Nick
VMWare enters the cloud computing foray
BusinessWeek reports that VMWare has launched a new product aimed at establishing it as a competitor in the cloud computing space. -snip- Dubbed the Virtual Data Center Operating System (VDC-OS), the software creates a bank of computers, storage devices, and networking equipment that a company can tap at will, as computing needs arise—say, during a December spike in Web traffic for an online retailer. -snip- VMWare is the leet, so…
Vanilla SQL Injection is oh-so-90’s…wait…is it? (Jackin the K)
aka.. Someone put the hurtski on Kaspersky.. The Twitters (via XSSniper and others) and the Interwebs were ablaze with news on a SQL Injection vulnerability that was exploited on AV vendor Kaspersky’s site. Detail of the attack can be found here. It’s interesting that SQL Injection (though as old as the proverbial hills) is still such a major issue. In fact, I have it on good authority that the bulk of PCI-related compromises…
Turn of the century deja vu?
The recent widespread carnage caused by the Conficker worm is astounding, but is also comforting, in a strange way. It has been a good few years since the world saw a worm outbreak of this magnitude. Indeed, since the Code Red, Slammer and Blaster days, things have been fairly quiet on the Interwebs front. As a community, it seems we very quickly forgot the pains caused by these collective strains…
Penetration Testing in 2009 – Opposing Viewpoints
The last few weeks have brought some fairly interesting predictions for 2009 to bear in CSO Magazine columns. Two recent articles caught my eye from a penetration testing perspective. In the first, Brian Chess, CTO of Fortify (they make source code review and software security tools, and he has written a great book on static analysis) predicted that penetration testing as we know it will die in 2009. The premise…
The fine line between failure and success
So…because I don’t have a report to write this weekend I’ve had some time to ponder and reflect on stuff (and read my mail)- I thought I’d share some stuff that came to the fore of my mind again now when reading a newsletter. Since the early days of playing competitive sport (in those days it was paintball) I’ve always been astounded as to the intensity of the emotions involved…
Rational vs Emotional Commitment
I’ve spoken before on how I like some of Simon T Bailey’s stuff and his general leetnesses…he has some gems… This one, on rational vs emotional commitment is quite leet and touches on a discussion we had over lunch… -snip- You might be wondering about the difference between rational and emotional commitment. Rational commitment is the “what†that you agree to give an organization when youâ€re hired: your time, talent…
The myth of the expert
Something we preach very strongly in our training is the importance of an understanding of the underlying technology / application / issues, and being able to dig into the core of an issue, not just try a trick or two and move on. Sadly, most people don’t see it this way. It’s also somewhere between sad and frustrating for me that there seems to be an over-abundance of so-called “experts”…
BlackHat Roundup – Ajax and h.323 and iax
The bulk of security research pertaining to VoIP call control, setup and signaling protocols has focused on the Session Initiation Protocol (SIP), due to the ubiquity and widespread adoption of this protocol. However, a number of other protocols and protocol suites are in use in many organizations and have been adopted by many of the VoIP vendors. Some examples of these protocols are Cisco’s Skinny Client Control Protocol (SCCP or…
Page 1 of 1