Weekend Reading
A review of fingerprint scanners
I've always had a fascination with fingerprint readers. I have always liked the idea of using my fingerprint in order to access files, web sites, or my computer. With that in mind, I rounded up four USB fingerprint readers to test their support for applications, ease of use and, of course, to test the rumored Silly Putty/Jell-O fingerprint duplication test.
Take a look HERE.
==================================================================
A Funny Thing Happened On the Way to Certification
Our manager got off on the wrong foot at her CCSP training, until she remembered the value of humor in getting through even the most trying situations.
Take a look HERE.
==================================================================
Black Ops & Grandma
He was one of the key researchers who hammered away at Vista security for Microsoft while the software giant was developing the new operating system, but Dan Kaminsky still fondly recalls in detail the memory of his first Black Hat seven years ago.
He worries about DNS rebinding, an example of a design flaw that can have serious consequences if manipulated nefariously. "I'm working on code that, if you come to my Website, I get to treat your browser as a VPN concentrator and browse your corporate network - with whatever magic IPsec credentials your machine has, incidentally."
Take a look HERE.
==================================================================
Global security challenge falls to an elite corps
The job of policing the Web has been left to the corporate world by default. The burden weighs heavily on a trio of companies in particular: Google, Yahoo and Microsoft--the three firms with the most traffic on the Web. Their work, alone or in concert, will likely define what kind of security can be expected for e-mail, purchases, bill payment, other financial transactions and practically anything else involving personal information of the most sensitive nature.
Take a look HERE - if you missed the individual stories posted last week.
==================================================================
Zero Day Threats: Part 3
When & How Are They Released? In 2003, Microsoft moved to a monthly patch release cycle (commonly known as Patch Tuesday, for the second Tuesday of each month). After a while people noticed a correlation between when zero day vulnerabilities were discovered/disclosed and the proximity to Patch Tuesday.
Read the article HERE.
==================================================================
Windows Vista - 6 Month Vulnerability Report
Jeff Jones posted a 90 Day Vulnerability Report on March 21. In that report he used a full Linux distro including optional components. This time, he did what the Linux community had asked, and just used the base OS install. Vista still came out on top.
Take a look HERE.
==================================================================
Report: FireWire doomed to niche interface status
One of the more infamous and contentious threads in the history of the Battlefront was a debate over the relative merits of FireWire and USB 2.0. The original poster wondered what the point of USB 2.0 was when FireWire was already on the market? Fast forward to six years later, and a new report from research firm In-Stat is predicting that FireWire is doomed to be a niche interface.
Take a look HERE.
==================================================================
Private-eye hackers are convicted
Two police officers who moonlighted as private detectives have been convicted of bugging phones and hacking into computers on behalf of wealthy clients.
Jeremy Young and Scott Gelsthorpe set up Active Investigation Services and ran a service dubbed "Hackers Are Us". One of their clients, waste millionaire Adrian Kirby, paid £47,000 for AIS to spy on environmental investigators.
Take a look HERE.
==================================================================
Can cryptography prevent printer-ink piracy?
In the computer printer business, everyone knows the big money comes from the sale of ink cartridges. Most of these cartridges are made by printer manufacturers and sell for a substantial premium. Some come from unauthorized sources, sell for substantially less and attract the attention of antipiracy lawyers.
If there was ever a prize for BEST Weekend Reading Story this has to be a contender. I usually don't make [too much] fun on piracy issues, and I'm sure this is a very serious matter to those concerned, but...
Take a look HERE.
==================================================================
A warning to security technology junkies
Are you a security technology junkie? Do you love to have the latest security gadget, and do you hope that the latest gadget will fill a hole in your network? If so, you can expect to to overdose soon (assuming you have a good budget and gullible management). What you are going to end up with is a huge amount of crap to manage, and you are really not going to get anything done that helps your security program in the long run.
Take a look HERE.
==================================================================
Does the CIA's Dark Past Foretell Current Data Abuse?
With the CIA's release of reports on 25 years of illegal exploits, data privacy advocates now have a lengthy record of abuses to justify restraining governments' access to personal data.
Take a look HERE.
==================================================================
Phishing the net for the gullible
The best security against online fraud still won't protect those who won't learn.
Carl Robertson still shudders when he remembers it. "You have to live through it to understand the damage that can happen, not only emotionally, but financially." A death? An assault? No. The 63-year-old California-based estate agent is talking about phishing, the stealing of personal credentials using spoof emails. Robertson had been a casual internet user for three years when he followed a link in an email purporting to come from eBay. It led him to enter personal details into what he thought was an account confirmation page.
Read the article HERE.
I've always had a fascination with fingerprint readers. I have always liked the idea of using my fingerprint in order to access files, web sites, or my computer. With that in mind, I rounded up four USB fingerprint readers to test their support for applications, ease of use and, of course, to test the rumored Silly Putty/Jell-O fingerprint duplication test.
Take a look HERE.
==================================================================
A Funny Thing Happened On the Way to Certification
Our manager got off on the wrong foot at her CCSP training, until she remembered the value of humor in getting through even the most trying situations.
Take a look HERE.
==================================================================
Black Ops & Grandma
He was one of the key researchers who hammered away at Vista security for Microsoft while the software giant was developing the new operating system, but Dan Kaminsky still fondly recalls in detail the memory of his first Black Hat seven years ago.
He worries about DNS rebinding, an example of a design flaw that can have serious consequences if manipulated nefariously. "I'm working on code that, if you come to my Website, I get to treat your browser as a VPN concentrator and browse your corporate network - with whatever magic IPsec credentials your machine has, incidentally."
Take a look HERE.
==================================================================
Global security challenge falls to an elite corps
The job of policing the Web has been left to the corporate world by default. The burden weighs heavily on a trio of companies in particular: Google, Yahoo and Microsoft--the three firms with the most traffic on the Web. Their work, alone or in concert, will likely define what kind of security can be expected for e-mail, purchases, bill payment, other financial transactions and practically anything else involving personal information of the most sensitive nature.
Take a look HERE - if you missed the individual stories posted last week.
==================================================================
Zero Day Threats: Part 3
When & How Are They Released? In 2003, Microsoft moved to a monthly patch release cycle (commonly known as Patch Tuesday, for the second Tuesday of each month). After a while people noticed a correlation between when zero day vulnerabilities were discovered/disclosed and the proximity to Patch Tuesday.
Read the article HERE.
==================================================================
Windows Vista - 6 Month Vulnerability Report
Jeff Jones posted a 90 Day Vulnerability Report on March 21. In that report he used a full Linux distro including optional components. This time, he did what the Linux community had asked, and just used the base OS install. Vista still came out on top.
Take a look HERE.
==================================================================
Report: FireWire doomed to niche interface status
One of the more infamous and contentious threads in the history of the Battlefront was a debate over the relative merits of FireWire and USB 2.0. The original poster wondered what the point of USB 2.0 was when FireWire was already on the market? Fast forward to six years later, and a new report from research firm In-Stat is predicting that FireWire is doomed to be a niche interface.
Take a look HERE.
==================================================================
Private-eye hackers are convicted
Two police officers who moonlighted as private detectives have been convicted of bugging phones and hacking into computers on behalf of wealthy clients.
Jeremy Young and Scott Gelsthorpe set up Active Investigation Services and ran a service dubbed "Hackers Are Us". One of their clients, waste millionaire Adrian Kirby, paid £47,000 for AIS to spy on environmental investigators.
Take a look HERE.
==================================================================
Can cryptography prevent printer-ink piracy?
In the computer printer business, everyone knows the big money comes from the sale of ink cartridges. Most of these cartridges are made by printer manufacturers and sell for a substantial premium. Some come from unauthorized sources, sell for substantially less and attract the attention of antipiracy lawyers.
If there was ever a prize for BEST Weekend Reading Story this has to be a contender. I usually don't make [too much] fun on piracy issues, and I'm sure this is a very serious matter to those concerned, but...
Take a look HERE.
==================================================================
A warning to security technology junkies
Are you a security technology junkie? Do you love to have the latest security gadget, and do you hope that the latest gadget will fill a hole in your network? If so, you can expect to to overdose soon (assuming you have a good budget and gullible management). What you are going to end up with is a huge amount of crap to manage, and you are really not going to get anything done that helps your security program in the long run.
Take a look HERE.
==================================================================
Does the CIA's Dark Past Foretell Current Data Abuse?
With the CIA's release of reports on 25 years of illegal exploits, data privacy advocates now have a lengthy record of abuses to justify restraining governments' access to personal data.
Take a look HERE.
==================================================================
Phishing the net for the gullible
The best security against online fraud still won't protect those who won't learn.
Carl Robertson still shudders when he remembers it. "You have to live through it to understand the damage that can happen, not only emotionally, but financially." A death? An assault? No. The 63-year-old California-based estate agent is talking about phishing, the stealing of personal credentials using spoof emails. Robertson had been a casual internet user for three years when he followed a link in an email purporting to come from eBay. It led him to enter personal details into what he thought was an account confirmation page.
Read the article HERE.
posted by vanish at 8:26 AM
0 Comments:
Post a Comment
<< Home