Ross Anderson's Home Page Ross Anderson [Research] [Blog] [Politics] [My Book] [Music] [Contact Details] What's New Security protocols and evidence: where many payment systems fail analyses why dispute resolution is hard. In a nutshell, the systems needed to support it properly just don't get built (blog). Hardening Linux Web Servers Security is a process, not a result. It is a process which is difficult to adopt under normal conditions; the problem is compounded when it spans several job descriptions. All the system level security in the world is rendered useless by insecure web-applications. Marco Ramilli's Blog Hi folks, today I was seeking something able to grab pieces of web. I'm building a kind of spam-message-compositor for one research of mine, and what I found is pretty much interesting. It's called Web-Harvest, and of course it does much than a simple grab, but for my purpose is more than enough. Web-Harvest is Open Source Web Data Extraction tool written in Java. It offers a way to collect desired Web pages and extract useful data from them. In order to do that, it leverages well established techniques and technologies for text/xml manipulation such as XSLT, XQuery and Regular Expressions.
File Encryption Software AxCrypt is the leading open source file encryption software for Windows. It integrates seamlessly with Windows to compress, encrypt, decrypt, store, send and work with individual files. We have received 3,251,237 registrations, so it is tried and proven! AxCrypt is a great complement to services such as Dropbox, Google Drive, Live Mesh, SkyDrive and Box.net . Exploit writing tutorial part 11 : Heap Spraying Demystified Introduction A lot has been said and written already about heap spraying, but most of the existing documentation and whitepapers have a focus on Internet Explorer 7 (or older versions). Although there are a number of public exploits available that target IE8 and other browsers, the exact technique to do so has not been really documented in detail.
How to Prevent DoS Attacks Denial of Service (DoS) attacks are among the most feared threats in today's cybersecurity landscape. Difficult to defend against and potentially costly, DoS attacks can cause outages of web sites and network services for organizations large and small. DoS attacks can also be lucrative for criminals, some of whom use these attacks to shake down businesses for anywhere from thousands to millions of dollars. Any deliberate effort to cut off your web site or network from its intended users qualifies as a DoS attack. Such attacks have been successfully deployed against major online businesses including Visa and Mastercard, Twitter, and WordPress. Automating Firewall Log Scanning Firewalls are computers dedicated to filtering particular kinds of network traffic between two networks. They are usually employed to protect a LAN from the rest of the Internet. Securing every box on the LAN is much more costly and time consuming than deploying, administering and monitoring a single firewall. A firewall is particularly essential to those institutions permanently connected to the Internet. Depending on the network configuration, the router can be set up as a packet filter; usually, though, it is more convenient to set up a dedicated box to act as a firewall. Because they can be made extremely secure and have a low cost, Linux boxes can be very effective firewalls.
O'Reilly Sysadmin This doesn’t look good, right? Most open source monitoring tools do filesystem health checking by comparing the current percentage of used space against a set value. If it’s is 90% full, send out a warning page; if it’s 89%, send the all clear. Notice that I said filesystem, and not actual disk.
Information - Honeypots A honeypot is a computer resource whose only purpose is to get exploited. It is a trap, but for computer criminals. An attacked and properly investigated honeypot can provide valuable information about both the attack, and the attacker. Chapter 10. Technical background Chapter 10. Technical background The contents of this chapter are not required to use VirtualBox successfully.