Operating Systems
Root Accounts - The Root of All Evil?
September 30, 2010 Added by:Jamie Adams
Too often administrators jump to the root level to perform routine tasks — this is when mistakes occur. The administrator is in a hurry and enters one wrong space, is in the wrong directory, or types an incorrect parameter - all can result in evil things when the ENTER key is pressed...
Comments (15)
Stuxnet Worm Reveals Default Password Vulnerabilities
September 27, 2010 Added by:Jamie Adams
NATO spokesman James Appathurai denied that the computers were regularly compromised. However, I didn't hear him dispute the fact that the systems were missing many of the basic security patches. So, is it just a matter of time? Or have the systems already been comprised but NATO is unaware?
Comments (22)
Lock Down Heartburn: Windows to Linux Migration
September 24, 2010 Added by:Jamie Adams
The process of lock down (hardening) is difficult, tedious, and time consuming even for an administrator working on an operating system they're familiar with. This process requires knowledge as to where to configure the item and often how to configure the item...
Comments (0)
Protecting Linux Against Overflow Exploits
September 23, 2010 Added by:Jamie Adams
Most overflows are addressed during the development process because testing will often uncover erratic program behavior, memory access errors, incorrect results, and unexpected program terminations. Those which aren't identified and make it into production are often abused by attackers...
Comments (2)
SAMBA Vulnerability Could Be Dangerous
September 22, 2010 Added by:Brent Huston
If you are not already looking at the newest SAMBA issue, you should be paying attention. It is a stack-based buffer overflow, exploitable remotely without credentials. The MetaSploit folks are already hard at work on an exploit and some versions are rumored to be floating about the underground...
Comments (0)
Finding a Trusted Path in Un-Trusted Computers
September 07, 2010 Added by:Eli Talmor
Interacting with the user is the weak point in client-server communications. Machines can employ crypto-graphical mechanisms to ensure authenticity, integrity, and confidentiality of communication, humans rely on their computer to present data and transmit to a server reliably...
Comments (0)
Is your z/OS System Secure?
August 17, 2010 Added by:Barry Schrager
There is a great article in the current issue of z/Journal Magazine -- Is Your z/OS System Secure? We all assume that our z/OS systems, if properly configured, are secure. But, there is a lot of work to do that and, even then, z/OS and the Independent Software Vendor products, and even your own staff, have system vulnerabilities that can be exploited to circumvent system controls.
Comments (0)
User Review of Puppy Linux 5.0
July 19, 2010 Added by:Brent Huston
I have really come to love Puppy Linux over the last several years. I use it as a LiveCD/USB platform for secure browsing, a Linux OS for old hardware that I donate to a variety of folks and causes, and as a platform for using HoneyPoint as a scattersensor...
Comments (1)
Windows Backdoor: System Access via Hot Keys
July 16, 2010 Added by:Dan Dieterle
You arrive late to your office; well, you did stop at every coffee place on the way in to make sure they were out too, but what did you expect? You rush to your desk, sit down at your keyboard to login and nothing...
Comments (1)
Choosing Your OS is NOT a Security Control
June 23, 2010 Added by:Brent Huston
Just a quick note on the recent Google announcement about dumping Windows for desktops in favor of Linux and Mac OS X. As you can see from the linked article, there is a lot of hype about this move in the press. Unfortunately, dumping Windows as a risk reducer is just plain silly.
Comments (3)
Software Piracy and the World Cup
June 20, 2010 Added by:Danny Lieberman
It’s World Cup season and Mondial fever will probably put a lot of regional conflicts on the back burner for the next month – not to mention put a dent in a lot of family budgets (husbands buying the latest 60 inch Sony Bravia and wives on retail therapy while the guys are watching football)
Comments (0)
Woman Killed By Oxygen Software Failure In Ambulance
June 15, 2010 Added by:shawn merdinger
Earlier this month, several reports about the death of Janice Hall, a Red Wing, Minnesota woman came to light. Specifically, she died in an ambulance as a result of a software failure in the oxygen delivery system caused the system to abruptly shutdown. Apparently, the ambulance EMTs did not notice that the oxygen system had quit for a number of minutes, and thus Janice Hall unfor...
Comments (1)
How to use Metasploit
June 14, 2010 Added by:Mark Bennett
People have been asking me to show some basic metasploit and how you use it. I recently did a security show for the Michigan ISSA folks where we showed everyone how to use it. So I figured I would re-hash that as well as build on it to give you a good feel for what you can do. So I created a video (see video on our site) and in the video I show you how to own a box, as well as different comma...
Comments (5)
Quarantining Granny's Computer
June 09, 2010 Added by:Ron Baklarz
At some time, we all have served as "Help Desk" responders for clueless relatives especially when it comes to security matters pertaining to their home computers and Internet connections. Invariably, Granny is wondering why her computer is running slow and she asks you to take a look.
Comments (5)
Linux crash on a Plane!
June 08, 2010 Added by:shawn merdinger
I don't travel nearly as as much as I used to, yet when I do I always keep a sharp eye out for the technical glitches in devices around me in travel environments. What can I say? It provides me endless amusement. While Linux boxes crashing in airlines' on-board entertainment systems are nothing new, and several photos exist on the Internet depicting these crashes, I'm seeing so...
Comments (1)
AV software on Linux?
June 04, 2010 Added by:Rod MacPherson
I recently got involved in a discussion around the value of AV software on the Linux platform in an Ubuntu user group on Linked-in. Along-side much discussion over what people use and why, there was a fair bit of (in my opinion, misdirected) opinion that AV is not needed on Linux due to how hard it is to write a "virus" for that platform.
Comments (6)
- Improving Security by Failing Faster
- BYOD: Should It Be the Wave of the Future?
- Trend Micro Discovers "SafeNet" - a New Targeted Espionage Operation Online
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)
- Complimentary IT Security Resources [May 13, 2013]
- Steps Toward Weaponizing the Android Platform
- Mobile Security Processes Could Be Applied to Medical Devices: Bluebox