tssci security

Archive for July, 2007

DEFCON 15

DEFCON15 is this Friday and I'll be in Vegas Thursday night. I'll be without Internet access this weekend, but I'll try and post something up for Sunday. If anybody wants to meet up, send me an email. Gonna be a good weekend. Some of the talks I'm [...]

Preventing and Detecting Sensitive Data on P2P Networks

Recently, we've heard a lot of talk about P2P apps and data leakage concerning various members of Congress. It started with this article over at NetworkWorld, followed up by the guys at nCircle, directing criticism towards Congree from Techdirt, comments [...]

Interview with Richard Bejtlich -- GE Director of Incident Response

Back in May, I attended a meeting to get a feel for the company and group I would be working for this summer as an IT Security Intern. Much to my surprise, Richard Bejtlich was in attendance and as it turned out we'd be working for the same company. [...]

Phrack a Day -- Revitalizing what has been lost

I'd like to introduce a new segment we'll be doing called "Phrack a Day." Casey and I are going back to the roots of the hacking and phreaking culture and reading through every Phrack article, beginning with the first one to the most current. We'll be [...]

Firefox + httpOnly? While we're at it...

kuza55 noted this morning that Firefox 2.0.0.5 has implemented support for httpOnly cookies. It's not perfect, as ma1 pointed out in the comments, but it's better than nothing. The Firefox browser could be made even more secure by building NoScript, [...]

Wikis at work

I love wikis. I've been working on a security portal at work and it just got so much better with the addition of embedded RSS feeds. With this extension, I've embedded the Security Whitelist and Aggregated Vendor and Security News Sites pipes on the [...]

Idiocy in Kernel Land

C'mon guys, what in the hell are you releasing a .1 for just to fix four lines of code. I realize that an exploit in netfilter could be a serious issue, but netfilter doesn't belong in the kernel to begin with; it should be userland code. Grrrr. This is [...]

Reading technical books

Back in January, I asked Richard Bejtlich in an email to post some tips for reading books. Reading technical books can be a drag at times, yet somehow he manages to get through several a month. Reading is one of those tasks we all have to do in our line [...]

Scan hostnames efficiently with Nmap

So your DNS team sends you the company's entire domain name inventory in a CSV (comma-separated values) file. You're tasked with port scanning those hosts, to perform a network inventory, discover rogue services and other policy violations. It's simple [...]

Pondering over the iPhone

|thumb_img_2472.jpg|I passed up a chance to get an iPhone last week because I couldn't spare the time to wait in line for it. I was headed to New Hampshire to stay up at Lake Winnipesaukee with some friends and watch the NASCAR Modified, Busch, and [...]
blog comments powered by Disqus