags: ( humor sql )
The entire Penetration Testing and Vulnerability Analysis course at Polytechnic Institute of New York University is now available on the web for free. Very cool.
Penetration Testing and Vulnerability Analysis - Home
Tags: ( education )
The start of what looks to be an interesting series on session attacks against ASP.NET.
AppSec Street Fighter - SANS Institute >> Session Attacks and ASP.NET - Part 1
Tags: ( asp.net session )
Opera release version 10 of its browser yesterday and it contains something new called Unite. It should scare you if you are responsible for protecting your enterprises data assets. Any user can now quickly and, supposedly, easily setup a web server/service.
Boaz Gelbord: Opera Invites You to Join the Cloud
Tags: ( opera browser )
A new version of Wireshark has been released. Wireshark is an awesome open source network sniffer that is very robust and full of functionality.
Wireshark 1.2.0 released
Tags: ( wireshark packet-capture sniffer tools )
Interesting. Low bandwidth denial of service on a web server without affecting other services and easily started and stopped.
Slowloris HTTP DoS ha.ckers.org web application security lab
Tags: ( dos http apache )