Save Your Site
For the fullest online security, companies need the broadest array of defenses. Many commercial sites maintain firewalls to control access and allow certain kinds of content (or people) in or out. Most encrypt sensitive data like credit card numbers in transit over the Internet. Yet web applications inside your firewall are essentially wide-open targets. Holes and vulnerabilities in commercial web software constantly crop up and need to be filled or plugged with upgrades or patches from vendors.
Businesses can't afford to wait passively for security glitches to be discovered and fixed manually. And continually fixing code written in-house by hand is an expensive, time-consuming and never-ending task. In fact, most sites add so much new code every day that they could never hope to keep up by patching or fixing holes manually. This makes a majority of sites essentially insecure.
Sanctum's AppShield™ can make your online business all but impenetrable to Web Perversion. And our AppScan™ software can show you where your applications are vulnerable, and recommend how to fix them.
Protecting the applications running at the heart of your online business by manually patching or upgrading is a strategy that will fail you, sooner or later.
Monday, July 30, 2001
SECUROM
SecuROM™ is a PC CD-ROM copy protection solution developed by Sony DADC. Together with its sister plants Sony DADC is the world market leader in CD replication services. Protect your profits with SecuROM™and see what a difference it makes.
SecuROM™ is a PC CD-ROM copy protection solution developed by Sony DADC. Together with its sister plants Sony DADC is the world market leader in CD replication services. Protect your profits with SecuROM™and see what a difference it makes.
The Spread of the Code-Red Worm (CRv2)
Around 10:00 UTC in the morning of July 19th, 2001 a random seed variant of the Code-Red worm (CRv2) began to infect hosts running unpatched versions of Microsoft's IIS webserver. The worm spreads by probing random IP addresses and infecting all hosts vulnerable to the IIS exploit. As noted by others, there are at least two variants of the worm: one that used a fixed, static seed for its random number generator, and another that used a random seed. [eeye] [stuart] In this paper, we examine the characteristics of the random seed variant of Code-Red (CRv2).
Around 10:00 UTC in the morning of July 19th, 2001 a random seed variant of the Code-Red worm (CRv2) began to infect hosts running unpatched versions of Microsoft's IIS webserver. The worm spreads by probing random IP addresses and infecting all hosts vulnerable to the IIS exploit. As noted by others, there are at least two variants of the worm: one that used a fixed, static seed for its random number generator, and another that used a random seed. [eeye] [stuart] In this paper, we examine the characteristics of the random seed variant of Code-Red (CRv2).
ITNet exposes job seekers' details online
A job applicant to IT services firm ITNet had more to worry about than company perks after sensitive details from his application form were left accessible online.
Thursday, July 26, 2001
FAQ and Guide to Cracking
I am going to describe the methods and strategies used to access various UNIX hosts among the internet unauthorizedly. This guide will not teach you how to hack, neither do you have to be a hacker to use the techniques described here. Hacking means finding your own way to do it, and finding new approaches to accomplishing something. I am only going to supply you with one possible approach to cracking.
I am going to describe the methods and strategies used to access various UNIX hosts among the internet unauthorizedly. This guide will not teach you how to hack, neither do you have to be a hacker to use the techniques described here. Hacking means finding your own way to do it, and finding new approaches to accomplishing something. I am only going to supply you with one possible approach to cracking.
Commonly overlooked audit trails on intrusions
This is my attempt of compiling a 'top list' of audit trails that
are being left after intrusions where the intruders try to cover their
tracks but don't do a good job. To put it short, there are actually
a lot of audit trails on a normal UNIX system, which can almost all
be overcome, but with some effort, that most intruders evade.
This is my attempt of compiling a 'top list' of audit trails that
are being left after intrusions where the intruders try to cover their
tracks but don't do a good job. To put it short, there are actually
a lot of audit trails on a normal UNIX system, which can almost all
be overcome, but with some effort, that most intruders evade.
Protecting against the unknown - improving information security for the future
This paper attempts to define the problem and answer the question:
What pure or applied technical measures can be taken to protect the Internet against future forms of attack?
This paper attempts to define the problem and answer the question:
What pure or applied technical measures can be taken to protect the Internet against future forms of attack?
Wednesday, July 25, 2001
Inside the E-Mails of a Spy
The following are representative samples of Robert P. Hanssen's thinking on various issues, from the breakdown in security at DOE facilities and Clinton-administration bungling to Israeli intelligence operations to Fidel Castro and the Elian Gonzalez case. All are taken from a collection of Hanssen's e-mails.
The following are representative samples of Robert P. Hanssen's thinking on various issues, from the breakdown in security at DOE facilities and Clinton-administration bungling to Israeli intelligence operations to Fidel Castro and the Elian Gonzalez case. All are taken from a collection of Hanssen's e-mails.
Inside the E-Mails of a Spy
The following are representative samples of Robert P. Hanssen's thinking on various issues, from the breakdown in security at DOE facilities and Clinton-administration bungling to Israeli intelligence operations to Fidel Castro and the Elian Gonzalez case. All are taken from a collection of Hanssen's e-mails.
The following are representative samples of Robert P. Hanssen's thinking on various issues, from the breakdown in security at DOE facilities and Clinton-administration bungling to Israeli intelligence operations to Fidel Castro and the Elian Gonzalez case. All are taken from a collection of Hanssen's e-mails.
STUDY MANUAL COUNTER INTELLIGENCE PROLOGUELN324
The purpose of this booklet is to present basic information on the mission and activities of Counter Intelligence. But, with the understanding that the primary mission is to support the commanders of the armed forces. This booklet is dedicated to the concepts of Counter Intelligence in relation with its functional areas, the application of these functions, and a specific dedication and instructions on how to apply these functions. The terms "special agent of Counter Intelligence" (SA) refers to all those persons who conduct and contribute to the handling and gathering of information of the
multi-disciplinary intelligence of the hostile services. This booklet is
primarily oriented at those persons involved in the control and execution of the operations of CI. In like manner, this booklet has a very significant value for other members of the armed forces that function in the areas and services of security and other departments of intelligence.
The purpose of this booklet is to present basic information on the mission and activities of Counter Intelligence. But, with the understanding that the primary mission is to support the commanders of the armed forces. This booklet is dedicated to the concepts of Counter Intelligence in relation with its functional areas, the application of these functions, and a specific dedication and instructions on how to apply these functions. The terms "special agent of Counter Intelligence" (SA) refers to all those persons who conduct and contribute to the handling and gathering of information of the
multi-disciplinary intelligence of the hostile services. This booklet is
primarily oriented at those persons involved in the control and execution of the operations of CI. In like manner, this booklet has a very significant value for other members of the armed forces that function in the areas and services of security and other departments of intelligence.
When Secrets Crash
When a passenger airliner crashes, investigators from the National Transportation Safety Board quickly arrive on the scene to try to determine what went wrong. Press conferences and press coverage follow. The NTSB Web site notes that media are briefed at least once a day by one of the board members accompanying the investigating team and that a public affairs officer maintains contact with the media. Viewers of the nightly news often see aerial images of the crash site. The flight and airplane involved will be precisely identified by the airline and NTSB. Eventually, the public can expect a detailed report on the conclusions.
Things can be very different when the crash involves a military aircraft--particularly if it is an airplane whose existence or mission the United States has not yet acknowledged or that carries particularly sensitive equipment. Over the years, a variety of secret intelligence and military aircraft have crashed, and the specifics of US government responses have varied--sometimes as the result of the different circumstances of the crashes, other times as the result of different rules for dealing with the press queries concerning classified programs. However, preserving secrecy has been a constant objective.
When a passenger airliner crashes, investigators from the National Transportation Safety Board quickly arrive on the scene to try to determine what went wrong. Press conferences and press coverage follow. The NTSB Web site notes that media are briefed at least once a day by one of the board members accompanying the investigating team and that a public affairs officer maintains contact with the media. Viewers of the nightly news often see aerial images of the crash site. The flight and airplane involved will be precisely identified by the airline and NTSB. Eventually, the public can expect a detailed report on the conclusions.
Things can be very different when the crash involves a military aircraft--particularly if it is an airplane whose existence or mission the United States has not yet acknowledged or that carries particularly sensitive equipment. Over the years, a variety of secret intelligence and military aircraft have crashed, and the specifics of US government responses have varied--sometimes as the result of the different circumstances of the crashes, other times as the result of different rules for dealing with the press queries concerning classified programs. However, preserving secrecy has been a constant objective.
U.S. News: China: How big a threat? (7/23/01)
It was originally created by the U.S. Air Force and is now entrusted with some of the U.S. government's most sensitive and secretive national security studies. So executives at Rand, a think tank based in Santa Monica, Calif., were stunned when intelligence officials called on June 8 to say they were firing Rand from a classified project ordered by Congress to assess China's future military capabilities. The National Intelligence Council (NIC), a group that reports directly to CIA chief George Tenet, concluded that Rand was failing to do its job adequately and decided it needed to hire another contractor.
It was originally created by the U.S. Air Force and is now entrusted with some of the U.S. government's most sensitive and secretive national security studies. So executives at Rand, a think tank based in Santa Monica, Calif., were stunned when intelligence officials called on June 8 to say they were firing Rand from a classified project ordered by Congress to assess China's future military capabilities. The National Intelligence Council (NIC), a group that reports directly to CIA chief George Tenet, concluded that Rand was failing to do its job adequately and decided it needed to hire another contractor.
Fight over Euro-intelligence plans
The sudden closure of one of the world’s largest spy stations is a potential harbinger of confrontation between the U.S. and Germany.
The sudden closure of one of the world’s largest spy stations is a potential harbinger of confrontation between the U.S. and Germany.
Thursday, July 19, 2001
The alt.2600 FAQ file on hacking, including loops
The purpose of this FAQ is to give you a general introduction to the topics covered in alt.2600 and #hack. No document will make you a hacker.
The purpose of this FAQ is to give you a general introduction to the topics covered in alt.2600 and #hack. No document will make you a hacker.
Internet Storm Watch Project
Today Internet Storm Center gathers more than 3,000,000 intrusion detection log entries every day. It is rapidly expanding in a quest to do a better job of finding new storms faster, isolating the sites that are used for attacks, and providing authoritative data on the types of attacks that are being mounted against computers in various industries and regions around the globe. Internet Storm Center is a free service to the Internet community. The work is supported by the SANS Institute from tuition paid by students attending SANS security education programs.
.:[packet storm]:.
An extremely large and current security tools resource which is for the community, by the community. Packetstorm is a non-profit organization kept alive for the sole purpose of helping secure the World's networks.
Wednesday, July 18, 2001
GaRe's Free Security Info
This site is dedicated to protecting internet users from Denial of Services (Dos) attacks for windows, explotes, by providing ways of protecting your system. These pages up to date with the most recient attacks, and explotes. If this page is missing a protection you know is avalible, has incorrect information, or missing information on some explote, please let me know.
A rogue's gallery of denial of service attacks
Tuesday, May 22, started out as just another day at CERT Coordination Center at Carnegie Mellon University in Pittsburgh. By day's end, CERT, widely regarded as the Fort Knox of computer security, would be knocked off the net by a distributed denial of service (DDoS) attack. In 2001, even the crème de la crème of network security is vulnerable. If it can happen to CERT, it can happen to you.
Tuesday, May 22, started out as just another day at CERT Coordination Center at Carnegie Mellon University in Pittsburgh. By day's end, CERT, widely regarded as the Fort Knox of computer security, would be knocked off the net by a distributed denial of service (DDoS) attack. In 2001, even the crème de la crème of network security is vulnerable. If it can happen to CERT, it can happen to you.
Monday, July 16, 2001
Secure Online Behavior: Developing Good Security Habits
The Internet has evolved to be a fundamental business innovation with a clearly demonstrated ability to positively affect organizations as well as individuals. Unfortunately, the Internet was not designed with security in mind - it is inherently insecure. Regardless of how many anti-virus programs, firewalls, and other security programs computer users may use, security continues to be a serious issue. And human error continues to be the weakest link in the security chain.
While human error can never be entirely eliminated, it can certainly be minimized. One of the best things that users can do to protect themselves and their information is to be aware of which behaviors may place them at risk, and to eliminate those behaviors. This article is the first in a series of three that will attempt to introduce readers to good security habits. This installment will offer a brief overview of some of the security threats that prey on bad user habits, and will introduce some fundamental secure habits that should be used for all computer applications. The ensuing articles will offer more in-depth examinations of the threats posed specifically by e-mail and Internet usage, and the habits that users can adopt to minimize the risks posed by these threats.
The Internet has evolved to be a fundamental business innovation with a clearly demonstrated ability to positively affect organizations as well as individuals. Unfortunately, the Internet was not designed with security in mind - it is inherently insecure. Regardless of how many anti-virus programs, firewalls, and other security programs computer users may use, security continues to be a serious issue. And human error continues to be the weakest link in the security chain.
While human error can never be entirely eliminated, it can certainly be minimized. One of the best things that users can do to protect themselves and their information is to be aware of which behaviors may place them at risk, and to eliminate those behaviors. This article is the first in a series of three that will attempt to introduce readers to good security habits. This installment will offer a brief overview of some of the security threats that prey on bad user habits, and will introduce some fundamental secure habits that should be used for all computer applications. The ensuing articles will offer more in-depth examinations of the threats posed specifically by e-mail and Internet usage, and the habits that users can adopt to minimize the risks posed by these threats.
Subscribe to:
Posts (Atom)
