|
|
Rebinding attacks unbound
2007-10-17 Federico Biancuzzi tracks down Adam Barth, an author of a recent study on DNS rebinding attacks to learn about the impact of the problem, which workarounds can be deployed right now, and how to protect browsers in the long run. http://www.securityfocus.com/columnists/455 Of hackers and ego 2007-10-10 Outing a zero-day vulnerability or criticizing others seems to be regular fare for the security community. Time to work on business and people skills, says columnist Don Parker. http://www.securityfocus.com/columnists/454 Mod Your iPhone – For Fun or Profit? 2007-09-04 I admit it: I own an iPhone. Indeed, I bought one the day they came out. No, I didn’t wait in line for hours; I just walked into the local Apple store, plunked down my life’s savings, and voila, another AT&T customer! http://www.securityfocus.com/columnists/453 Virtualized rootkits - Part 2 2007-08-29 There has been a lot of buzz around the topic of virtualized rootkits. Joanna Rutkowska has been working on a new version of Blue-Pill, her proof of concept invisible rootkit, while a team made by three prominent security experts (Thomas Ptacek, Nate Lawson, Peter Ferrie) challenged her that there is not an "invisible" rootkit, and that they were going to present at BlackHat conference various techniques to detect Blue-Pill. Federico Biancuzzi interviewed both sides to learn more. Part 2 of 2 http://www.securityfocus.com/columnists/452 Virtualized rootkits - Part 1 2007-08-22 There has been a lot of buzz around the topic of virtualized rootkits. Joanna Rutkowska has been working on a new version of Blue-Pill, her proof of concept invisible rootkit, while a team made by three prominent security experts (Thomas Ptacek, Nate Lawson, Peter Ferrie) challenged her that there is not an "invisible" rootkit, and that they were going to present at BlackHat conference various techniques to detect Blue-Pill. Federico Biancuzzi interviewed both sides to learn more. Part 1 of 2 http://www.securityfocus.com/columnists/451 Delete This! 2007-08-07 A series of legal events means that companies that have no business reason to retain documents or records may be compelled to create and retain such records just so they can become available for discovery. http://www.securityfocus.com/columnists/450 Security conferences versus practical knowledge 2007-07-18 While the training industry as a whole has evolved rather well to suit the needs of their clients, the computer conference - specifically the computer security conference - has declined in relevance to the everyday sys-admin and network security practitioners. http://www.securityfocus.com/columnists/449 Achtung! New German Laws on Cybercrime 2007-07-10 Germany is passing some new laws regarding cybercrime that might affect security professionals. Federico Biancuzzi interviewed Marco Gercke, one of the experts that was invited to the parliamentary hearing, to learn more about this delicate subject. They discussed what is covered by the new laws, which areas remain in the dark, and how they might affect vulnerability disclosure and the use of common tools, such as nmap. http://www.securityfocus.com/columnists/448 Don't Be Evil 2007-06-22 A series of developments raise the specter that remotely stored or created documents may be subject to subpoena or discovery all without the knowledge or consent of the document's creators. http://www.securityfocus.com/columnists/447 Embedded Problems 2007-06-11 Federico Biancuzzi interviews Barnaby Jack to discuss the vector rewrite attack, which architectures are vulnerable, how to defend the integrity of the exception vector table, some firmware extraction methods, and what bad things you can do on a cheap SOHO router. http://www.securityfocus.com/columnists/446 |
|
Privacy Statement |