2011 Common Weakness Enumeration (CWE)/SANS Top 25 Most Dangerous Software Errors

The 2011 CWE/SANS Top 25 Most Dangerous Software Errors is a list of the most widespread and critical errors that can lead to serious vulnerabilities in software. See the list here.


LulzSec Calls it Quits

After 50 days of reckless disregard for hacks perpetrated against the FBI affiliate InfraGard, the Arizona State Police, Sony, and others, the hacker collective known as LulzSec calls it quits.

The thing that has fascinated me about this group is their utter disregard for the consequences of their actions, especially as it relates to the average citizen. Add to that, their moral naivete, or as Dr. Gene Spafford, Executive Director of the Purdue University Center for Education and Research in Information Assurance and Security (CERIAS) put it, “it is obvious that  these individuals and groups are displaying a significant political and moral bias — or blindness — they are ignoring the worst human rights offenders and criminals on the planet. It seems they are after the ego-boosting publicity, and concerned only with themselves. The claims of exposing evil is intended to fool the naive.”

Good riddance…

New Book: Practical Packet Analysis: Using Wireshark to Solve Real-World Network Problems

The revised and second edition of Practical Packet Analysis (published by No Starch Press), teaches the reader, using Wireshark and 45 new scenarios , how to analyze packets in order to better understand network communication and troubleshoot network problems. In addition, readers learn how to:

  • Use packet analysis to identify and resolve common network problems like loss of connectivity, DNS issues, sluggish speeds, and malware infections
  • Build customized capture and display filters
  • Monitor their network in real-time and tap live network communications
  • Graph traffic patterns to visualize the data flowing across their network
  • Use advanced Wireshark features to understand confusing captures
  • Build statistics and reports to help them better explain technical network information to non-techies