I’ve posted an entry over on my employer’s blog on Penetrating Intranets through Adobe Flex Applications. I’ve also released a new tool along with it, called Blazentoo. This tool exploits insecurely configured BlazeDS Proxy Services, potentially allowing you to browse internal web sites. You can download Blazentoo from GDS’ tools page.
Also, be sure [...]

In my most recent post, I identified the direction and state-of-the-art in application security. We all know of the importance of application security in today’s environments. However, finding out where to fit application security policies and programs into an overall security program (or organizational security plan) is as difficult (or more difficult) than integrating mandatory [...]

It’s that time of year again, where we all come out of hiding and meet in Sin City to cause nothing but trouble. The brave venture out into the scorching hot sun during the day and some even dare tempt the waters at Rehab. The rest of us wait until dark, with the neon lights [...]

Recently, it has come to my attention that industry people I respect (and vice versa) have desired me to re-post some comments I’ve made on other blogs.
It’s also high-time that we at TS-SCI/Security begin writing again. I can tell you that since March (our last post), Marcin and I have been involved heavily in our [...]

Virtual Infrastructure Security Facts

The number of virtual servers will rise to more than 1.7 million physical servers by 2010, resulting in 7.9 million logical servers.  Virtualized servers will represent 14.6% of all physical servers in 2010 compared to just 4.5% in 2005 (IDC)
60% of production virtual machines will be less secure than their physical counterparts [...]