Today, EdgeSecurity released a new tool: ProxyStrike. Like the WebScarab project supported by OWASP, its a web application proxy which will help you to find potential vulnerabilities in your web applications (don’t use it on third parties sites without the owner acknowledgement). Once started, it acts as a normal proxy:
Cisco Acquired Sguil
Announced on TaoSecurity, Cisco acquired Sguil. Sguil is a monitoring tool for network security anaylists. It provides realtime traffic analysis and goes deeper up to the raw packet level. Why is Sguild a nice opportinity for Cisco? It’s developed in TCL and high-end Cisco routers and switches have TCL builtin!
Crontab Security
All UNIX flavors have a command scheduler called cron. Each user can schedule repetitive tasks at regular interval. Example: files cleanup, backups, data synchronization or web sites checks. User space commands are provided for this purpose: crontab to easily schedule your tasks and at to schedule a one-shot command. A
OpenSSH 4.9 is out!
OpenSSH 4.9 is out! This is a “must have” tool for my day-to-day job. Secure remote management, tunneling or file transfer. As usual, lot of bug fixes and improvements. I found the following interesting to notice: Added chroot(2) support for sshd(8) Accept the PermitRootLogin directive in a sshd_config(5) Match block.
Upgraded to 2.5
WordPress 2.5 is out! I successfully upgraded without downtime. The new administration interface looks very nice but, more important, let’s hope that security has been increased. I found this interesting post regarding a WordPress hack here.
Computer Hackers Attack People
Read on Wired, a forum about epilepsy has been hacked last weekend. Why worry? Such incidents happen every day. In this case, the hackers idiots injected JavaScript code to display flashing colors and images! For those who ignore it, people who suffer of epilepsy can have important headaches by just
Log Correlation For Free
Today, log files are everywhere! Each server or network component generates tons of log entries. All of them are interconnected to build complex infrastructures. Log files are often the first and only way to detect unusual events. The problem of security people is to be able the extract the right
Groundwork Security Dashboard
In its professional release, Groundwork has a nice feature: the dashboards. Like in your car, a dashboard helps you to have under control important parameters or values. In Groundwork, dashboards allow administrators: to safely distribute status information to specific group of users or roles to restrict information to specific group
Drive-thru Hijaking
No idea if used radio frequencies are the same in Europe/Belgium but it’s really funny!
TG’08
In a previous post, I talked about WeatherMap. A reader sent me this very nice map: The Gathering (aka TG) is a major data party event in Norway happening in the Easter. Check once how much bandwidth is used! Amazing!