security4all › Comments

Information about standards for information security management and related issues - security4all

***Updated 2/2/09*** ***For sleep to work you must deselect usb wake from sleep and usb legacy mode in bios*** Thanks to all those whose work ... - security4all

Common Weakness Enumeration (CWE) is a list of software weaknesses. - security4all

Large scale DDos attacks have been underway against Kyrgyzstan Internet service providers (ISPs) for several days. This further establishes the emergence of the ‘Cyber Iron-Curtain’ as shown in the schematic diagram above. For examples, the key national web server site Asiainfo.kg and the Kyrgyzstan official domain registration service Domain.kg have only been available intermittently from Jan 18th 09. We are able to confirm the ‘usual suspects’ of well known organized cybercrime servers have been involved, (see Part 2 for details). Although upstream providers in Russia and Kazakhstan have ironically been stating they are refusing to pass traffic because of the scale of the attacks. - security4all

For the third time in two years, Russian computer hackers (and cyber crime gangs) have shut down Internet service in a neighboring country that had offended the Russian government. Back in 2007, it was Estonia. Last year it was Georgia (whose leader had regularly insulted Russian leader Vladimir Putin, often in a very personal way.) This year it's Kyrgyzstan, which is resisting Russian attempts to control world access to Kyrgyzstan's oil and natural gas fields. - security4all

IBM (NYSE: IBM) announced today results from its annual 2008 X-Force Trend and Risk report, which found that corporations are unwittingly putting their own customers at risk for cybercriminal activity. With an alarming increase in attacks using legitimate business sites as launching pads for attacks against consumers, cybercriminals are literally turning businesses against their own customers in the ongoing effort to steal consumers' personal data. - security4all

Active-robots.com the home of high quality Robot kits, controllers and accessories, suitable for educational resource requirements and amateur robotics enthusiasts in the UK - security4all

This is the second of 10 “Why Presentations are going to make it big in 2009” articles. After upcoming books, it is time to speak about already famous speakers. I selected 10 speakers that are improving presentation skills around the world. They plead in favor of simplicity, emotion, storytelling or better design. They all are excellent presenters themselves and I would like to listen to everyone of them in real life - security4all

sapyto is the first SAP Penetration Testing Framework. Fully developed at CYBSEC-Labs, sapyto provides support to information security professionals in SAP platform discovery, investigation and exploitation activities. sapyto is periodically updated with the outcome of the deep research constantly carried out by CYBSEC-Labs on the various security aspects in SAP systems. Although sapyto is a versatile and powerful tool, it is of major importance for it to be used by consultants who are highly skilled and specialized in its usage, preventing any interference with your organization’s usual SAP operation. To obtain further information about specific SAP security services, please visit our SAP Security section. - security4all

This webcast is Part I of a two part series I am doing in collaboration with Core Security Technologies. The presentation is full of tips, tricks, process, and practical knowledge about performing penetration testing within your own organization. Whether you are a third-party doing penetration tests or want to penetration test your internal network, this webcast is for you! In Part I I cover such topics as finding rogue access points, processes for creating a successful penetration testing program, identifying targets, and more! Information and resources are below: - security4all

The basics of router forensics are collecting data from the device that can act as evidence. The standard process involves using issuing the “show” commands and collecting data such as logs and network activity data. Some of this information is detailed below. - security4all

The overall aim of the passed security analysis was to evaluate the BlackBerry Enterprise Solution against well-accepted principles of the IT security community. Fraunhofer Institute SIT testifies the solution’s compliance with state-of-the-art security, provided the published configuration of the solution is used according to Fraunhofer recommendations. Among these recommendations is that companies should change the standard BlackBerry smartphone encryption setting to use AES encryption, and modify the server setup. Adhering to Fraunhofer configuration provides strong protection against known attack methods. It results in a loss of some management features, but does not reduce core functionality. - security4all

another free WAF product on IIS called Webknight and found it to be easy to config and full of nice features. The default configuration file is reasonably tight. In most cases, you would probably want to loosen things up so Webknight won't break your site with false positives. It inspects SQL injection in header, cookies, URL and in POST data. The detection is based on hitting two of the preset SQL keywords. For most cases, this generally works well. It may render false positives with some more complex textarea field that expect various text. Overall, Webknight is a good WAF that can fulfill basic protection needs. - security4all

Metagoofil is an information gathering tool designed for extracting metadata of public documents (pdf,doc,xls,ppt,odp,ods) availables in the target/victim websites. - security4all

Brief Description The Microsoft Security Assessment Tool (MSAT) is a risk-assessment application designed to provide information and recommendations about best practices for security within an information technology (IT) infrastructure. - security4all

Apache had this for a long time. Today IIS team has made the URL Rewrite Module for IIS 7.0 Release To Web (RTW) available for download. This is a final, production-ready release that is officially supported by Microsoft. - security4all

Risk perception and Communication - security4all

Information technology posters, Learning accessories for IT analysts, designers, managers, developers and researchers - security4all

Asus Eee PC 901 Tradition leather case - security4all

Creating organizational transformations: McKinsey Global Survey Results. A Change Management Survey about Creating organizational transformations McKinsey survey by The McKinsey Quarterly. Free registration for most Organization Change Management articles. communicate org change positively, and McKinsey survey results creating organziational changes. If organizational transformations are to succeed, change can’t be thought of as a single, standardized process. - security4all

Forrester analyst Thomas Raschke cuts through the hype to answer some of the FAQs about emerging DLP technology - security4all

The first and best site to offer top quality bump keys and locksmith tools. Sales and an active community offering excellent support - security4all

SANS Internet Storm Center - A global cooperative cyber threat / internet security monitor and alert system. Featuring daily handler diaries with summarizing and analyzing new threats to networks and internet security events. - security4all

Installing BT3 on the eee 901 with drivers, part I Tutorials & Guides - security4all

Find out if you are a Twitter power user - security4all

Tutorial Winlockpwn Tutorials & Guides - security4all

U Blogt Toch Ook? Welke Juridische Regels Zijn Van Toepassing Op Blogs? - security4all

You can have CMDB for free. Let's start a thread of open source CMDB offerings (nothing is really "free", right?). Contributions please!... - security4all

Deze gids bespreekt de belangrijkste juridische kwesties waar je tijdens het bloggen (blogging) in kunt belanden. Denk aan auteursrecht, aansprakelijkheid, smaad en belediging of gebruik van werk van anderen. - security4all

I'm a huge fan of Michael Wesch and what he (and his students) are doing with the Digital Ethnography program at Kansas State University. If you haven't already seen his most brilliant videos Web 2.0 ... The Machine is Us/ing and A Vision of Students Today you really do owe... - security4all