| |
| Current Topic: Miscellaneous |
|
Sandboxie - Sandbox software for application isolation and secure Web browsing |
|
|
|---|
| Topic: Miscellaneous |
1:54 pm EDT, May 22, 2009 |
Introducing Sandboxie Sandboxie runs your programs in an isolated space which prevents them from making permanent changes to other programs and data in your computer.
This is pretty cool. Faster/easier than VMware/restore points but ignore the "protects you from malware" nonsense. Fast easy way to install, play, and revert. Sandboxie - Sandbox software for application isolation and secure Web browsing |
|
TaoSecurity: Cheap IT Is Ultimately Expensive |
|
|
|---|
| Topic: Miscellaneous |
10:26 am EDT, May 22, 2009 |
Unfortunately, being seduced by those arguments ignores intrusion debt. One day the intrusion debt of poorly-run systems will be claimed by the intruders already inside the enterprise or those who are unleashed like an earthquake. Worse for you and me, the costs of dealing with the disaster are likely to be borne by the security team! Ultimate, security is an IT problem, not a "security" problem. The faster asset owners realize this and be held responsible for the security of their systems, the less intrusion debt will mount and the greater the chance that enterprise assets will survive digital earthquakes. Cheap IT is ultimately expensive -- more expensive than proper investment in IT in the first place.
Richard, as usual, nails it. TaoSecurity: Cheap IT Is Ultimately Expensive |
|
Schneier on Security: This Week's Terrorism Arrests |
|
|
|---|
| Topic: Miscellaneous |
10:17 am EDT, May 22, 2009 |
This Week's Terrorism Arrests: Four points. #1: There was little danger of an actual terrorist attack: #2: They were caught by traditional investigation and intelligence. Not airport security. Not warrantless eavesdropping. But old fashioned investigation and intelligence. #3: They were idiots: #4: An "informant" helped this group a lot.
Good read Schneier on Security: This Week's Terrorism Arrests |
|
Transcript of President Obama's national security address - CNN.com |
|
|
|---|
| Topic: Miscellaneous |
10:09 am EDT, May 22, 2009 |
The President's speech is a major step against the Bush administration's approach to the rule of law. It is worth a read. Time and again, our values have been our best national security asset... It is the reason why enemy soldiers have surrendered to us in battle, knowing they'd receive better treatment from America's armed forces than from their own government. It is the reason why America has benefited from strong alliances that amplified our power, and drawn a sharp and moral contrast with our adversaries... From Europe to the Pacific, we have been a nation that has shut down torture chambers and replaced tyranny with the rule of law. That is who we are. And where terrorists offer only the injustice of disorder and destruction, America must demonstrate that our values and institutions are more resilient than a hateful ideology.
I think this sort of perspective demonstrates a depth of understanding of the purpose of our institutions that conservatives have lost sight of. Transcript of President Obama's national security address - CNN.com |
|
History of a Child Safe Internet |
|
|
|---|
| Topic: Miscellaneous |
3:50 pm EDT, May 20, 2009 |
JANUARY 1995 and before
A dangerous adult only cyberspace contained no resources to protect children.
This is good for a laugh.... History of a Child Safe Internet |
|
Veracode: But That’s Impossible! |
|
|
|---|
| Topic: Miscellaneous |
12:13 pm EDT, May 20, 2009 |
Chris Eng has a hilarious post over on the Veracode blog. God knows I've heard a number of these over the years... I polled the Veracode research group, most of whom have been security consultants at one time or another, and ask them about the best responses they’ve heard from customers that reflect a lack of understanding or respect for a pen test finding. These often start with the proclamation, “that’s impossible…” followed by one of the statements below. Developer doesn’t understand how the web works * “Users can’t change the value of a dropdown”
* “That option is greyed out”
* “We don’t even link to that page” Developer doesn’t understand the difference between network and application security * “That application is behind 3 firewalls!”
* “We’re using SSL”
* “That system isn’t even exposed to the outside” Developer doesn’t understand a vulnerability class * “That’s just an error message” (usually related to SQL Injection)
* “You can’t even fit a valid SQL statement in 10 characters” Developer doubts attacker motivation * “You are using specialized tools; our users don’t use those”
* “Why would anyone put a string that long into that field?”
* “It’s just an internal application” (in an enterprise with 80k employees and a flat network)
* “This application has a small user community; we know who is authenticated to it” (huh?)
* “You have been doing this a long time, nobody else would be able to find that in a reasonable time frame!”
Veracode: But That’s Impossible! |
|
Sarah Connor Chronicles: Canceled |
|
|
|---|
| Topic: Miscellaneous |
12:06 am EDT, May 19, 2009 |
Damn it. |
|
IAB: Internet advertising standards |
|
|
|---|
| Topic: Miscellaneous |
4:46 pm EDT, May 18, 2009 |
Handy reference for standards in online advertising like banner ads dimensions, file sizes, etc. IAB: Internet advertising standards |
|
Capture the Flag 5 Released |
|
|
|---|
| Topic: Miscellaneous |
10:55 am EDT, May 14, 2009 |
LAMPSecurity.org is pleased to announce the release of the second in our series of capture the flag exercises. Like the previous release (http://lampsecurity.org/capture-the-flag-4), this exercise is a full Linux virtual machine that is vulnerable to remote root compromise due to a number of vulnerabilities. This exercise is notable in that it includes the use of a 0-day exploit.
Capture the Flag 5 Released |
|
|
|---|
| Topic: Miscellaneous |
11:33 pm EDT, May 13, 2009 |
A 35,000-year-old ivory carving of a busty woman found in a German cave was unveiled Wednesday by archaeologists who believe it is the oldest known sculpture of the human form. The carving found in six fragments in Germany's Hohle Fels cave depicts a woman with a swollen belly, wide-set thighs and large, protruding breasts. [snip]
Cook suggested it could be symbol of fertility, perhaps even portrayed in the act of giving birth. Mellars suggested a more basic motivation for the carving: "These people were obsessed with sex."
The oldest known sculpture of a human in the world.... has really really big boobies. Yeah, I guess we haven't progressed that far now have we? Pornography is timeless. |
|
