Virtual Infrastructure Security Facts

The number of virtual servers will rise to more than 1.7 million physical servers by 2010, resulting in 7.9 million logical servers.  Virtualized servers will represent 14.6% of all physical servers in 2010 compared to just 4.5% in 2005 (IDC)
60% of production virtual machines will be less secure than their physical counterparts […]

This is just going to be a long list of links with rants.  I have taken up the duty of disseminating information on the latest in WiFi and Bluetooth penetration-testing for no real reason other than it’s on the tip of my tongue.
First, we have the BackTrack 3 project, which is basically mandatory if you […]

I wanted to do a post about “what web application security really is” because plenty of people out there don’t get it.  They understand that “security attacks are moving from hosts to the Web”, but they have no idea what that means.  To most people, web application security is the same thing as website security.  […]

In October of 2006, a vulnerability in IE7 known as the “mhtml:” Redirection Information Disclosure was discovered.  RSnake wrote up a post about how nasty it was.  The basics: it took over the entire browser experience.
Fortunately, the bug was patched quickly, it required access to the web server/application (or HTTP header injection), and it only […]

Day one of PWN2OWN was unsuccessful, which is no big surprise.  But today, I am really hoping for something — otherwise we’ll have to wait until tomorrow for the third-party clieint-side exploits.
Here’s a little summary I wrote a bit back on how to increase the likelihood of exploiting the three systems.
Are Linux and Mac OS […]