Sunday, August 06, 2006

Weekend Reads

Hack Me!
Foundstone, the divsion at McAfee which develops vulnerability-assessment products, has posted
free tools to help software developers improve security at their e-commerce sites. Specifically, Foundstone has come up with Web-based mock-ups of an online bank, a bookstore, a shipping site and a desktop travel application.

Experimenting with these so-called "Hacme" mock-ups - which all have some sort of vulnerability planted in them - can show developers where security problems often crop up. The videos walk a user step by step through each attack allowing them to not only read about them in the user guide, but also see the attacks in action. Bringing the attacks to life gives the viewer a new way to experience the user guide and the attacks presented therein.

==================================================================
XP's No-Reformat, Nondestructive Total-Rebuild Option

Fred Langa shows you how to completely rebuild, repair, or refresh an existing XP installation without losing data, and without having to reinstall user software, reformat, or otherwise destructively alter the setup.

To learn how visit the website HERE.

==================================================================
Performing Security Code Reviews

No one really likes reviewing source code for security vulnerabilities; it’s slow, tedious, and mind-numbingly boring. Yet, code review is a critical component of shipping secure software to customers. Neglecting it isn’t an option.

I get to review quite a bit of code—not as much as I used to, but enough to keep me busy helping teams at Microsoft. Sometimes people just want my take on small snippets of perhaps 100 lines of code, and other times I get hundreds of thousands of lines.

People often ask how I review code for security vulnerabilities when faced with a massive amount to review. At a very high level, my process is simple:

Read the article HERE.

==================================================================
Decode cloaked URL's

You see them eveywhere -
http://tinyurl.com/mzvrr
And they do serve a purpose.
The above story link [Performing Security Code Reviews] has the following URL :

http://www.computer.org/portal/site/security/menuitem.6f7b24
14551cb84651286b108bcd45f3/index.jsp?&pName=security_lev
el1_article&TheCat=1001&path=security/2006/v4n4&
file=basic.xml&

It has a length of 179 characters, but was able to be shortened into the following TinyURL which has a length of only 24 characters:

http://tinyurl.com/mzvrr

But aren't you sometimes wary of where you may end up by clicking one of these links? Now you can decode the "tiny.url" and allay those fears. Maybe.


To decode tiny URL's visit the website HERE.

==================================================================
How NERDY are You?

Have you been recently called a geek, a dork, a NERD? Do you want to be a nerd, geek, or dork? Well, this test is for you! This highly advanced 'test' will determine once and for all how nerdy you are. Upon completion, you will be given a score (out of 100) as to just how nerdy you are, plus a nifty little graphic and link that you can share with your friends (if you have any) so they can see how they measure up!

Do the test HERE.

0 Comments:

Post a Comment

<< Home