Security-News
Open Patch Management Survey
Rich Mogull (who’s stuff I really quite dig) has launched an ‘Open Patch Management Survey’ via the SecurityMetrics blog. Its an interesting idea, and they plan to release both their analysis *and* the raw data, which might be really insightful for our VMS stuff. Corporations can take the SurveyMonkey survey at http://www.surveymonkey.com/s.aspx?sm=SjehgbiAl3mR_2b1gauMibQw_3d_3d, and there’s some nice material already available at http://securosis.com/projectquant. Here’s the rest of Rich’s message (pls forgive the cross-post): Our goal…
Turn of the century deja vu?
The recent widespread carnage caused by the Conficker worm is astounding, but is also comforting, in a strange way. It has been a good few years since the world saw a worm outbreak of this magnitude. Indeed, since the Code Red, Slammer and Blaster days, things have been fairly quiet on the Interwebs front. As a community, it seems we very quickly forgot the pains caused by these collective strains…
EDoS is the new DDoS ?
Over at [Rational Survivability] beaker as coined the term EDoS. To describe how “the utility and agility of the cloud computing models such as Amazon AWS (EC2/S3) and the pricing models that go along with them can actually pose a very nasty risk to those who use the cloud to provide service” Of course, this has kicked off the flurry of responses from “How is this different to soaking up…
Forget Dan’s DNS, the Armageddon Comes from Intel’s CPUs
Kaspersky will show how processor bugs can be exploited using certain instruction sequences and a knowledge of how Java compilers work, allowing an attacker to take control of the compiler. The demonstrated attack will be made against fully patched computers running a range of operating systems, including Windows XP, Vista, Windows Server 2003, Windows Server 2008, Linux and BSD. The demo will be presented at the Hack In The Box…
rethinking ye old truths
since forever, i’ve been told (and told others) that the greatest threat is from the inside. turns out, not so much. verizon business (usa) apparently conducted a four year study on incidents inside their organisation and found that the vast majority, 73%, originated from outside. however, the majority of breaches occurred as a result of errors in internal behaviour such as misconfigs, missing patches etc. (62% of cases). So attackers…
Safari on Win32, and browser choices in general..
Gareth linked to David Maynor’s blog where he documents the results of some simple fuzzing against the new Win32 port of Safari. Of course fanboys everywhere are going to be on this one like, erm.. like a thing that is very onto another thing.. but.. i digress.. 2 things are interesting in all this for me though.. Why Apple chose now to do the win32 safari release Why anyone in security…
Page 1 of 1