Stories For Discussion
Snort bypass vulnerability Demarc explains a evasion technique for the snort http protocol parser.
MS Windows explorer.exe DoS exploit - Yup, it works...
802.11w and wireless security - Many vulnerabilities are due to the fact that there is no authentication at layer 2 for management frames. This is what lets me disassociate anyone at will :) 802.11w aims to prevent that... (and the article was written by Joshua Wright!)
Sourcefire has acknowledged the vulnerability and plans a release for the 2.4 and 2.6 development trains on June 5th.
Pen Testing Training on DVD - Any good ya think? Looks like a good primer, though nothing will replace real world experienced coupled with a hearty 6 day SANS course.
Don't forget ICMP Scanning - Nmap is a fantastic tool, but sometimes you can find good stuff with ICMP types. Such as a router that may reply to an address mask request but not an ICMP echo request.
Over confidence in SSH - ...From informit.com, Does using SSH open more holes than it solves? Even in my Linux rants, I use SSH on a daily basis, but this article opened by eyes to!
OpenOffice Virus - Allegedly the worlds first, and an antique attack vector - Macros! Those who don't learn from history are destined to repeat it. [Paul Asadoorian - Be cool if they could get the same virus to run in openoffice, staroffice, and MS Office, maybe thats version 2]
Commercial John the Ripper - Selling out? Hardly. Looks like great upcoming features, with affordable cost.
Us-Cert reports on Symantec vuln - ...but why a week late? Oh yes, government organization. Don't they realize timely information is key? [Paul Asadoorian and what about that symantec vulnerability?]
You should DEFINTELY expire user accounts when employees leave - Esp. if you are an airline. (Thank you to kraigus for this story)
It is OK to track my websurfing - Employees say it is ok...but when they are informed, do the even bother to listen? I'd love to hear ho listeres deal with web filtering tech - what do they block, why and how?
Other Stories Of Interest
Starting an Education in IT - ...From Slashdot.org, We get this question a lot. How and where should I start learning about IT? How can I make it my career? etc.. The responses are very good and enlightening.