March 2006
They're Out to Get You - An Introduction to Internet Security | Tom's Networking
(via)Protecting our computers and information from attack is becoming an increasingly dangerous and dodgy game in the Internet age.
Social engineering reloaded
(via)The purpose of this article is to go beyond the basics and explore how social engineering, employed as technology, has evolved over the past few years.
February 2006
Stuff We've Learned: Mitigating SSH Brute Force Attacks
Today I got a burr in my saddle again about SSH brute force attacks after finding thousands of attacks from a single machine against a couple of our network hosts. Unable to find a suitable solution, I went ahead and wrote my own.
R-fx Networks - Internet Security Solutions - Projects » BFD
BFD is a modular shell script for parsing applicable logs and checking for authentication failures. There is not much complexity or detail to BFD yet and likewise it is very straight-forward in its installation, configuration and usage. The reason behind BFD is very simple; the fact there is little to no authentication and brute force auditing programs in the linux community that work in conjunction with a firewall or real-time facility to place bans.
sshdfilter V1.4.3 ssh brute force attack blocker
(via)sshdfilter blocks the frequent brute force attacks on ssh daemons, it does this by directly reading the sshd logging output and generating iptables rules, the process can be quick enough to block an attack before they get a chance to enter any password at all.
The Ethical Hacker Network - Google Hacking: Ten Simple Security Searches That Work
by 4 others (via)Google has become the de facto standard in the search arena. It's easy, quick and powerful. For those same reasons that the general user has gravitated to Google, so have the hackers.
I was 0wn3d
(via)I'm a Mac user. I make no qualms about it. I do my best to play the part. This includes being smug about my platform. Very smug. So it was with a year's worth of chagrin that I discovered yesterday that my machine got hacked while on the company network.
Whitedust 101 - Welcome to the world of security
(via)We aim to provide the basic teaching and reference material to enable the less technical among us to better understand the relevance of the news posted on the site and it's application in everyday computing.
Malicious Malware: attacking the attackers, part 2
(via)This article explores measures to attack those malicious attackers who seek to harm our legitimate systems. The proactive use of exploits and bot networks that fight other bot networks, along with social engineering and attacker techniques are all discussed in an ethical manner. Part two of two.
Malicious Malware: attacking the attackers, part 1
(via)This article explores measures to attack those malicious attackers who seek to harm our legitimate systems. The proactive use of exploits and bot networks that fight other bot networks, along with social engineering and attacker techniques are all discussed in an ethical manner. Part one of two.
January 2006
waste :: home
by 5 others (via)WASTE is an anonymous, secure, and encryped collaboration tool which allows users to both share ideas through the chat interface and share data through the download system. WASTE is RSA secured, and has been hearalded as the most secure P2P connection protocol currently in development.
The Ungoliant Project Home Page
(via)Ungoliant, the public release project name for the system in place at the University of Indianapolis known as Shelob, is a system that utilizes open-sourced backends to isolate problematic (virus-infected or otherwise) hosts from a network. Ungoliant incorporates vmpsd, snort, and nmap for detection and containment.
NewsForge | SSL VPNs and OpenVPN: A lot of lies and a shred of truth
I wanted to write an article on the strengths of OpenVPN, but I just can't get the message out without first talking about the serious insecurities I see in the rest of the SSL Virtual Private Network (VPN) space.
The Six Dumbest Ideas in Computer Security
by 1 otherLet me introduce you to the six dumbest ideas in computer security. What are they? They're the anti-good ideas. They come from misguided attempts to ignore reality. These dumb ideas are the fundamental reason(s) why all that money you spend on information security is going to be wasted.
How a Bookmaker and a Whiz Kid Took On an Extortionist — and Won - CSO Magazine - May 2005
I'd like to think that this is a must read for anyone who's ever said, "I just have a little home computer. If people want to hack into it, they will, but there's nothing worth taking on there." When you're building an army of 20,000 to 30,000 zombie PCs, each and every computer becomes valuable. The reader comments at the end of this article help explain why.
Secure Enterprise Magazine | How To | The 10 Worst Security Practices
Because sometimes one whopper of a mistake can be more instructive than a binder's worth of best practices, we interviewed more than a dozen security consultants to arrive at our 10 worst practices list.
National Cyber Alert System Mailing List Instructions
Four mailing lists are available, be sure to choose the ones most suited to your interests
High-Tech Heroin
as we rush to embrace the latest and greatest gadgetry or high-tech service and satisfy our techno-craving, we become further dependent on these products and their manufacturers – so dependent that when something breaks, crashes, or is attacked, our ability to function is reduced or eliminated.
The ABCs of Security - Security & Privacy Research Center - CIO
Information security is the process of protecting data from accidental or intentional misuse by persons inside or outside of an organization, including employees, consultants, and yes, the much-feared hacker.
1
(20 marks)