In my last post, I explored some ways of using formal method tools to perform security testing in the most advanced scenarios. It may have been over the heads of many people, so I wanted to offset that by talking to some basic tools which I think anyone [...]
Posted by Dre on Saturday, November 24, 2007 in
Hacking and
Security.
Most information security practices, whether system, network, application, software, or data -- come from original sources such as the Orange Book. Most people assume that the Orange Book is no longer valid for use in security today. If we had built [...]
Posted by Dre on Friday, November 23, 2007 in
Defense and
Security.
Roger Halbheer, Chief Security Advisor for Microsoft Europe, Middle East, and Africa posted a comment last week in response to my post on "Operating Systems are only as secure as the idiot using it." Roger is looking for some open discussion on improving [...]
Posted by Marcin on Monday, November 19, 2007 in
Security.
So the other day I was doing a web site review and looking for XSS issues. I came across one ASP form that used various URL parameters to make up parts of the form. Well, I poked around and and tried injecting the usual, <script>alert('xss')</script>. [...]
Posted by Marcin on Thursday, November 15, 2007 in
Security.
Epic and the gang over at roothack.org have revived the old but popular and fun wargames in a new style. The old games used to be 72-hour team-based games but are now level-based Capture the Flag (CTF) along the same vein as the PullThePlug games. If PTP [...]
Posted by Casey on Wednesday, November 7, 2007 in
Hacking.
The default user environment on OS X is not exactly very productive. On my Linux and FreeBSD systems I prefer to work in a highly customized user environment that allows me to work faster and more efficiently. I have tried numerous ways of accomplishing [...]
Posted by Casey on Monday, November 5, 2007 in
Apple.
So this week, we've had a roundup of posts on Apple's latest OS X release, Leopard, and the security "features" that went into it, where they fall short, and what's missing. Thomas Ptacek has a great post over at Matasano with even more insightful [...]
Posted by Marcin on Thursday, November 1, 2007 in
Apple,
Linux,
Security and
Windows.
