Children like to play in a sandbox. Computer users should also play in sandboxes… to increase their security! A sandbox is a mechanism (a software) used to execute untrusted applications. A sandbox can be seen as a light-virtualization system. True virtualization (performed with products like VMware, VirtualBox or Virtual PC)
Tag: Security
Spoofed User-Agent by AVG
I just read an interesting story on The Register: It seems that the latest AVG antivirus is generating a lot of web traffic with spoofed user-agents (IE6). Read the story here: http://www.theregister.co.uk/2008/06/26/avg_disguises_fake_traffic_as_ie6/.
PktAnon : Packet Trace Anonymization Tool
A few weeks ago, I wrote a post about packet capture anonymization. When you have to share traces with other parties, anonymization can be a requirement. A new tool is available: PktAnon.
Security Screensavers
Everybody use screensavers! Initially, the purpose of those little applications was to preserve the phosphor used in CRT displays. There are thousands of screensavers available (well known are floating texts, slideshows, fireworks, etc). But screensavers can also be used to display useful information to the user and why not security
Microsoft: NAP Infrastructure Planning and Design (IPD) Guide
Microsoft (via the Solutions Acceleratos team) published an interesting document about NAP: “ Selecting the Right NAP Architecture“.
(IN)SECURE Magazine #17
(IN)SECURE Magazine issue 17 (July 2008) is out! Open redirect vulnerabilities: definition and prevention The future of security is information-centric Securing the enterprise data flow against advanced attacks Bypassing and enhancing live behavioral protection Security flaws identification and technical risk analysis through threat modeling Migration from e-mail to web borne
New SANS Papers
The SANS Institute released two interesting new papers: Host Intrusion Prevention Systems and Beyond Security Policy for the use of handheld devices in corporate environments
Microsoft, HP ship free tools to protect Web sites from hackers
Microsoft and HP released free tools to help web developers to protect their sites against SQL injection attacks. Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9103138&intsrc=hm_list.
Fired Due to a Malware!
The following story has been relayed by several blogs and newspapers. An employee was fired for violation of its company computer usage policy: Child porn was found on his laptop. The first human reaction facing such evidences is not always the best one: “Guilty!”. A computer forensics analyst spent one
Lynis: Security and System Auditing Tool
Michael Boelen announced today a new release of his tool called Lynis dedicated to UNIX specialists. Michael is also the developer of RootKit Hunter. Quote from the homepage: “Lynis is an auditing tool for Unix (specialists). It scans the system and available software, to detect security issues. Beside security related