Criticism, Cheerleading, and Negativity
Very interesting reading: “Criticism, Cheerleading, and Negativity”: http://al3x.net/2009/12/06/criticism.html
Very interesting reading: “Criticism, Cheerleading, and Negativity”: http://al3x.net/2009/12/06/criticism.html
Here’s a nice post detailing implications of using Windows Vista / Windows 7 with the Volume Shadow Copy feature:
http://blog.szynalski.com/2009/11/23/volume-shadow-copy-system-restore/
Microsoft published the “10 Immutable Laws of Security” a while ago:
http://technet.microsoft.com/en-us/library/cc722487.aspx
Nice reading!
The support for the old ClamAV versions < 0.95 will end April 2010 (see e.g. heise).
To circumvent this issue the volatile branch can be added to Debian installations:
deb http://ftp.de.debian.org/debian-volatile/ stable/volatile main
Here’s a nice blog entry concerning setting up a virtual lab environment for analysis, pentesting etc.:
http://infosanity.wordpress.com/2009/10/12/virtual-lab-machines/
Here’s a nice article by Tenable about PHP hardening and auditing (using Nessus):
http://blog.tenablesecurity.com/2009/08/configuration-auditing-phpini-to-help-prevent-web-application-attacks.html
Here are some very nice examples on how not to do it …
http://whereismydata.wordpress.com/2009/08/02/computer-forensics-how-not-to-interview/
The “ModSecurity Core Rule Set” is now an OWASP project:
http://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project
There is a nice presentation covering “Using Nessus In Web Application Assessments”:
http://blog.tenablesecurity.com/2009/05/presentation-using-nessus-in-web-application-assessments.html
Great list of items for “No one at the organization knows about, understands, or respects the issue.” within the “8 reasons why website vulnerabilities are not fixed”-list (http://jeremiahgrossman.blogspot.com/2009/05/8-reasons-why-website-vulnerabilities.html):
http://www.veracode.com/blog/2009/05/but-thats-impossible/