SEARCH RESULTS
 
Showing 1-10 of 26 records
 
Expand article

Fierce 1.0

The Article has images
2007-12-20 16:39:32 by RSnake in ha.ckers.org web application security lab
Okay, its about time. I am finally releasing Fierce 1.0 as a production ready DNS enumeration tool. What does that mean? It means it works. We have now gotten rid of all the kinks that made me think that it was crippled in a way that made me not want to rely on it. So what was fixed? Well, thanks to Jabra we have now patched fierce so that when...
 
Tags: fierce, fool fierce, production kinks, zone transfer, backtrack, production, dictionary, corp, kinks
 
 
 
 
Expand article

Fuzz Testing at Microsoft and the Triage Process

2007-09-20 18:52:00 by sdl in The Security Development Lifecycle
 
Scott Lambert here. I work on the Security Engineering Tools team where we're responsible for researching, developing and publishing tools to internal product and service teams. These include fuzzing, binary analysis and attack surface analysis tools Previously, James Whittaker posted a blog entry on Testing in the SDL in which he mentioned that...
 
Tags: chance exceptions, exceptions, exception handler, exception, divide-by-zero exception, exception code, triage process, process, first-chance exceptions
 
 
 
 
Expand article

A law suit waiting to happen.

2007-12-06 04:25:00 by John Sexton in The Bullet Proof Blog
 
In my last posting I talked about employers being vulnerable when it came to law suits for not properly protecting their employees. As a security consultant, I am often asked to advise on ways to protect a client from such exposure. This process is called Risk Managment All of us can assume that we face some form of most of the time. A perfect...
 
Tags: law, risk, risk management, fitness center, risk managment, management, center, apparently upper management, federal law
 
 
 
 
Expand article

Are fund managers really overcompensated?

2006-08-11 07:55:00 by Jomni in Risk Management Quant
 
CFA Magazine recently published an interview with Barton Biggs in its July-August 2006 Issue. Mr. Biggs has been with Morgan Stanley for 30 years acting as chief global strategist and is well respected by Wall Street. In 2003, He retired from Morgan Stanley to form Traxis Partners (hedge fund) with colleagues. In the interview, the following...
 
Tags: hedge funds cfa, hedge funds, managers, funds, hedge fund fees, forces, hedge fund, competition forces fees, fees
 
 
 
 
Expand article

Links for 2007-12-20 [del.icio.us]

2007-12-21 00:00:00 by Editor in Anton Chuvakin Blog -
 
TaoSecurity: Controls Are Not the Solution to Our Problem Controls are not the solution to our problem. Controls are the problem. They divert too much time, resources, and attention from endeavors which do make a difference. If the indications I am receiving from readers and friends are true, the ideas in this p ha.ckers.org web application...
 
Tags: security, security investments, application security, information security, application, users data, data, data protection, security growth
 
 
 
 
Expand article

Security is not all about Security Updates

2007-12-17 12:58:00 by sdl in The Security Development Lifecycle
 
Hi, Michael here I'm always asked "How can you claim the SDL is working when Microsoft still issues security updates?" So I want to make sure people understand the goals of the SDL and perhaps more importantly, the non-goals There are three major security-related disciplines here at Microsoft and people outside the company often confuse the...
 
Tags: security, end-user security documentation, security response, fix security bugs, response, security fix, implementation vulnerabilities, vulnerabilities, security feature development
 
 
 
 
Expand article

The New Threat Modeling Process

The Article has images
2007-10-02 01:15:35 by sdl in The Security Development Lifecycle
Adam Shostack here, with the second post in my series on the evolved threat modeling process. To summarize, what Ive tried to achieve in changing the process is to simplify, prescribe, and offer self-checks. Ill talk in the next post about why those three elements are so important to me. For now, let me describe the process One of the largest...
 
Tags: process, threat, process validation entails, threat model, software process diagram, people, people trust boundaries, love threat, hamster wheel
 
 
 
 
Expand article

LogLogic User Forums Open

2008-02-27 17:37:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -
 
We got this brand-spanking-new "semi-official" LogLogic user forum here , and I have my own sub-forum called " Log Innovations ." Feel free to drop by and participate As of now, I am reposting some of the most useful blog content there (such as the tips ), but it will be used for other fun stuff on the future. Check it out About me:...
 
Tags: loglogic user forum, blog content, log innovations, fun stuff, sub-forum, org, drop, semi-official, tips
 
 
 
 
Expand article

Friday Squid Blogging: Plastinated Squid

2008-03-28 16:29:19 by schneier in Schneier on Security
 
In Paris : France's National Museum of Natural History on Tuesday unveiled the world's first "plastinated" squid -- a 6.5-metre-long (21.25-feet) deep-sea beast donated by New Zealand and named in honour of a creature featuring in Maori legend Plastination entails replacing the animal's water, fat and other liquids with a polymer that hardens It...
 
Tags: squid, architeuthis sanctipauli lost, architeuthis, giant squid, 25-feet, feet, deep-sea beast, paris museum, metres
 
 
 
 
Expand article

South African Spam is World Class!

2007-11-01 14:15:00 by Allen Baranov, CISSP in Security Thoughts
 
I found this interesting table on Trend's website which takes the number of spam messages it receives, extrapolates it to estimate total worldwide spamming from an IP range and then reports on the range The bottom line is that they estimated that SAIX users (corporate, dial up, sub-ISPs, etc) all sent out about 82 Million spam emails in the...
 
Tags: south africa, sunny south africa, million spam emails, saix users, saix, world, ra