Archive for the 'security' Category

Improving Web Application Security

Posted by: Owen on Friday, 24th Mar, 2006

Great link from Andy’s blog.
Threats and Countermeasures: Improve Your Web Application Security
This guide gives you a solid foundation for designing, building, and configuring secure ASP.NET Web applications. Whether you have existing applications or are building new ones, this guide is for you.
There’s some good stuff there, covering application design, infrastructure and a whole bunch of [...]

WGA hack still works

Posted by: Owen on Tuesday, 2nd Aug, 2005

Had to try this just to verify. The Windows “Genuine Advantage” initiative still hasn’t fixed the rudimentary hack reported on BoingBoing last week. You’d expect that someone would have plugged the hole, even renaming the flag (g_sDisableWGACheck) would stop most of the uneducated populace from taking advantage of the hack.

Tracking down the vendor portion of a MAC address

Posted by: Owen on Wednesday, 11th May, 2005

Now .. this is interesting

I was trying to track down the source of an IP address conflict earlier today and I came across two sites offering a search service for the initial 24-bit (6 digit hexadecimal) vendor portion of an Ethernet media access control (MAC) address. The IEEE service is the official one, from where [...]

Stopping Automated Attack Tools

Posted by: Owen on Monday, 2nd May, 2005

Stopping Automated Attack Tools - Whitepaper from NGS with a collection of techniques you can use in Web applications to break, confuse, or detect vulnerability scanners when they come to visit (PDF).
- From The Daily Grind

Security Topics

Posted by: Owen on Wednesday, 27th Apr, 2005

Some interesting security reading:

Introduction to Spyware Keyloggers

Strategies to protect
against DDOS attacks

Authentication and Security White
Paper for Internet Developers

Wardriving Resources

Posted by: Owen on Tuesday, 8th Mar, 2005

Today, an email conversation at work turned to the subject of WarDriving. Quite an interesting debate, and while it was raging on I came up with a couple of interesting links I wanted to post here for posterity:

WarLinux - A bootable Linux distro packed with WarDriving tools
WiFiMaps.com - A web based interactive map [...]

Security Presentations

Posted by: Owen on Tuesday, 18th Jan, 2005

Steve Riley, one of Microsoft’s
top security presenters, has placed a number of Powerpoint
presentations online. There’s some brilliant material there and even though there’s no audio track to go with them, they are clear enough to follow just by watching the slides. If you have any interest in security, they are worth some time.

Security Guidelines for Developers

Posted by: Owen on Wednesday, 20th Oct, 2004

Currently at a client putting together some security guidelines for developers. Here’s
some links in case you’re interested in the topic:

Best
Practices for Secure Development by Ravan
Peteanu

MSDN: Writing
Secure Code

 

(also experimenting with Amazon links)

Writing
Secure Code, Second Edition

Michael Howard

Best Price $15.49

or Buy New $32.99

>

Privacy
Information

>

>
>
>>

Phishing Guide

Posted by: Owen on Thursday, 23rd Sep, 2004

Came across this whitepaper published by NGS called The
Phishing Guide. Very comprehensive including a description of various phishing mechanisms
and defence mechanisms that can be used to counter them. Read it here.

Snort - A crash course

Posted by: Owen on Tuesday, 20th Apr, 2004

Interested in Intrusion Detection Systems (IDS). Here’s a bunch of articles on SNORT, the major open-source offering in this space.

Reverse Proxy Information

Posted by: Owen on Friday, 7th Nov, 2003

I was looking up some information about the Reverse Proxy capabilities of ISA Server and came across an excellent article explaining all about Reverse Proxies, how they work and how to set them up. If you want to find out more check it out here.