Day one of PWN2OWN was unsuccessful, which is no big surprise. But today, I am really hoping for something -- otherwise we'll have to wait until tomorrow for the third-party clieint-side exploits. Here's a little summary I wrote a bit back on how to [...]
Posted by Dre on Thursday, March 27, 2008 in
Apple,
Conferences,
Hacking,
Linux,
Security and
Windows.
You installed Firefox. How do you make it more secure for daily use? How do the Mozilla developers ensure that they are doing all the right things? How do you safely browse the Internet? These are not easy questions to answer, and some of the answers [...]
Posted by Dre on Tuesday, March 25, 2008 in
Defense and
Security.
Let's take some time here to discuss what "secure code review" is and what it is not. I see a lot more people talking about code review. Many people have only the view of the PCI DSS compliance standard, which almost pits code review against the web [...]
Posted by Dre on Monday, March 24, 2008 in
Defense and
Security.
I've downloaded and used the Firefox 3 beta browser software for the past few months and wanted to give a report on the latest of what works and what doesn't. Note that I had to install Nightly Tester Tools to get many of these to work. I am also now [...]
Posted by Dre on Monday, March 24, 2008 in
Defense,
Hacking,
Security,
Tech and
Windows.
Lesson 13: Just this week, in lessons 12 and 13, we've covered -- at least partially -- how to significantly reduce risk and vulnerability to system and network infrastructure. We touched on protecting applications, but we weren't able to go into [...]
Posted by Dre on Thursday, March 20, 2008 in
Defense,
Hacking,
Itsm and
Security.
Lesson 12: Yesterday, I shamelessly recommended to ditch all commercial networking gear. In the same breath, I also made several Cisco configuration recommendations. This is just the way that I work. The idea is that network appliances increase risk, but [...]
Posted by Dre on Wednesday, March 19, 2008 in
Defense,
Hacking,
Itsm and
Security.
Lesson 11: Welcome back! I know that the last few weeks have been a lull, and even before ShmooCon there wasn't a lot going on our security blog. However, you're in for a real treat since I'm back with the daily ITSM Vulnerability Assessment techniques! [...]
Posted by Dre on Tuesday, March 18, 2008 in
Defense,
Hacking,
Itsm and
Security.
Taking care of business Before I get into this post, I wanted to give you some updates on progress of other projects here at TS/SCI Security. First off, I've been working on the OWASP Evaluation and Certification Criteria Project and hope to announce [...]
Posted by Dre on Monday, March 17, 2008 in
Hacking,
Security and
Work.
Recently, I finished reading "The New School of Information Security" by Adam Shostack and Andrew Stewart. It's only about 200 pages, so it's certainly worth your time to pick up and read. Some people will compare it to "Security Metrics" by Andrew [...]
Posted by Dre on Monday, March 17, 2008 in
Books,
Privacy and
Security.
Before Mike Rothman posted something about the WhiteHatSec and F5 announcement, I really wasn't going to say anything negative or positive. Integrating web application security scanners with web application firewalls at first seems like a good idea. [...]
Posted by Dre on Tuesday, March 11, 2008 in
Defense and
Security.
I've been doing some work lately with text files and have been using various shell command techniques to manipulate them for whatever purposes I need. This isn't a HOWTO guide as much as it is a reference for myself and others that just need something [...]
Posted by Marcin on Friday, March 7, 2008 in
Hacking and
Linux.
