Posted in CGI Security on December 1st, 2008 by CGI
In this issue. The future of AV: looking for the good while stopping the bad Eight holes in Windows login controls Extended validation and online security: EV SSL gets the green light Interview with Giles Hogben, an expert on identity and authentication technologies working at ENISA Web filtering in a Web…
Posted in CGI Security on December 1st, 2008 by CGI
“At Drexel University and a handful of other colleges, students created computer scripts to sway the contest—an online vote to nominate a university to receive its own clothing line—in their campuses’ favor. Tim Plunkett, a junior at Drexel, created a script that could cast 1,500 votes per second, according to The…
Posted in CGI Security on December 1st, 2008 by CGI
I came across an interesting post at freedom-to-tinker discussing the impacts of google’s flu monitoring program.”My concern today is whether Flu Trends can be manipulated. The system makes inferences from how people search, but people can change their search behavior. What if a person or a small group set out to…
Posted in CGI Security on November 25th, 2008 by CGI
An article over at macworld discusses the anti phishing features in the new safari.”The release of Safari 3.2 on November 13 displayed Apple’s penchant for cryptic release notes, as the company describes all three versions as featuring “protection from fraudulent phishing Web sites.” Let’s decode that for you: Safari 3.2 offers…
Posted in CGI Security on November 25th, 2008 by CGI
David Litchfield has published a new tool and paper on forensics on Oracle Databases. From his email to the Websecurity mailing list.”I’ve just posted a new tool and paper for Oracle forensics. The tool, orablock, allows a forensic investigator to dump data from a “cold” Oracle data file – i.e. there’s…
Posted in CGI Security on November 24th, 2008 by CGI
Romain Guacher to the SC-L mailing list that the NSA has published a massive 298 page unclassified document on .NET 2.0 security. From the introduction.”The purpose of this document is to inform administrators responsible for systems andnetwork security about the configurable security features available in the .NET Framework.To place some of…
Posted in CGI Security on November 19th, 2008 by CGI
“The team I work in uses both automated scanners, along with a few humans testing (minimum of 2)… A good tester should know the weaknesses of the automated testers.. The problem with automated testers, is, simply put, they are not human. That is they will not have intuition that a given…
Posted in CGI Security on November 19th, 2008 by CGI
“Contact: H D Moore FOR IMMEDIATE RELEASE Email: hdm[at]metasploit.com Austin, Texas, November 19th, 2008 — The Metasploit Projectannounced today the free, world-wide availability of version 3.2 oftheir exploit development and attack framework. The latest versionis provided under a true open source software license (BSD) and is backed by a community-based development…
Posted in CGI Security on November 19th, 2008 by CGI
“Microsoft on Tuesday said it plans to kill off its Windows Live OneCare subscription security service in favor of a free offering that will feature a core of essential anti-malware tools while excluding peripheral services, such as PC tune up programs, found in OneCare. The move could help the software maker…
Posted in CGI Security on November 18th, 2008 by CGI
“On Oct. 14, 2008, Microsoft added another piece of information to the bulletin summary to better help customers with their risk assessment process: the Exploitability Index. This section is a brief overview to explain how customers can integrate the Exploitability Index with the Severity Rating system into their own risk assessment…