• Microsoft Issues IE Security Advisory in Response to Attack Reports

    Updated: 2012-12-31 18:15:00
    The vulnerability affects Internet Explorer versions 6, 7 and 8, according to the company.

  • ISC StormCast for Monday, December 31st 2012 http://isc.sans.edu/podcastdetail.html?id=3019, (Mon, Dec 31st)

    Updated: 2012-12-31 01:29:51
    ...(more)...

  • Music: “The Ocean”

    Updated: 2012-12-30 14:33:01
    :

  • Chrome Extensions for Pentest

    Updated: 2012-12-29 19:25:00

  • The Best Business Growth Posts of 2012 | Tom Tunguz

    Updated: 2012-12-29 14:03:06
    Top 10 Blog Posts of 2012 Founders, teach your employees statistics Your Startup’s Top 3 Priorities: Distribution, Monetization & Engagement Your Startup’s 10 Most Important Metrics All great managers are alike Six-step framework to make strategic decisions The trinity of product design The 11 risks VCs evaluate Anatomy of a Reference Check Startup Judo What to look for when hiring a data scientist via tomtunguz.com </p Posted via email from danielmiessler.com | posterous Related Posts:Generalists Aren’tCloudFlare Implements Authy Two-factor | TechCrunchAbolish The Reference Check | TechCrunchNew Malware Protection Using Big Data Analytics From SourcefireGoogle Buys Security Analytics Software Developer Zynamics

  • How to Find Lost Items

    Updated: 2012-12-29 13:56:41
    The Twelve Principles My method is based on what I call the Twelve Principles—a set of precepts designed to lead you directly to any lost object. Like a bloodhound! The Twelve Principles are:  . Don’t Look for It  . It’s Not Lost—You Are  . Remember the Three C’s  . It’s Where It’s Supposed to Be  . Domestic Drift  . You’re Looking Right at It  . The Camouflage Effect  . Think Back  . Look Once, Look Well 10. The Eureka Zone 11. Tail Thyself 12. It Wasn’t You These Principles are the core of my method. So—let’s get right into them. Let’s find that missing object of yours. On to Principle One! via professorsolomon.com Posted via email from danielmiessler.com | posterous Are All Drug Reps Hot? | The Last PsychiatristThere’s more to HTML escaping than &, <, >, and ” | WonkoThis is an Epic ParagraphLabelass | Scott AdamsPennies Cost More to Make Than They’re Worth

  • Futuristic Predictions That Came True in 2012

    Updated: 2012-12-29 13:45:55
    Yesterday we told you about the biggest scientific breakthroughs of 2012. But now we turn our attention to those developments that make us realize just how futuristic things are quickly becoming. And the past year provided no shortage of futureshock. We watched a cyborg compete at the Olympic Games, and marveled at the news that NASA was actually working on a faster-than-light warp drive. It was also a year that featured the planet’s first superstorm, the development of an artificial retina — and primates who had their intelligence enhanced with a chip. Here are 16 predictions that came true in 2012. via io9.com Posted via email from danielmiessler.com | posterous Related Posts:Daring Fireball on iPhone DisruptionConservatives Should Learn About Climate Science From Nate Silver | Science-Based LifeiOS Getting Native Maps Soon?The Best Business Growth Posts of 2012 | Tom TunguzBalsamiq 2.2 Released | Balsamiq

  • Reading in 2013

    Updated: 2012-12-29 13:38:43
    I’m going to read a considerable number of books in 2013. Like, 50. Related Posts:The 2013 BMW 5-Series Gets a Power BoostOne of the Worst Things You Can Say in 2013Time Spent Not Reading Books is Time WastedThe Rift Between UsBooks I Want to Read, But Can’t

  • Node.js: Resolving &#8216;Cannot fiind module&#8217; Issues

    Updated: 2012-12-29 04:51:41
    :

  • My Current Thoughts on Gun Control

    Updated: 2012-12-29 02:39:04
    Like many others, I’ve been in a number of debates about gun control in recent weeks. Here are my main thoughts on the topic: The goal of any gun rights or legislation that limits those rights should be that of reducing suffering and increasing happiness for Americans. That is the moral goal, and all other considerations should be subordinate to it. The Second Amendment held to that standard when it was created by attempting to ensure that America would be able to defend itself if attacked. Regardless of what we believe now to be the case, we must realize this was true at the time, could still be true now, and we must apply an EXTREMELY high standard to anything wishing to oppose that precedent. Many are dying each year due to gun violence, and something should be done about that. Emotional reactions to stimuli, especially when the solution requires a cool evaluation of data and the careful application of reason, is nearly always a poor idea. Proof of emotion being a poor impetus for legislation is evident in recent “Assault Rifle” bans that focus on weapons that look “military” or hold magazines with too many rounds in them. These “feel” effective but absolutely are not. Looks don’t equate to function, and the recent mass shootings all employed multiple magazines–not a couple of them with large capacity. Rather than focus on outlawing guns we should first do a comprehensive analysis of all mass shootings in the last 25 years and determine their attributes. What weapons? What was the legal status of the shooter? What was his mental status? Were the guns legal? What type were they? What types of magazines and ammunition were used? That data should be juxtaposed with any proposed legislation to determine if it would actually make a difference or if it merely “feels” effective. Very few people think all guns should be illegal for law-abiding home owners, i.e. most think people should be allowed to own handguns and rifles on their own property, not only just as a natural right but also due to the second amendment. Very few people think all guns should be legal–even for law-abiding home owners, e.g. rocket launchers and chemical weapons. Since we agree on the extremes, the question is mostly one of where to mark the sand regarding what is allowed and not allowed, for who, and where. I believe the best approach is not to ban guns for law-abiding citizens, but to instead implement very strict responsibility laws for anyone buying or selling them, and to conduct a massive program to remove unregistered weapons. Basically, ensure every gun out there is registered to someone with training for that type of weapon, and that they are aware they are responsible for anything that happens with the weapon. Suicide, accidental shooting, mass shooting massacre–they all fall on the head of the gun owner for not properly securing it. So, extremely high standards for gun ownership, with most all guns being obtainable, and extreme consequences for the gun owner if they are misused. So, a course of action toward improvement might look like: Take no emotional action after an incident. Any law passed during that time is likely to be significantly flawed. Perform rigorous analysis of the attributes of the negative incidents of the last 25 years. Measure all proposed legislation against the standard of helping in most, if not all, of those cases. Raise the standards for attaining guns in the first place and confiscate all weapons that are not properly owned. This will include much more lengthy background checks, with strong focus on mental health. Ensure that mental health situations are linked with gun possession, e.g. if someone is mentally ill in a family that has guns present, or the gun owner himself is mentally ill, action should be taken to ensure they do not become a threat. Raise the punishments associated with someone’s gun being used improperly–even if they weren’t the ones using it. Allow properly trained and law-abiding citizens to have most any type of gun, as the fact that it’s associated with them and they had to get certified on it will prevent most crime from anyone who would take those steps. Remove the guns that are not properly owned in the fashion laid out above, and severely punish those who break laws related to their ownership and distribution. In short, allow most any weapon to be obtained by law-abiding citizens who have gone through the proper, rigorous background checks and training commensurate with the type of weapon being requested. For concealed carry and other location-based laws, have additional training classes required, and open up reciprocity to be national rather than regional.For example, the standard for having a basic handgun or rifle in the home only would be fairly low. Proof of training on the weapon (safety and use), proof of legal purchase of the weapon, and proof of proper secure storage mechanism. Then, when the owner wanted to add concealed personal carry, or carrying in their vehicle, to their permit, they would go through that training and certification as well. This would be extremely high quality training and it would be available to ANYONE who passes the background check that includes mental health, criminal record, etc. And the cost would be relatively negligible. The cost for the first level (weapons in home) would be virtually nothing so that you don’t have a fee to be compliant with the spirit of the 2nd amendment. And if someone wanted a Berrett .50 sniper rifle, they could get that too. They prove they went to the course to use it, that they can safely store it, and that they don’t have any background issues that should prevent ownership of it, then the law gives them the benefit of the doubt. Of course, as the weapons get more extreme the scrutiny should as well. If you live 5 miles from a known militia group who has threatened the POTUS, then that’s perhaps a reason to deny the application. But these should be extremely rare. There would also be regular retraining/recertification required according to the types of weapons owned, with most being very cheap all the way up through basic home weapons and basic weapons being concealed carry and carry in the car. The more exotic weapons could be more expensive to own just because of the training required and the additional risk (the money and training requirements are a good filter). I think this type of system would both allow Americans to have their guns while simultaneously increasing the safety of the populace over what we have today. Gang violence with guns would largely go away because the guns wouldn’t be available, people with mental illness wouldn’t be committing so many mass shootings because gun owners would have strict control over legal weapons, and random acts of violence would be significantly more likely to be met with the weapons of law-abiding citizens who could stop the incident before it became worse. Thoughts? Related Posts:A Logical Approach To Gun LawsRight-To-Carry Laws Are GoodA Look at Obama’s View on Gun ControlGuns on University Campuses as a Microcosm of Larger SocietySome Thoughts on the Events in Newtown

  • Why French Parents Are Superior &#124; Pamela Druckerman

    Updated: 2012-12-28 21:20:57
    But these public services don’t explain all of the differences. The French, I found, seem to have a whole different framework for raising kids. When I asked French parents how they disciplined their children, it took them a few beats just to understand what I meant. “Ah, you mean how do we educate them?” they asked. “Discipline,” I soon realized, is a narrow, seldom-used notion that deals with punishment. Whereas “educating” (which has nothing to do with school) is something they imagined themselves to be doing all the time. One of the keys to this education is the simple act of learning how to wait. It is why the French babies I meet mostly sleep through the night from two or three months old. Their parents don’t pick them up the second they start crying, allowing the babies to learn how to fall back asleep. It is also why French toddlers will sit happily at a restaurant. Rather than snacking all day like American children, they mostly have to wait until mealtime to eat. (French kids consistently have three meals a day and one snack around 4 p.m.) via online.wsj.com Fascinating. This is part of my current belief that two things are most important to teach children: self-discipline (patience), and creativity. The manners and good morals, etc. are defaults and don’t even need to be mentioned. Those are the two important ones. Posted via email from danielmiessler.com | posterous Related Posts:The FrenchWhy French Women Don’t Get Fat: An Interesting Perspective on Diet and HealthNew Jersey Wine Competes with French Wine, at 5% of the CostInsane French WomenDisciplined Parents Tend Not to Have Kids With ADD

  • One of the Worst Things You Can Say in 2013

    Updated: 2012-12-28 21:11:16
    Saying “I regret having children” is one of the most taboo sentences in our society. Until we address that taboo, we are unlikely to find an honest answer as to whether having children really is a source of fulfilment. via news.ycombinator.com Posted via email from danielmiessler.com | posterous Related Posts:<liSteve Jobs on Doing What You Want ToWhy read books if we can’t remember what’s in them? | Hacker NewsSoutherners Got Their Accents from Their Slaves?Hacker News | Stanford Research on Happiness and MeaningThe Worst Argument In The World | Less Wrong

  • The National Defense Angle of Gun Control

    Updated: 2012-12-28 19:21:04
    Silly idea: what if we shouldn’t be limiting gun type and magazine size because it limits homeowners from being able to participate in our defense if we’re attacked on our land. What if someone like China invades us in 30 years, and everyone only has two round clips in the name of public safety. Wouldn’t we have a higher chance of getting trounced? And wouldn’t that be a direct result of going against the second amendment? I’m not saying there aren’t reasons to control guns, I think that is equally obvious, but shouldn’t we be weighing national defense in the other side of the balance–especially since that was kind of the purpose of putting it in there in the first place? Related Posts:A Look at Obama’s View on Gun ControlIdea: Centrally Controlled National BotnetThe NRA Prevents Gun Research | Boing BoingMy Current Thoughts on Gun ControlRepost: Elitism as a Self-Defense Mechanism

  • Mount Diablo and the Moon II

    Updated: 2012-12-28 18:56:24
    Instagram version. Related Posts:Mount Diablo and the Moon<liOur Earth’s Timeline, Scaled to One YearHow the States Voted by EducationNew Cisco Switch For the HouseMe, According to Google

  • Click Through This NYT Article

    Updated: 2012-12-28 18:54:49
    This is what HTML5 can do. http://www.nytimes.com/projects/2012/snow-fall/?pagewanted=all#/?part=tunnel-creek Related Posts:What Do Women Find Sexually Attractive?No Jobs and No Infrastructure: The Solution Seems Obvious | NYTimesGreat TV Happens When There’s a Quality War | NYTimes.comWhy Fathers Really Matter | NYTimes.comSnow Shoe Artist

  • Music: Lana Del Rey

    Updated: 2012-12-28 18:27:29
    :

  • ISC StormCast for Friday, December 28th 2012 http://isc.sans.edu/podcastdetail.html?id=3016, (Fri, Dec 28th)

    Updated: 2012-12-28 03:24:30
    ...(more)...

  • Mount Diablo and the Moon

    Updated: 2012-12-28 01:23:49
    Taken a few minutes ago on the 101. Related Posts:Mount Diablo and the Moon IIOur Earth’s Timeline, Scaled to One YearHow the States Voted by EducationNew Cisco Switch For the HouseMe, According to Google

  • It's 3pm 2 days after Christmas, do you know where your unmanaged SSH keys are?, (Thu, Dec 27th)

    Updated: 2012-12-27 21:21:08
    An article that may have gone overlooked since it was published on Christmas by the Washington Ti ...(more)...

  • Enterprises Starved for Security Threat Data to Justify Budget Hikes

    Updated: 2012-12-27 13:30:00
    The vast majority of businesses use publicly released threat reports to create their security strategy and need better data, according to a survey by one security firm.

  • News: W3 Total Cache vulnerability allows hacker to steal password and db info

    Updated: 2012-12-27 03:40:00

  • ISC StormCast for Thursday, December 27th 2012 http://isc.sans.edu/podcastdetail.html?id=3013, (Thu, Dec 27th)

    Updated: 2012-12-27 01:05:25
    ...(more)...

  • 0day grep DoS

    Updated: 2012-12-27 00:25:00

  • Anonymously uploading or host files with Anonfiles.com

    Updated: 2012-12-27 00:18:00

  • ISC StormCast for Wednesday, December 26th 2012 http://isc.sans.edu/podcastdetail.html?id=3010, (Tue, Dec 25th)

    Updated: 2012-12-25 22:43:40
    ...(more)...

  • Noam Chomsky speaks personally about work, learning and freedom

    Updated: 2012-12-25 21:21:30
    ,

  • Smart People on Free Will

    Updated: 2012-12-25 20:12:23
    I do not believe in free will. Schopenhauer’s words: ‘Man can do what he wants, but he cannot will what he wills,’ accompany me in all situations throughout my life and reconcile me with the actions of others, even if they are rather painful to me. This awareness of the lack of free will keeps me from taking myself and my fellow men too seriously as acting and deciding individuals, and from losing my temper. ~ Albert Einstein in “My Credo” When a man acts in ways that annoy us we wish to think him wicked, and we refuse to face the fact that his annoying behavior is a result of antecedent causes which, if you follow them long enough, will take you beyond the moment of his birth and therefore to events for which he cannot be held responsible by any stretch of the imagination. ~ Bertrand Russell in Has Religion Made Useful Contributions to Civilization It is hard to imagine how free will can operate if our behavior is determined by physical law, so it seems that we are no more than biological machines and that free will is just an illusion.” ~ Stephen Hawking Related Posts:Betrand Russell on Free WIllAbsolute vs. Practical Free WillThe Belief in Supernatural Free Will as a Significant Source of Human SufferingEinstein on God’s ResponsibilityA Clarification on My Free Will Position

  • Clueless in 2012

    Updated: 2012-12-25 08:19:47
    I’m trying to figure out if it’s ok to look down on others for being ignorant of how the world works. More specifically, I’m trying to figure out what the criteria are, since I know I’m ok with being selective in this way. I just don’t know where the bar is. For example, if someone lives in the United States and believes homosexuals are bad people who should be “fixed” or punished, in 2013, then I am ok with looking down on them. If they believe they have evidence of life after death, when they don’t, then I’m ok with discounting them. If they think their race is superior to other races, just because they were taught that and they haven’t broken free yet, then I’m ok with dismissing them. But where does this start and stop? I’ve expressed elsewhere that I think there are minimums for being knowledgable in a modern world, e.g. knowing we don’t live after we die, knowing we don’t have free will, etc. But so few people accept these things to be true that I’d have very few people to talk to if that was some sort of litmus test. Furthermore, many people who accept these truths could be assholes, while clueless people of all varieties could be extraordinary human beings far more worth of friendship and love. And finally, in a world without free will, what does it mean to be worthy of something. Or to look down at someone for being an idiot? Who’s fault is that? What…um…choice did they have? Essentiallly, I’m ok being selective about who I spend time with to some degree, but I should not be selective about who I am kind to–at least not if I want to have any sort of consistency to my actions within the context of both compassion and an acceptance of the lack of free will. How are you managing this obstacle course? Also, consider that I’m not advocating doing anything that doesn’t already happen in schools all across the world. We judge people who believe silly things every day. We judge them by isolating them. We judge them by not being close to them. We judge them by not giving them good grades on exams. People who believe things that are not true should face consequences. If you deny gravity or evolution or global warming, this has consequences. And we should stop pretending that other, more protected, instances of this sort of reality denialism are fundamentally different. [ EDITED: Changed 'elitist' to 'selective', and added more support around how teaching already does this. ] Related Posts:The Pope is EvilThe Simple Truth About Religion That Liberals IgnoreBasic Beliefs of the Modern HumanThe Belief in Supernatural Free Will as a Significant Source of Human SufferingThe Connection Between Denying Evolution and Denying Man-made Global Warming

  • Movies on Christmas

    Updated: 2012-12-25 08:07:28
    I think Susan and I will probably see at least a couple of movies tomorrow: LeMis and Django. And maybe the Tom Cruise flick as well. It’s just us, no family, and most people will be occupied. Seems like a good use of a day to me. That and a buffet-style meal somewhere in the city. It’ll be a good day. Related Posts:New Movie: FirewallWarren Buffet Supports Obama: Why Don’t You?Go See the Movie “Redbelt”Why Learning Self Defense Is A Good ThingShe Bought Me My Watch

  • Santa's Gift... The Twelve Days of Cyber Christmas, (Tue, Dec 25th)

    Updated: 2012-12-25 07:33:13
    Merry Christmas On the twelfth day of Cyber Christmas my true CPU gave ...(more)...

  • Howto: Perl Script For Lookup Mac Address.

    Updated: 2012-12-25 06:56:00

  • This is an Epic Paragraph

    Updated: 2012-12-25 04:26:08
    So start with an interesting hypothetical: does everybody need to work anymore? I understand work from an ethical/character perspective, this is not here my point. Since we no longer need e.g. manufacturing jobs– cheaper elsewhere or with robots– since those labor costs have evaporated, could that surplus go towards paying people simply to stay out of trouble? Is there a natural economic equilibrium price where, say, a U Chicago grad can do no economically productive work at all but still be paid to use Instagram? Let me be explicit: my question is not should we do this, my question is that since this is precisely what’s happening already, is it sustainable? What is the cost? I don’t have to run the numbers, someone already has: it’s $150/mo for a college grads, i.e. the price of food stamps. Other correct responses would be $700/mo for “some high school” (SSI) or $1500/mo for “previous work experience” (unemployment). I would have accepted $2000/mo for “minorities” (jail) for partial credit. via thelastpsychiatrist.com from danielmiessler.com | posterous Related Posts:Labelass | Scott AdamsWhy Unemployment Matters | The AtlanticAre All Drug Reps Hot? | The Last PsychiatristPennies Cost More to Make Than They’re WorthFear of Success – Letters to a Friend

  • Merry Christmas!, (Mon, Dec 24th)

    Updated: 2012-12-24 22:02:19
    We wish all our readers Merry Christmas and hope you enjoy a lot with your families tonight. We ...(more)...

  • Google blocks silent Chrome extension installation, (Mon, Dec 24th)

    Updated: 2012-12-24 22:02:04
    According to chromium blog, Google Chrome 25 wont allow anymore silent extensions installs. ...(more)...

  • Howto: ARP Poisoning Shell Script By Pentestlab

    Updated: 2012-12-24 04:20:00

  • Howto: Benchmarks your web server with Apache Benchmarks

    Updated: 2012-12-24 04:08:00

  • IBM Security Access Manager 7.0 Now Available

    Updated: 2012-12-20 22:00:00
    IBM announced the release of IBM Security Access Manager 7.0 with better security for Web, cloud and mobile apps, and services.

  • Obama Administration Outlines National Information Sharing Strategy

    Updated: 2012-12-20 21:05:00
    The NSISS broadly outlines how the Obama administration wants to promote the secure sharing of national security information.

  • UpClicker Trojan Aims to Foil Automated Analysis

    Updated: 2012-12-20 17:40:00
    A simple yet effective technique continues malware writers' campaign to slow down the automated detection of their malicious programs.

  • WatchGuard Debuts XCS 280, XCS 580 Security Appliances

    Updated: 2012-12-20 13:00:00
    The XCS 280 and XCS 580 offer data loss prevention features and protection against spyware, network attacks and Web-based threats.

  • ScriptLogic Active Administrator - Voted WindowSecurity.com Readers' Choice Award Winner - Network Auditing Software

    Updated: 2012-12-20 09:00:23
    ScriptLogic Active Administrator was selected the winner in the Network Auditing Software category of the WindowSecurity.com Readers' Choice Awards. GFI LANguard and Netwrix Change Reporter Suite were runner-up and second runner-up respectively.

  • Howto: Reset Mac admin password

    Updated: 2012-12-20 00:58:00

  • Batchwiper: How I Learned to Worry Less and Love Least Privilege Security

    Updated: 2012-12-19 22:20:53
    With news coming from Iran’s CERT of a nasty (but not really nasty) new piece of malware designed to wipe drives and desktop contents on a specific date, we took the straightforward approach of examining what common, easily implemented security best practices could have stopped Batchwiper in its tracks… As far as malware goes, Batchwiper [...]

  • JRE 6 automatic upgrade to JRE 7, coming soon

    Updated: 2012-12-19 22:09:33
    Starting this month, Oracle will be automatically replacing Java Runtime Environment (JRE) 6 installations with JRE 7 installations on a small amount of users’ systems (the users are randomly chosen). This will be done to ensure that the automatic upgrading mechanism is working properly. In February 2013, the last public version of JRE 6 (Java [...]

  • The State of Application Security 2012 Infographic

    Updated: 2012-12-19 17:15:39

  • Havij Source Code Was Leaked

    Updated: 2012-12-19 16:33:00

  • Best practice for using cloud computing in Europe 2013 (Part 1)

    Updated: 2012-12-19 10:00:09
    This article (part one) will focus on the first four principles of good information handling.

  • Private Exploit That Leak From 133day.com By Anonymous

    Updated: 2012-12-19 04:48:00

  • DOE Cyber-Security Audit Shows Incident Reporting, Management Hurdles

    Updated: 2012-12-18 23:40:00
    An audit of the Department of Energy's Cyber Security Incident Management Program outlined a number of challenges facing the agency.

  • SiteFilter and Web ThreatPak Critical Software Update

    Updated: 2012-12-18 17:49:51
    CRITICAL SOFTWARE UPDATE - ACTION REQUIRED Customers with subscriptions to eSoft’s SiteFilter and Web ThreatPak will need to update to the latest software release to ensure proper functionality. This update resolves problems downloading the latest web filtering database. Full release notes are available by following the link for your product below.

  • ARM, Partners Create Trustonic for Greater Mobile Device Security

    Updated: 2012-12-18 17:45:00
    The new company will use ARM's TrustZone technology and software from Gemalto and G&D to create secure areas in smartphones and tablets away from the OS.

  • How To Configure Cisco Nexus 5500 Virtual Port Channel

    Updated: 2012-12-17 18:26:00
    Internet Network Security Blog How To Configure Cisco Nexus 5500 Virtual Port Channel December 17, 2012 at 1:26 pm Filed under Uncategorized Multi-chassis link aggregation MLAG lets IT teams multihome servers to two or more physical switches in an MLAG group while still allowing all links to forward traffic bi-directionally . MLAG typically uses 802.3ad LACP as the control protocol . As there is no single standard for MLAG deployment , network vendors offer it to their customers in various ways . One commonly deployed MLAG technology from Cisco is virtual port-channel vPC available in its Nexus line of data center switches . For more on MLAG and other network architecture options download the report The Virtual Network In the Nexus world , the most common use cases for vPC are to create

  • Cyber Security for the Holidays Infographic

    Updated: 2012-12-17 16:25:58

  • ScanPlanner - Scanning with NMAP Online

    Updated: 2012-12-17 14:03:00

  • SQLI-LABS - Learning for your sql injection skill

    Updated: 2012-12-17 11:21:00

  • PHP Application Security Checklist

    Updated: 2012-12-15 04:26:00

  • News Roundup: SDN, Network Management and Private Clouds

    Updated: 2012-12-14 23:43:00
    : , Internet Network Security Blog News Roundup : SDN , Network Management and Private Clouds December 14, 2012 at 6:43 pm Filed under Uncategorized Startup Pica8 announced the release of a reference architecture for software defined networks SDN Pica8 makes Top-of-Rack ToR switches that support OpenFlow 1.2 and Open Virtual Switch . The company is targeting cloud providers with its newly announced reference architecture . This reference architecture has certified that the Ryu OpenFlow-based controller from NTT Laboratories will interoperate with Pica8 s switches . Pica8 has four switch models , including the P-3780 that includes 48 10GigE . ports Pica8 isn’t the only startup with a switch-centric approach to SDN . Earlier this month Plexxi announced its own ToR switch , called Switch 1,

  • Verizon to Test Support for One Password for Whole Internet

    Updated: 2012-12-14 21:00:00
    Verizon, Criterion and partners will soon test the feasibility of using one very secure user-name and password combo for the whole of the Internet.

  • How to Speak Data Center: IT Power Supplies

    Updated: 2012-12-14 18:12:00
    : Internet Network Security Blog How to Speak Data Center : IT Power Supplies December 14, 2012 at 1:12 pm Filed under Uncategorized In my first two posts on how IT pros can improve their interactions with data center facility pros , I covered the difference between power and energy and how to covert between kWh and BTUs This post will address power supply ratings and power supply . efficiency IT and data center professionals need to understand how much power IT equipment uses . You may have heard of a quick-and-dirty option to use the nameplate” power rating to estimate energy use . The nameplate is a safety label that comes from the Underwriters Laboratory which was formed in the year 1894 for the independent evaluation of electrical products for . safety Despite the nameplate’s function

  • Xconomy Interviews Veracode CEO Bob Brennan

    Updated: 2012-12-14 17:36:07
    In a recent post from Xconomy, Gregory T. Huang sat down with Veracode CEO Bob Brennan for a quick interview. The two talked about industry tipping points, how Veracode technology and strategy differs from our competitors and Bob's unique insight on leadership and company culture.

  • Howto: Reset a forgot password Windows 7

    Updated: 2012-12-14 15:41:00

  • Howto: Reset a forgotten Windows 8 Password

    Updated: 2012-12-14 15:34:00

  • HITRUST, ISC2 to Create Credential Program for Health Care Data Security

    Updated: 2012-12-14 00:15:00
    HITRUST and security association ISC2 will create a credential program to certify professionals in prevention of health care data breaches.

  • SolarWinds Integrates IP Address Management with Microsoft DHCP, DNS

    Updated: 2012-12-13 21:17:00
    , Internet Network Security Blog SolarWinds Integrates IP Address Management with Microsoft DHCP , DNS December 13, 2012 at 4:17 pm Filed under Uncategorized SolarWinds’ latest version of its IP Address Manager software now include support for Microsoft DHCP and DNS , Cisco DHCP , and Cisco Adaptive Security Appliances . The company says this lets customers better manage their IP addresses without abandoning their existing DHCP and DNS systems , or having to invest in more costly appliance-based approaches , such as those offered by . Infoblox SolarWinds’ IPAM includes a Web-based console to manage the enterprise IP infrastructure . The new integration also lets administrators monitor and manage Microsoft DHCP and DNS services and Cisco DHCP services in real time , while also tracking IP

  • eSoft Maintenance Window Notification - December 14, 2012

    Updated: 2012-12-13 20:23:25
    Beginning Friday December 14th at 6pm MST, eSoft will be performing maintenance on its network infrastructure. While we do not anticipate major issues, customers may experience minor interruptions in service level during maintenance window. The major impact of this change will be the reassignment of eSoft's SoftPak Director IP Addresses. While DNS updates will take care of the any issues contacting the eSoft's SoftPak Director, customers that have hard-coded the old IP range will need to do necessary updates. Please contact eSoft should you have any questions or concerns.

  • Intel Gets Serious About Microservers with New Chips

    Updated: 2012-12-13 19:09:00
    Internet Network Security Blog Intel Gets Serious About Microservers with New Chips December 13, 2012 at 2:09 pm Filed under Uncategorized Intel’s announcement of twenty low-power Atom server chips is a major push forward for the nascent microserver market . The new chips dubbed the S1200 are intended for a variety of data center uses ranging from general purpose scale-out servers to controllers for storage appliances , Ethernet switches and other appliance-like . applications The dual-core systems on a chip include ECC-memory-compatible controllers that can manage up to 8GB of DDR3 RAM , PCI controllers , hyperthreading and hardware-assisted virtualization . Running at 1.5 to 2.0 Ghz , the chips draw between 6 and 9 watts and are priced starting at 50 when purchased in . quantity There

  • Offensive security for dummies

    Updated: 2012-12-13 14:34:03
    If there were an “Offensive Security for Dummies” book, it’d be very short.  Chapter 1 would simply be the word “Don’t“.  Chapter 2 would be slightly more expansive and would say “No, really, we mean it: don’t practice offensive security.  You’re not worthy”.  Then it would go on to enumerate ways to incorporate offensive security [...]

  • Detecting Compromised SSL Certificates Using Nessus

    Updated: 2012-12-13 13:00:00
    : Careers News Events About Tenable Contact Support Enter search text Solutions Solutions Overview Compliance Configuration Auditing Continuous Monitoring Federal Government Log Management Mobile Device Security SCADA Security Compliance SIEM Vulnerability Management Vulnerability Scanning Products Products Overview Nessus Scanner SecurityCenter Log Correlation Engine Passive Vulnerability Scanner Services Services Overview Nessus Perimeter Service QuickStart Services Partners Partners Overview Become a Partner Strategic Partners Enterprise Channel Partners Subscription Channel Partners Professional Services Partners Training Certification Training Certification Overview Become Certified Courses Delivery Methods Training Schedule eLearning Portal Resources Resources Overview Podcasts RSS

  • Howto: Netcat: TCP/IP Swiss Army Knife

    Updated: 2012-12-13 05:08:00

  • Interesting Exploit in 2012-12-12

    Updated: 2012-12-12 10:26:00

  • BitLocker Enhancements in Windows Server 2012 and Windows 8 (Part 1) - SED Support and Network Unlock

    Updated: 2012-12-12 09:00:07
    In this article, we'll look at the new support for self-encrypting drives (SEDs) and the new Network Unlock feature that allows for automatic unlocking of BitLocker-protected drives when the computer is connected to the wired corporate network.

  • WiFi Monitor Mode with Android PCAP Capture

    Updated: 2012-12-12 08:56:00

  • Honeyproxy - Proxy to analysis HTTP(S) traffic

    Updated: 2012-12-12 08:41:00

  • Network Security Podast, Episode 299

    Updated: 2012-12-12 01:15:32
    It’s our last show for the year, folks. We’re taking about a month off, and we’ll be returning in 2013 for Episode 300! Happy Holidays from Network Security Podcast!  No Rich this week, but Martin and Zach make up for the lack somehow.  Maybe experience has taught them something. Network Security Podcast, Episode 299, December [...]

  • Network Overlays: An Introduction

    Updated: 2012-12-11 21:33:00
    : Internet Network Security Blog Network Overlays : An Introduction December 11, 2012 at 4:33 pm Filed under Uncategorized While network overlays are not a new concept , they have come back into the limelight thanks to drivers brought on by large-scale virtualization . Several standards have been proposed to enable virtual networks to be layered over a physical network infrastructure : VXLAN , NVGRE , and SST . While each proposed standard uses different encapsulation techniques to solve current network limitations , they share some similarities . Let’s look at how network overlays work in . general Many advanced virtualization features require Layer 2 adjacency , which is the ability to exist in the same Ethernet broadcast domain . This requirement can cause broadcast domains to grow to

  • December 2012 Patch Tuesday: Oracle Outside In, TrueType, and more

    Updated: 2012-12-11 18:53:20
    December’s Patch Tuesday brings us a great collection of vulnerabilities, ranging from Oracle Outside In vulnerabilities within Exchange to TrueType vulnerabilities in every version of Windows. It seems like these are the vulnerabilities that just keep giving. Along with these, other bugs were squashed in Internet Explorer, Microsoft Word, Windows File Handling, DirectPlay, and IP-HTTPS. [...]

  • Verafied: Q&A With NSFOCUS

    Updated: 2012-12-10 18:24:30
    Answered by Vann Abernethy Senior Product Manager at NSFOCUS 1. Tell us briefly about what NSFOCUS is all about. NSFOCUS is a global leader in active perimeter security. Our products and systems are crucial to some of the largest brand names and financial institutions and have been for more than a decade.

  • Why is outcome based security monitoring so critical with “Big Data”?

    Updated: 2012-12-10 15:33:00

  • Configuration Auditing Cisco Nexus Operating System (NX-OS) with Nessus

    Updated: 2012-12-10 14:25:00
    : Careers News Events About Tenable Contact Support Enter search text Solutions Solutions Overview Compliance Configuration Auditing Continuous Monitoring Federal Government Log Management Mobile Device Security SCADA Security Compliance SIEM Vulnerability Management Vulnerability Scanning Products Products Overview Nessus Scanner SecurityCenter Log Correlation Engine Passive Vulnerability Scanner Services Services Overview Nessus Perimeter Service QuickStart Services Partners Partners Overview Become a Partner Strategic Partners Enterprise Channel Partners Subscription Channel Partners Professional Services Partners Training Certification Training Certification Overview Become Certified Courses Delivery Methods Training Schedule eLearning Portal Resources Resources Overview Podcasts RSS

  • Zeroday Of Authentication bypass FreeSSHD / FreeFTPD

    Updated: 2012-12-10 00:58:00

  • Must ‘Cloud’ Translate To ‘Ungovernable’?

    Updated: 2012-12-07 15:25:00
    Internet Network Security Blog Must Cloud’ Translate To Ungovernable’ December 7, 2012 at 10:25 am Filed under Uncategorized Cloud computing gives us a lot of choices of where to run workloads : our own data centers , a private cloud within a premises data center , a public cloud or a hybrid . But where workloads and services reside isn’t the conversation we need to have . Instead , we must ensure that all workloads are reliable , and that all services meet their . SLAs For that to happen , IT and business leaders must embrace IT Service Management ITSM A service orientation and smart use of clouds can help with operational reliability and improved IT accountability if , as part of that transformation , you adopt some ITSM best practices . Yes , OK , I’m talking about ITIL and other

  • jSQL Injection - Java based automated SQL injection tool

    Updated: 2012-12-07 09:56:00

  • Hyperfox transparently hijacking/proxying HTTP and HTTPs traffic

    Updated: 2012-12-06 08:06:00

  • DoS vulnerabilities in Internet Explorer 7 (access violation)

    Updated: 2012-12-06 03:36:00

  • Cisco’s Spending Spree: An Analysis

    Updated: 2012-12-06 00:07:00
    : Internet Network Security Blog Cisco’s Spending Spree : An Analysis December 6, 2012 at 7:07 am Filed under Uncategorized The holiday shopping season is in high gear , but consumers aren’t the only ones opening their wallets . Cisco has been on its own buying spree lately , picking up two software companies and a WLAN vendor in the month of . November Of the three companies recently purchased–Cariden , Cloupia and Meraki–Cariden is the most striking . Cariden’s core software product could best be described as path and network analysis software . It gathers configuration data from the network devices , then maps data into a network graph performing mathematical modeling to deliver predictive analytics and resource mediation of the carrier . network Cariden has solved key analytical

  • Plexxi Cuts a New Path to SDN

    Updated: 2012-12-05 21:09:00
    Internet Network Security Blog Plexxi Cuts a New Path to SDN December 5, 2012 at 4:09 pm Filed under Uncategorized Plexxi , a networking startup , has launched an SDN platform The platform include Plexxi Switch 1, a Top of Rack ToR switch and Plexxi Control , a software controller that abstracts the network and provides configuration instructions to the switches for servers and workloads running on the network . The controller includes an API that provides a programmatic interface for third-party . vendors Plexxi distinguishes itself from other controller-based SDN architectures in a couple of key ways . First , its ToR switch includes an optical interconnect . The company claims that its optical interconnect provides up to 400Gbps of capacity per switch . Up to 250 Plexxi switches can be

  • Enterprise Testing of Applications is a Growing Trend

    Updated: 2012-12-05 14:56:14
    One of the things we clearly see in our platform is that more vendor applications are being tested. Our SoSS reports are not based on surveys that collect opinions, it is an analysis of data aggregated from companies as they test and secure their applications. Our platform tracks whether an application is being tested as part of an enterprise effort to test vendor software. The number of vendor apps tested is rising every quarter.

  • Plugin Spotlight: Samsung/Dell Printer Firmware SNMP Backdoor

    Updated: 2012-12-05 14:29:45
    : : Careers News Events About Tenable Contact Support Enter search text Solutions Solutions Overview Compliance Configuration Auditing Continuous Monitoring Federal Government Log Management Mobile Device Security SCADA Security Compliance SIEM Vulnerability Management Vulnerability Scanning Products Products Overview Nessus Scanner SecurityCenter Log Correlation Engine Passive Vulnerability Scanner Services Services Overview Nessus Perimeter Service QuickStart Services Partners Partners Overview Become a Partner Strategic Partners Enterprise Channel Partners Subscription Channel Partners Professional Services Partners Training Certification Training Certification Overview Become Certified Courses Delivery Methods Training Schedule eLearning Portal Resources Resources Overview Podcasts RSS

  • Interesting Exploit in 2012-12-05[Apache Tomcat]

    Updated: 2012-12-05 06:28:00

  • Video: Importing Custom Settings Into Group Policy Production using Security Compliance Manager (SCM)

    Updated: 2012-12-05 06:00:37
    This video explains the process of importing custom settings into Group Policy Production using Security Compliance Manager.

  • Introduction to new and now available SecurityCenter 4.6 and PVS 3.8

    Updated: 2012-12-04 15:00:00

  • eSoft Named as SC Magazine’ 2013 Excellence Award Finalist

    Updated: 2012-12-04 07:21:12
    eSoft has been named a finalist in the Excellence category of the 2013 SC Awards for outstanding leadership and achievement in information security. eSoft Customer Support is recognized in the Best Customer Service category, which acknowledges companies with superior customer service that help customers tackle today’s most pressing information technology (IT) challenges. The winner will be announced at the 2013 SC Awards U.S. ceremony to be held on Feb. 26, 2013 in San Francisco.

  • Silver Peak, F5 Put Virtual Appliances in Amazon Cloud

    Updated: 2012-12-04 00:10:00
    , Internet Network Security Blog Silver Peak , F5 Put Virtual Appliances in Amazon Cloud December 4, 2012 at 7:10 am Filed under Uncategorized Virtual appliances are a relatively new option for customers buying network systems such as firewalls , load balancers , WAN optimization , and other products . Like a physical appliance , virtual appliances are fairly simple to deploy , and because they’re just software , vendors often make it easy for customers to try a product before they buy it . Now these virtual appliances are also being bundled for public . clouds This week Silver Peak announced version 6.0 of Virtual Acceleration Open Architecture VXOA its WAN optimization software for virtual and physical platforms . The new release touts several enhancements , including the ability to run

Current Feed Items | Previous Months Items

Nov 2012 | Oct 2012 | Sep 2012 | Aug 2012 | Jul 2012 | Jun 2012