Archive | Security How To’s RSS feed for this section
Some things to look for in your SecurID / Remote Access logs
The RSA SecurID token has arguably been the defacto second factor authenticator for many years. Despite the recent breach at RSA I do not see many organizations moving to alternate vendors or other second factor technologies, like PKI / SmartCards or telephone based solutions. In the wake of the RSA breach most companies [...]
Continue reading...NSA’s guide to securing routers
16. February 2007
My old pal’s from the System Network and Attack Center at the NSA have a great guide on securing routers. The Router Security Configuration Guide has a good amount of the networking basics and then goes into a lot of hands on configurations and best practices. Cisco routers are covered specifically but I would imagine [...]
Continue reading...URL Obfuscation Examples
1. November 2006
Web browsers understand all sorts of URL formats. If you want to go to Google you put http://www.google.com in your browser. These URL’s are also valid for Google as well: http://1208930147 and http://%67%6f%6f%67%6c%65%2e%63%6f%6d For a good explanation as to why this is and what URL obfuscation is used for, check out this post. –Chris Technorati [...]
Continue reading...Skype Security
16. October 2006
I use Skype fairly regularly as do many people I know. In fact, you can Skype me at chrisharringtonor leave me voicemail at 603-397-3392 (also Skype). Over the past couple months I have seen some interesting information and links on Skype and it’s security and anonymity. I thought I would share some of these. Anonymity [...]
Continue reading...Securing Microsoft Office
12. October 2006
SecurityFocus has posted a two part article on securing Microsoft Office, written by Khushbu Jithra. It’s a pretty good article combo with the first article talking about Office’s security issues and the second article covering the forensics involved. –Chris Technorati tags: Microsoft Office, Security, vulnerability, security focus
Continue reading...Demystifying 802.1x
18. September 2006
I came across this white paper by Fluke Networks. It does a great job of visually representing the components in 802.1x, how the various handshake’s work and different protocols involved. Definitely worth a read if you want a cheat sheet on 802.1x. It’s through Bitpipe so you will have to register to download it. –Chris [...]
Continue reading...MS Exchange build numbers for pentesting
31. August 2006
Have you ever telnet’d to an MS Exchange server and wondered what Service Pack or Release version it was? I know I have. It can be a good way to double check what Nessus or another VA tool told you was a vulnerable version. CDOLive has a nice table that matches Version, Service Pack and [...]
Continue reading...Everything you wanted to know about SQL injection
3. August 2006
Ok…it’s probably not EVERYTHING but I thought it was a pretty good article. Besides, that is their title to the article, not mine. I like that it covered not only execution of a SQL injection attack but also how to detect it and tips to prevent such an attack. Application security is not my strongest [...]
Continue reading...- Record IM video on the network?
- WoW adds 2 factor authentication
- New blog theme
- Twitter + Security = Security Twits
- Security for Web Meetings?
- 3 open InfoSec positions at MIT Lincoln Laboratory
- NAC Panel Discussion: What is the state of NAC?
- ICANN shutting down a Chinese registrar?
- Shoot yourself in the foot in any language
- MIT Lincoln Lab Network Security Software
- Your favorite Mac apps? (8)
- Should I renew my CISSP? (7)
- NAC Panel Discussion: What is the state of NAC? (6)
- Is Data Leak Prevention the next “big thing” in security? (6)
- NitroSecurity files for IPO (5)
- Whitedust.net called it quits? (5)
- Over reliance on industry analysts (4)
- VA loses another PC…36,000 at risk (4)
- Stopping 100% of web proxies? (4)
- Juniper launches a switch line (4)
- APT and attribution
- McAfee acquires NitroSecurity
- RIM fix your Blackberry S/MIME experience, please?
- Some things to look for in your SecurID / Remote Access logs
- WPScan – WordPress Security Scanner
- Do you digitally sign email?
- Giving a presentation on APT tonight in Manchester, NH
- RSA Security breached by APT
- New mass-mailing worm spreading like crazy – VBMania
- Intel to acquire McAfee for $7.7 Billion
Latest Videos
InfoSecPodcast tweets
3 weeks ago
Reading now
15. June 2011
0 Comments