Browse by Tags

All Tags » Security (RSS)
Sun, Feb 15 2009 20:50

Compliance is not security

Tim Holman comments on the latest card processing system breach : Heartland Payment Systems (HPY) on Tuesday disclosed that intruders hacked into the computers it uses to process 100 million payment card transactions per month for 175,000 merchants: http...
Posted by Slav | 2 comment(s)
Filed under: ,
Mon, Dec 8 2008 21:10

Let's have a security czar?

First, a follow-up to my previous message: it turns out that the investment is to be twice as that initially indicated, resulting in half of the jobs, and the jobs will be all kinds thereof, not green only. Good luck. Now, there's something that is...
Posted by Slav | with no comments
Filed under: ,
Sun, May 4 2008 4:10

OLPC solves all security problems, among others

Ivan Krstic's presentation at AusCERT 2007 (PDF) is a fascinating reading. Until today I didn't realise that OLPC not only offers a solution to the world's educational woes, but also facilitates system security in a completely new way - that...
Posted by Slav | with no comments
Filed under:
Sun, Jan 27 2008 18:50

Disabling Syskey startup password

So it happened: Windows starts up and asks for a password, and you don't know what that is. Either forgot, or didn't know the password. This is Syskey in action. What to do? You can try brute forcing the password. Syskey gives unlimited tries...
Posted by Slav | with no comments
Filed under: ,
Sat, Dec 1 2007 1:44

Wireless network in Canberra's Paliament House

Recently I have visited Australia's Parliament House in Canberra. As parliaments of many other democratic countries, it is open for public access . Notably, there was no wireless LAN available. Not for long - implementation of wireless network is...
Posted by Slav | with no comments
Filed under: ,
Fri, Nov 9 2007 23:12

What telephone is more secure?

On the more absurd side of security debates, new one has emerged: what is more secure - Apple iPhone or Google Android ? Yes, we have yet to see Google's product, but some guys are happy to talk. They happen to be security product vendors and security...
Posted by Slav | 1 comment(s)
Filed under:
Wed, Sep 26 2007 3:39

More daily hacks

Getting free access to communication services was always one of the primary hacking activities, still is. The recent proliferation of commercial Wi-Fi hotspot networks made them one of the prime targets. Stealing somebody's access by cloning a MAC...
Posted by Slav | with no comments
Filed under: ,
Mon, Sep 17 2007 4:20

Zero-knowledge Intrusion: upcoming 2600 article

Soon 2600 will publish my article on practical NIDS avoidance. As soon as it comes out, it will be on my Web site . The magazine is quite an interesting reading - sometimes entertaining, sometimes educating, never boring. I'm glad to contribute.
Posted by Slav | with no comments
Filed under: , ,
Sat, Aug 25 2007 2:18

How to stop Skype using ISA server, and why

Skype is a good example of how defying open standards can result in a better product. H.323, the first attempt at VoIP standard, failed miserably. SIP stands much better chance but there are numerous issues with SIP operator interconnections and crossing...
Posted by Slav | 1 comment(s)
Filed under: , ,
Sun, Aug 5 2007 4:26

VoIP Scaremongers

DEF CON , an "underground" information security conference (appropriately held in an upscale hotel in the entertainment capital of the US) is on, together with sister Black Hat Briefings, and the fresh crop of FUD is already making it to the...
Posted by Slav | 1 comment(s)
Filed under: ,
Mon, Jul 30 2007 3:54

Virtually hopeless

I don't know if that's CIOs, or the press, or both. Recently Byte & Switch, CMP Technology's zine on storage networking, published a chef d'oeuvre on troubles with virtualisation . Some amazing thoughts by the captains of the industry...
Posted by Slav | with no comments
Filed under: , ,
Mon, Jul 9 2007 4:49

Security theatre

Steve Riley of Microsoft is a controversial figure. Some believe he's a hacker and others that he's a social engineer. Having argument with him is very difficult. Steve's got great mind and unique aility to inspire people, get them thinking...
Posted by Slav | with no comments
Filed under:
Wed, Jul 4 2007 4:10

Governments are hopeless at information security

One of the good things about BlackBerry - apart from the main client platform that will never get really damaging and widespread malware - is clever server infrastructure that routes data streams between the handhelds and the enterprise infrastructure...
Posted by Slav | with no comments
Filed under: ,
Mon, Jun 25 2007 12:45

Use glue instead

Amazingly, many companies offer software that is designed to prevent users from connecting USB and other external storage devices. Apparently, there's demand for products creatively named DeviceWall , DeviceLock and Sanctuary Device Control . The...
Posted by Slav | 1 comment(s)
Filed under:
Thu, Jun 14 2007 3:29

The attack surface

Jabez Gan, a fellow MVP, did an interesting book review - that of Professional Windows Desktop and Server Hardening by Roger A. Grimes, published by Wrox. Jabez summarises his learnings from the book in 10 points: 1. To Linux fans out there: Whatever...
Posted by Slav | with no comments
Filed under:
Tue, Jun 5 2007 4:09

Integrating Java, JDBC and Kerberos

This notes are to help integrating Java applications into Kerberos environments (most likely Active Directory-based). It's not a cookbook but gives few pointers that I find useful. Background I have integrated Windows Kerberos environment with alien...
Posted by Slav | 3 comment(s)
Filed under: ,
Sat, Jun 2 2007 20:25

Smart card logon error 0xC00000BB

When you implement smart card logon on a Windows domain, sometimes you may receive the following error message: The system could not log you on. The server authenticating you reported an error (0xC00000BB). You can find further details in the event log...
Posted by Slav | 1 comment(s)
Filed under: ,
Sat, Jun 2 2007 19:28

Pragmatism doesn't always work

Asset classification is a popular concept among security specialists. Quoting from The Pragmatic CSO : You can’t protect what you don’t know about, so the first step is to figure out what you have. Likewise, you don’t want to spend $50,000 protecting...
Posted by Slav | with no comments
Filed under: ,
Sun, May 27 2007 2:51

Degradation: a new generation of computer worms

Suddenly the definition of a computer worm has changed. It used to be something that doesn't require any action from a system user or administrator to install and propagate. From memory - the Morris worm was mutiplatform one, it compiled itself upon...
Posted by Slav | with no comments
Filed under:
Fri, May 4 2007 17:50

How to prevent 1% of cybercrime?

An interesting picture appears on the PBS Shop Web site: Because of what it says I felt an urge to click on it. The first attempt (a right-click) resulted in the following message box: I think the law that prohibits copying the picture doesn't exist...
Posted by Slav | 1 comment(s)
Filed under: , , ,
More Posts Next page »