Archive | Security How To's RSS feed for this section
NSA’s guide to securing routers
My old pal’s from the System Network and Attack Center at the NSA have a great guide on securing routers. The Router Security Configuration Guide has a good amount of the networking basics and then goes into a lot of hands on configurations and best practices. Cisco routers are covered specifically but I would imagine [...]
Continue reading...URL Obfuscation Examples
1. November 2006
Web browsers understand all sorts of URL formats. If you want to go to Google you put www.google.com in your browser. These URL’s are also valid for Google as well: http://1208930147 and http://%67%6f%6f%67%6c%65%2e%63%6f%6d For a good explanation as to why this is and what URL obfuscation is used for, check out this post. –Chris Technorati Tags: URL, obfuscation, [...]
Continue reading...Skype Security
16. October 2006
I use Skype fairly regularly as do many people I know. In fact, you can Skype me at chrisharringtonor leave me voicemail at 603-397-3392 (also Skype). Over the past couple months I have seen some interesting information and links on Skype and it’s security and anonymity. I thought I would share some of these. Anonymity Skype is [...]
Continue reading...Securing Microsoft Office
12. October 2006
SecurityFocus has posted a two part article on securing Microsoft Office, written by Khushbu Jithra. It’s a pretty good article combo with the first article talking about Office’s security issues and the second article covering the forensics involved. –Chris Technorati tags: Microsoft Office, Security, vulnerability, security focus SHARETHIS.addEntry({ title: "Securing Microsoft Office", url: "http://www.infosecpodcast.com/2006/10/securing-microsoft-office/" });
Continue reading...Demystifying 802.1x
18. September 2006
I came across this white paper by Fluke Networks. It does a great job of visually representing the components in 802.1x, how the various handshake’s work and different protocols involved. Definitely worth a read if you want a cheat sheet on 802.1x. It’s through Bitpipe so you will have to register to download it. –Chris Technorati Tags: [...]
Continue reading...MS Exchange build numbers for pentesting
31. August 2006
Have you ever telnet’d to an MS Exchange server and wondered what Service Pack or Release version it was? I know I have. It can be a good way to double check what Nessus or another VA tool told you was a vulnerable version. CDOLive has a nice table that matches Version, Service Pack and [...]
Continue reading...Everything you wanted to know about SQL injection
3. August 2006
Ok…it’s probably not EVERYTHING but I thought it was a pretty good article. Besides, that is their title to the article, not mine. I like that it covered not only execution of a SQL injection attack but also how to detect it and tips to prevent such an attack. Application security is not my [...]
Continue reading...- ICANN shutting down a Chinese registrar?
- Record IM video on the network?
- New blog theme
- Twitter + Security = Security Twits
- New job for me :)
- Funny comment Spam
- WoW adds 2 factor authentication
- Security for Web Meetings?
- Shoot yourself in the foot in any language
- Juniper launches a switch line
- Your favorite Mac apps? (8)
- Is Data Leak Prevention the next "big thing" in security? (6)
- Should I renew my CISSP? (5)
- NitroSecurity files for IPO (5)
- Whitedust.net called it quits? (5)
- Over reliance on industry analysts (4)
- VA loses another PC...36,000 at risk (4)
- Stopping 100% of web web proxies? (4)
- Juniper launches a switch line (4)
- Personal info lost on 540,000 New Yorkers (3)
- Record IM video on the network?
- WoW adds 2 factor authentication
- ICANN shutting down a Chinese registrar?
- Savant Protection supports Google Android
- Detecting Bot Command and Control Channels
- (ab)using Tor to spy on connections
- Anyone still blocking Javascript?
- Two job openings at my company
- Backpack mounted Laser
- Hacking Illustrated Videos
Latest Flickr photos
16. February 2007
0 Comments