Part of any monitoring and intrusion detection strategy should include file integrity checking and regularly auditing programs capable of privilege escalation. These programs are often replaced or modified by intruders, creating processes or performing other functions than they were originally designed to. In Linux, these programs are identified via a SUID or SGID bit in […]

My bank recently upgraded it’s architecture and web site, adding more features and “improved security.” After logging in, I am directed to a page greeting me asking to update my account information and “security challenge questions.” The drop-down menu of questions available (had to choose 5):

How many brothers and sisters did your mother have?
What is […]

I love xkcd, and I just had to share this with comic with all of you. Sums up my experiences with Wikipedia entirely!
Courtesy: xkcd.com

I made this poster back a couple years ago, telling users to think before they click. It shows a mouse pointer and “Format C:\” button with a red circle and a slash through it. (edit: click here for the *nix version) If anyone has some other sayings for it (I’m not great at coming up […]

My good friends over at Security Horizon have released the Winter 2007 issue of The Security Journal.
Stories covered include:

Fire up your Fox:a Browser Platform for Security Testing
How I Cut Our Spam by 90%
Risk Assessment with NIST SP 800-30
Book Excerpt: IT Security Project Management