This tutorial on hacker attack techniques and tactics will provide insight inside the mind of a hacker and help you to understand a malicious attacker's motives. You will receive advice on how hackers target specific information and what polices and procedures every organization should have in place to protect sensitive data.
Sucuri submitted a great research document they created that details the security of random blogs on the Internet for their attention to security factors.
Research to determine if bloggers are taking the security of their sites seriously. We randomly selected 1747 blogs from the blog catalog and scanned them to see how secure they are... The results are interesting...
Check it out. It is indeed very interesting. I'd like to hear more from this security team in the future.
All new innovations in IT are a double-edged sword – with the benefits come challenges and unintended consequences. Not least server virtualisation, which does have a number of security advantages over running software directly on servers. While it’s worth considering these, it’s also worth weighing them up against the challenges, particularly given the relative immaturity of the technology.
This article talks about Ksplice, a program developed by an MIT grad student to perform security updates on a Linux server without having to reboot it:
The technology was developed by cofounder Jeff Arnold while he was a graduate student at MIT, and last week, it won the grand prize at the Institute's $100K Entrepreneurship Competition.
Waseem Daher, cofounder and chief operating officer, explains that the approach adopted by Ksplice saves it from restructuring instructions in a higher-level programming language on the fly. So far, Ksplice has developed its new update technology for the Linux operating system--which is commonly used to control server machines--although Daher says that the technology could work on other operating systems too.
In my experience, it's not necessary to reboot a Linux server unless you're doing a kernel update or some change to a filesystem. Do you see any purpose for this?
Have you thought about the security implications of cloud computing? This article explains the cloud, and talks extensively about what the author proposes be done to address the security issues.
The dramatic change in the rate of adoption and the amount of discussion taking place regarding cloud computing demands that this technology, or rather a set of related technologies, continue to evolve utilizing a security-sensitive design.
This is an excellent lesson in the security problems inherent in trusting proprietary software:
After two years of attempting to get the computer based source code for the Alcotest 7110 MKIII-C, defense counsel in State v. Chun were successful in obtaining the code, and had it analyzed by Base One Technologies, Inc.
Draeger, the manufacturer maintained that the system was perfect, and that revealing the source code would be damaging to its business. They were right about the second part, of course, because it turned out that the code was terrible.
I thought a national discussion about secure programming was important, despite that it's not specifically about open source.
Homeland Security's Build Security In, Microsoft's Software Development Lifecycle (SDLC), BSIMM, and now OpenSAMM: Secure application development programs are spreading amid calls for more secure code.
The practice of writing applications from the ground up with security in mind remains in its infancy, even with software giant Microsoft leading the charge by sharing its internal Software Development Lifecycle framework in the form of free models and tools for third-party application developers and customers in the spirit of promoting more secure software.
Securosis, Microsoft team up to solicit input for building a metrics model that measures efficiency and costs of security patching. Security consulting firm Securosis is spearheading a new effort to create metrics to quantify the cost and efficiency of an organization's security patching process.
The Nmap team has released an updated version that lets you remotely scan for machines Conficker-infected machines:
Thanks to excellent research by Tillmann Werner and Felix Leder of The Honeynet Project and implementation work by Ron Bowes, David Fifield, Brandon Enright, and Fyodor, we've rolled out a new Nmap release which can remotely scan for and detect infected machines. Nmap 4.85BETA7 is now available from the download page, including official binaries for Windows and Mac OS X.
After many, many years of 0.9 status, the OpenSSL team has finally released a beta of version 1.0 of their software:
Please download and test them as soon as possible. This new OpenSSL version incorporates 107 documented changes and bugfixes to the toolkit.
Click-through to read the rest of the announcement!
