The 2011 CWE/SANS Top 25 Most Dangerous Software Errors is a list of the most widespread and critical errors that can lead to serious vulnerabilities in software. See the list here.
Monthly Archives: June 2011
Want a job in Penetration Testing?
I think these guys nail the pros and cons of doing penetration testing work on the head.
LulzSec Calls it Quits
After 50 days of reckless disregard for hacks perpetrated against the FBI affiliate InfraGard, the Arizona State Police, Sony, and others, the hacker collective known as LulzSec calls it quits.
The thing that has fascinated me about this group is their utter disregard for the consequences of their actions, especially as it relates to the average citizen. Add to that, their moral naivete, or as Dr. Gene Spafford, Executive Director of the Purdue University Center for Education and Research in Information Assurance and Security (CERIAS) put it, “it is obvious that these individuals and groups are displaying a significant political and moral bias — or blindness — they are ignoring the worst human rights offenders and criminals on the planet. It seems they are after the ego-boosting publicity, and concerned only with themselves. The claims of exposing evil is intended to fool the naive.”
Good riddance…
LulzSec – Gene Spafford Couldn’t Have Said it Better
In the LulzSec’s 1000th tweet, I wondered aloud (albeit briefly) at the motivation for this rogue hacking group’s motives. Dr. Gene Spafford, Executive Director of the Purdue University Center for Education and Research in Information Assurance and Security (CERIAS), does the same, more fully.
How to Pick the Right Linux Distro
If you’re new to Linux, figuring out which Linux flavor to start with can be an overwhelming decision. The folks at Linux.com have an overview of the major Linux distributions, or what they’re calling the 2011 Linux Distro Scorecard.
New Book: Practical Packet Analysis: Using Wireshark to Solve Real-World Network Problems
The revised and second edition of Practical Packet Analysis (published by No Starch Press), teaches the reader, using Wireshark and 45 new scenarios , how to analyze packets in order to better understand network communication and troubleshoot network problems. In addition, readers learn how to:
- Use packet analysis to identify and resolve common network problems like loss of connectivity, DNS issues, sluggish speeds, and malware infections
- Build customized capture and display filters
- Monitor their network in real-time and tap live network communications
- Graph traffic patterns to visualize the data flowing across their network
- Use advanced Wireshark features to understand confusing captures
- Build statistics and reports to help them better explain technical network information to non-techies
Tenable Network Security Paper: Firewall and Boundary Auditing Best Practices
Ron Gula (@RonGula), CEO Tenable Network Security, has written a paper on using various Nessus products to perform audits of firewall (and network boundary devices).
LulzSec – Under Attack from Hackers/Law Enforcement
I’m interested in seeing how long the the LulzSec gang manages to stay together as a loose knit group of self-proclaimed black hats now that they’ve specifically been targeting law enforcement organizations (e.g., FBI, CIA), and now that some of the group’s members are being targeted by law enforcement and other pro-establishment hackers.
LulzSec – Operation Anti-Security
..and another throw-down from the LulzSec folks – this time #AntiSecurity.
LulzSec – 1000th Tweet: Statement
Read what the LulzSec gang thinks about their recent shenanigans.
Really?