NetSec

11.30.2006

Toughening E-voting Standards?

posted by The Captain Thursday, November 30, 2006

Who will stop the RIAA?

posted by The Captain Thursday, November 30, 2006

11.29.2006

Disneyland Launches Biometric Ticketing

posted by Ed Wednesday, November 29, 2006

Stephen Northcutt of SANS: "The Hard Realities of IT Outsourcing"

posted by Ed Wednesday, November 29, 2006

11.27.2006

Devastating mobile attack under spotlight

posted by GeeWhiz Monday, November 27, 2006

11.24.2006

Copyright Office publishes digital exemptions

posted by GeeWhiz Friday, November 24, 2006

Introducing Stealth Malware Taxonomy by Joanna Rutkowska

posted by GeeWhiz Friday, November 24, 2006

Mac OS X Kernel Hoe

posted by The Captain Friday, November 24, 2006

11.22.2006

FireFox Password Manager Flaw w/ POC

posted by The Captain Wednesday, November 22, 2006

According to Mark Rasch, "...the Vista EULA pushes contract law to the limit."

posted by Ed Wednesday, November 22, 2006

11.21.2006

Timing Attack on RSA - "On the Power of Simple Branch Prediction Analysis"

posted by GeeWhiz Tuesday, November 21, 2006

City of Portsmouth public schools are seeking a Network Security Engineer

posted by GeeWhiz Tuesday, November 21, 2006

M$ makes claim on Linux code

posted by The Captain Tuesday, November 21, 2006

Homebrew Nuclear Fusion

posted by The Captain Tuesday, November 21, 2006

11.20.2006

The Week of Oracle Database Bugs - "Based on the great idea of H D Moore "Month of Browser Bugs" and LMH "Month of Kernel Bugs", we are proud to announce that we are starting on December the "Week of Oracle Database Bugs""

posted by GeeWhiz Monday, November 20, 2006

New robot can sense damage, compensate from Stephen

posted by GeeWhiz Monday, November 20, 2006

11.18.2006

Universal sues MySpace for copyright violations from Daniel

posted by GeeWhiz Saturday, November 18, 2006

11.17.2006

Time Machine - Records network traffic stream to support later analysis or investigation. Stefan Kornexl's thesis "High-Performance Packet Recording for Network Intrusion Detection" explains more.

posted by GeeWhiz Friday, November 17, 2006

TCPA and Palladium - from DC 0xAh

posted by GeeWhiz Friday, November 17, 2006

11.16.2006

Implementing and Detecting a PCI Rootkit by John Heasman

posted by GeeWhiz Thursday, November 16, 2006

sHype - a hypervisor security architecture for multilevel security (IBM Research Hypervisor Hackers Guide). IBM extends the Trusted Computing Group specification to Virtual Machines with the Virtual Trusted Platform Module.

posted by GeeWhiz Thursday, November 16, 2006

Sneak Peek at the CensorNet by the OpenNet Initiative

posted by GeeWhiz Thursday, November 16, 2006

New DHS Data-Mining System may violate the Privacy Act of 1974

posted by GeeWhiz Thursday, November 16, 2006

Sen. Allen apparently could not have even mounted a recount in last week's elections due to the fact that most of Virginia's voting machines lack any form of a verifiable paper trail, there would have been nothing to recount. In other e-Voting news, Sarasota, FL. has voted to return to using paper ballots in 2008.

posted by GeeWhiz Thursday, November 16, 2006

Sans 2006 top 20 Internet Security Attack Targets (i.e. the list of shame)

posted by Theobromine Thursday, November 16, 2006

11.15.2006

Miniature Computers That Can Break Your Network Wide Open

posted by GeeWhiz Wednesday, November 15, 2006

11.14.2006

Microsoft Security Bulletin Summary for November, 2006

posted by GeeWhiz Tuesday, November 14, 2006

Court shuts down alleged spyware operation

posted by GeeWhiz Tuesday, November 14, 2006

Microsoft unleashes improved Firefox
The open source community is in a state of shock this morning at the news that Microsoft has released a version (or here) of popular browser Firefox.
Download it here, but, check the minimum requirements first.

posted by arkng Tuesday, November 14, 2006

11.12.2006

IEEE Information Assurance Standards Committee (IASC) Balloting Opportunity

posted by GeeWhiz Sunday, November 12, 2006

11.11.2006

Making sense of the USB standard - USB Descriptors

posted by GeeWhiz Saturday, November 11, 2006

Disabling Last Access Time in Windows Vista to improve NTFS performance

posted by GeeWhiz Saturday, November 11, 2006

11.10.2006

The Wireless Networking in the Developing World book can be freely downloaded as pdf files as a whole or in single chapters. Solid wireless\radio\DIY-antenna\physics\linux primer; entire chapter on technical\physical security.

posted by Mark Friday, November 10, 2006

11.09.2006

Opportunity: System design and support - Active Directory, Linux, Exchange, Sidewinder Firewalls, etc. Email me if you have the qualifications or experience.

posted by GeeWhiz Thursday, November 09, 2006

Microsoft to Pay Novell $348 Million

posted by GeeWhiz Thursday, November 09, 2006

Bad News - M$ Assimilates Sysinternals

posted by GeeWhiz Thursday, November 09, 2006

11.08.2006

Cisco Security Advisory: Multiple Vulnerabilities in Cisco Secure Desktop

posted by arkng Wednesday, November 08, 2006

Using Nepenthes Honeypots to Detect Common Malware
by Jamie Riden
"This article describes the use of Nepenthes, a low-interaction honeypot, as an additional layer of network defense. Nepenthes can be used to capture malware, alert an administrator about a network compromise, and assist in containing and removing the infection."

posted by Ed Wednesday, November 08, 2006

11.07.2006

Analysis of the Jurisdictional Thresholds for Prosecuting Cyber Crimes in the United States at the State Level

posted by GeeWhiz Tuesday, November 07, 2006

11.06.2006

John Kelley - Passive Attribution of wireless target sets during field operations

posted by GeeWhiz Monday, November 06, 2006

The Virus That Ate DHS

posted by GeeWhiz Monday, November 06, 2006

Month of Kernel Bugs Day 6 - Microsoft Windows kernel GDI local privilege escalation - Lesson learned: Running GUI components in ring0 is great for performance but terrible for security.

posted by GeeWhiz Monday, November 06, 2006

11.05.2006

LMH's Kernelfun Blog, after HD Moore's Browserfun blog.

Now with more Apple Airport 802.11 Probe Response Kernel Memory Corruption goodness!

posted by Autonomous Coward Sunday, November 05, 2006

11.04.2006

Classic Papers: Secure Deletion of Data from Magnetic and Solid-State Memory (1996) - Can Intelligence Agencies Read Overwritten Data? A response to Gutmann (2003)

posted by GeeWhiz Saturday, November 04, 2006

11.03.2006

The evolution of cybercrime from past to the present

posted by GeeWhiz Friday, November 03, 2006

Schneier - Bulletproof Textbooks?!? - Perceived Risk vs. Actual Risk

posted by GeeWhiz Friday, November 03, 2006

FBI nabs suspected identity-theft ring

posted by GeeWhiz Friday, November 03, 2006

John Davison's Binary Analysis Presentation from Last Night

posted by GeeWhiz Friday, November 03, 2006

11.02.2006

Datalifter - File Carving Tool

posted by GeeWhiz Thursday, November 02, 2006

Update to arkng's post below: Revision to Windows Vista retail licensing terms

posted by Lance Thursday, November 02, 2006

Forgent Networks JPEG Related Patent Claims Abandoned

posted by GeeWhiz Thursday, November 02, 2006

Holy EULA Batman: Surprises Inside Microsoft Vista's EULA

posted by arkng Thursday, November 02, 2006

More on Seagate Drive Encryption from Lance

posted by GeeWhiz Thursday, November 02, 2006

U.S. Fares Poorly in Privacy Study from Privacy International: "Leading surveillance societies in the EU and the World"

posted by GeeWhiz Thursday, November 02, 2006

FCC: Boston airport can't block airline's Wi-Fi

posted by arkng Thursday, November 02, 2006

11.01.2006

Employee Privacy, Employer Policy "...two recent court cases where an employee's reasonable expectation of privacy was more important than the employer's ability to read any employee's e-mail - despite a privacy policy that clearly stated any company e-mail can, and will, be monitored."

posted by Ed Wednesday, November 01, 2006

As a real life illustration of Gee Whiz's "Foxtrot" post yesterday, here is an article in today's Virginian Pilot about the electronic voting machines to be used in the upcoming election. And I quote -
Elisa Long, Norfolk's general registrar, said every day she reassures people "so concerned about the security of their vote."

Her city has used electronic voting machines since 2002, and she said she isn't worried about somebody introducing a virus to alter the results, as detailed in a Princeton University study, or about hackers compromising her system.
"I feel it's a lot to do about not a lot"

Comment regarding the quote "I feel it's a lot to do about not a lot" from Gee Whiz: Yeah... what's the big deal? It's only about preserving democracy as we know it.

Perhaps the Federalists (Hamiltonians) have defeated those who embrace Jeffersonian democracy? Alexander Hamilton purported demonstrated his preference for monarchy over democracy when he referred to the public as follows: "Your people are a great beast and that the real disease is democracy." (Also "Your people, sir--your people is a great beast!" ) The Federalists were quite elitist in their ways as this Hamilton quote illustrates: "The public must be put in its place so that the responsible men may live free of the trampling and the roar of a bewildered herd."

posted by Theobromine Wednesday, November 01, 2006

Thursday Evening - Special Guest Lecturer on Malicious Code Analysis - Don't miss it!

posted by GeeWhiz Wednesday, November 01, 2006

Secure Programming Traps and Pitfalls - The Broken File Shredder by Wietse Venema

posted by GeeWhiz Wednesday, November 01, 2006

The Mass Storage Page - Resources for Developers of USB Devices in the Mass Storage Device Class

USB Device "Wear Leveling" - Poses Interesting Issues for Forensic Analysis

Seagate Introduces Notebook PC Drive with Hardware-Based Full Disc Encryption Security (old)

posted by GeeWhiz Wednesday, November 01, 2006