Changes

From Security Weekly Wiki
Jump to navigationJump to search
1,815 bytes added ,  15:47, 27 July 2007
no edit summary
[http://feeds.feedburner.com/~r/techtarget/Searchsecurity/SecurityWire/~3/136995138/0,289142,sid14_gci1265462,00.html BIND vulnerabilities, time to upgrade!] - [PaulDotCom] BIND vulnerabilities releated to cache poisoning attacks. A good time to talk about recursive queries too!
 
[http://www.darkreading.com/document.asp?doc_id=130101 Data sharing? Sometimes too much!] - [Larry] - Sure, sometimes data sharing between partners can be a great thing for business. However, what happens when your partner doesn't take securing the data as serious as you do? This is why agreements are great. Make sure that agreement gives you the ability to audit their practices, has accountability, and sever-ability on breach...
 
[http://ddanchev.blogspot.com/2007/07/cyber-jihadists-and-tor.html] - [Larry] - We always hear about using hacker tools for good. Keep in mind that it is a two way street, as apparently some Jihadists have some tutorials on using TOR (a tool for good) in order to hide their activities.
 
[http://www.hackszine.com/blog/archive/2007/07/howto_spoof_windows_tcpip_stac.html?CMP=OTC-7G2N43923558 Spoofing TCP/IP Fingerprints with Windows] - [Larry] Security Cloak is a tool for changing TCP/IP timestamp and window options for TCP/IP in the windows registry. I can think of a number of times where this may be useful.
 
[http://www.darkreading.com/document.asp?doc_id=130021 Hacking Without Exploits] - [Larry] - HDM's talk at BlackHat and DEFCON. I'm going to try to check it out, so I'll have the skinny. But, in a nutshell, HDM will be talking about a bunch of things that he fells pen-testers miss, and are hard to test with automated tools, given the variations in client site configurations...
 
[http://www.cisco.com/en/US/products/products_security_advisory09186a008088ab28.shtml Wireless Arp Storm Vulns for Cisco] - [Larry] - Instead of pwning the iPhone, the iPhone pwns j00! Wow, what a stupid bug for DoS. You'd think that Cisco's engineers would have thought about and tested this functionality...given the nature of the bug, and the nature of wireless clients.
940

edits

Navigation menu