The National Risk Register is intended to capture the range of emergencies that might have a major impact on all, or significant parts of, the UK. It provides a national picture of the risks we face, and is designed to complement Community Risk Registers, already produced and published locally by emergency planners. The driver for this work is the Civil Contingencies Act 2004, which also defines what we mean by emergencies, and what responsibilities are placed on emergency responders in order to prepare for them. Further information about the Act can be found on the UK Resilience website.

Seems like the greatest threat to national security is a flu pandemic.

From Google Code:

Ratproxy is a semi-automated, largely passive web application security audit tool. It is meant to complement active crawlers and manual proxies more commonly used for this task, and is optimized specifically for an accurate and sensitive detection, and automatic annotation, of potential problems and security-relevant design patterns based on the observation of existing, user-initiated traffic in complex web 2.0 environments.

This tool falls into the same family as Burp and Paros, as examples. It will apparently run on Linux, FreeBSD, Mac OS X and Windows if you have Cygwin loaded. Check it out.

Article Link

Each of these tools works differently and each attacks the SQL injection problem from a different angle, and in combination they complement each other well. MSCASI analyzes classic ASP source code to find potential SQL injection vulnerabilities. It can detect both first- and second-order SQL injection bugs and will point you to the exact line of source code where the error occurs.

However, sometimes you don’t have access to the complete source code of your application; for example, you might use third-party libraries or services in your code. This is where Scrawlr comes in. Scrawlr is a black-box analysis tool that doesn’t require access to source code. You just give Scrawlr the URL of your web application and it crawls and analyzes that application for SQL injection vulnerabilities. One downside is that Scrawlr can’t point you to the exact line of vulnerable code the way that Microsoft Source Code Analyzer for SQL Injection can, but this is why the two tools work so well together. In general, source-code analysis tools and black-box analysis tools often work better in conjunction with each other, but this is definitely a larger topic for another blog post.

Finally, URLScan 3.0 is an update to the existing URLScan IIS request filter tool. URLScan 3.0 blocks HTTP requests that contain suspicious text like SQL keywords. URLScan 3.0 is a good defense-in-depth measure, but it’s important to find and fix vulnerabilities at the source. Never rely solely on URLScan or any type of application firewall as your only defense. (I’ve talked on my blog about some potential dangers of substituting firewalls for secure development practices.)

If you’d like more information, the Security Vulnerability Research and Defense blog has posted a more in-depth analysis of each of these tools. I recommend that you download both of the detection tools and test your applications against them. If either tool reports a vulnerability, I also recommend that you use URLScan 3.0 to block attacks while you fix the problems in the source code.

What can we conclude?

First, good documentation never hurts :-) - indeed, the most popular information to look for when facing a new log record is documentation on what it means. While some software vendors are great in this regard, many other don't bother documenting their logs or document them only when customers complain.

Second, I was not sure that the second popular choice would be "Other logs from about the same time (this and other systems)."  This strongly points at huge value of cross-device log analysis (see this recent log entry on that),  where all the logs are consolidated and analyzed together (it goes without saying that time is synchronized OR at least corrected across those logs). Indeed, if you are confused about a log and documentation is not available, reviewing "what else was/is going on?" is smart. Trusting log time stamps across many systems is also key for that.

Third, having IP addresses in logs is great, but human-readable names are better: IPs in logs needs to be mapped to DNS or Netbios names. Indeed, given that often such names reveal where the system is, who might own it, what its function is, etc this information is not just a mapping, but true log information enrichment.

Fourth, so, what's next? The above 3 top responses are indeed universally useful, but the next choice digs deeper: flows, packets, connections and other network information does complement logs and is often studied in combination with logs (e.g. see a strange log entry then go see who connected to the system at that time or where the system itself connected to).

Fifth, next comes a group of pretty much everything else: other logs from the same system, logs about the same system as well as loosely defined 'similar' log entries. These come handy, but are not top choices. In fact,  from this I conclude that a lot of additional context information is needed to make sense of a confusing log entry.

Sixth, what was surprising? I thought that identity lookups (e.g. IP to real name or other user identity information) would score higher.  I also suspect that people were confused by "logs ABOUT the same systems" (what I meant is, for example, use firewall logs that mention the system which log we are now analyzing) and this should score higher.

Seventh, anything fun in the "Other" category? Yes, there were a few insightful ones: first, results of a Google search (supposedly for the info from the log entry in question)! Very true indeed. Also named were logs from the same daemon/program (how can I miss it?),  logs from previous incidents and information on the logging system owner.  All very useful indeed. Thanks for good ideas!

Finally, a brief message to people that work for a certain log-related vendor of ill repute who keep polluting my polls: if I catch you, I will kick you in the butt :-) Or, better, I will hammer you with a big and heavy log (you know, the wooden kind) over your miniscule heads ...

Past logging polls and their analysis:

Needless to say, the above will hinge on Hitachi's ability to retain and grow the existing customer base of M-Tech IT in North  America and Europe, and also on  Hitachi's ability to compete against EMC's selling of  Courion and RSA products. How Hitachi will create an access and adaptive access management (Web and desktop) portfolio to complement its identity management and provisioning portfolio also remains to be seen.

I started Wi-Fi Networking News under the less euphonious name 802.11b Networking News back in April 2001 after spending months researching what became a front-cover article in Circuits, the then-separate tech section of The New York Times. The first post is still live, as are all the nearly 4,800 others.

(I had help: Nancy Gohring wrote part-time for WNN for a couple years when we had a bit more traffic; she took a full-time job for and still works for IDG News Service, which I am now slightly affiliated with through my new hardware regular blog at PC World.)

The site as it appeared in April 2001

Since starting, I've covered extensively the growth of the hotspot market, the rise and fall and rise again of municipal networks, the change in consumer equipment from expensive and slow to cheap and fast, the growth of the enterprise market, the phoenix-like in-flight calling/broadband market, and, more recently, cellular and WiMax technology.

Enterprise coverage was once a central part of Wi-Fi Networking News, but it became clear a few years ago that as equipment was redesigned to be integral to the enterprise, that my ability cover and test gear was too limited, and the need for true enterprise experience was necessary to write about it. This disappointed a lot of enterprise readers and equipment makers who wanted me to keep writing about corporate hardware.

The focus over the last few years on municipal Wi-Fi was not just necessary--few people besides me were covering it in depth--but also represented the only significant news in the Wi-Fi world outside of the development of 802.11n/Draft N gear. It's only recently that WiMax, cellular data, spectrum auctions, and in-flight broadband have picked back up to become stories that you all want to know about--because they've become real technology you might work with. As the city-wide Wi-Fi arc played itself out, I'm covering it less because there's less of interest; it's going to become routine and the province of city CTOs and CIOs.

While writing this site, I try to have opinions, but not an agenda. I try to keep an open mind, though I do descend into cynicism, often well founded, but perhaps too readily employed. I'll try my best to keep myself honest and cheery in the years to come.

The biggest trends I expect to see develop in 2008 to 2010 are in these key areas:

Appliances. I expected 2007 to be the year that Wi-Fi was in everything: cameras, games, phones, and tchotchkes. Instead, Wi-Fi has only gradually spread, with a few gaming consoles, and many handsets and smartphones gaining or extending their use. It may be that I missed a trend: cameras in phones may become so good by 2009, that we don't need a camera with Wi-Fi at all (Wired reports today on several 5 megapixel cameraphones shown at CTIA this week). It's also likely that if WiMax gets a foothold, we'll get handhelds probably in 2009 that sport high-speed connections for all kinds of high-bandwidth purposes, like live uploading of streaming video.

Video over wireless. I look at this category as not just another instance of broadcast, like Qualcomm's MediaFLO which is really TV to the cell phone; rather, we'll see ways in which Wi-Fi, WiMax, and cellular data are used to push stored and streaming media to all sorts of devices. I look to Starbucks, Apple, and AT&T to lead the way on cached media in stores that can be filled up at local network speeds: download a full-length, HD movie in a few minutes in a Starbucks from the iTunes cache rather than 3 hours at home.

Radio over Wi-Fi. Internet radio via Wi-Fi music players seems like a trend--buying a boombox you can tune in wherever you are, or using a handheld MP3 players--but even with many devices, I don't feel a sense that it's caught on quite yet. If Apple puts Internet radio over Wi-Fi into new iPhone/iPod touch firmware, it'll likely take off; Nokia allows a third-party program for its N series for Internet radio over Wi-Fi already.

Cellular data/mobile broadband. I admit to being wrong about the potential of cell data, due to the overhype from the carriers and the horrible pricing relative to throughput and availability of the 1xRTT and GPRS systems. As cell data networks have matured into true broadband--slow, but broadband--media, the hype has lessened, disclosure has improved (no more "unlimited" usage, eh?), and the value has increased. We'll see more of the same with faster flavors of GSM networking and WiMax's deployment. The networks will become faster and cheaper and less restrictive.

For a good sense of what people are still reading on Wi-Fi Networking News, here are the titles of the top 10 articles since I switched to Google Analytics in Sept. 2006:

• Change Your Linksys WRT54G Admin Password Right Now!
• WPA Cracking Proof of Concept Available
• Weakness in Passphrase Choice in WPA Interface
• Most Wireless Speakers Don't Live Up to Goal
• Best Wi-Fi Signal Finder Yet
• Linksys Latest Models: Your Experience?
• T-Mobile Loses Starbucks; AT&T Becomes Wi-Fi Hotspot Giant
• Editorial: Don't Buy Draft N
• WPA for Free under Windows 2000
• The L in Linksys WRT54GL Stands for Linux

A few observations. Security remains key in people's minds: Security articles from 2004 are still being heavily viewed in 2008. Linksys is definitely high in people's minds for particular problems: Change the default password, buy a Linux (not VxWorks) embedded router, report problems with various models. Oddly, the wireless speakers and wireless printers articles are short stubs that are pure blog: they link to longer articles elsewhere. The Best Wi-Fi Signal Finder Yet story is 4 years old and still gets 1,000 page views a month. The invisible hand--nay, the long tail!--works in archives as it does everywhere.

Will I still be pounding away 7 years from now on this site? That seems about as unlikely as the last 7 years, which means it will probably happen. Traffic has dropped off over the years from the time in which Wi-Fi was a great (and expensive) mystery to today when there's more information and less confusion about it. As long as there are any questions to be answered, I'll keep writing.