From the Security4All blog: Preventing Brute Force attacks with IPTABLES (Rate Limiting) – iptables is an incredibly versatile tool!
Via the nezumi-lab blog: patch-diff – a free (as in beer) alternative for BinDiff.
Something like Google Streetview, but not quite for Romania: NORC (they are using Google Maps underneath, but it seems that the photos are theirs, not from Google)
RDP is insecure. So are SSL certificate authorities (caveat: the owner of the given blog works for a competiting CA, but the mistake Comodo made is still major).
From Stackoverflow podcast #36: Source Control HOWTO. It is a nice introduction, which tries to stay product neutral. Other books also offer introductions, but it is nice to have multiple point of views (the basic idea is: a SCM tool is just something which keeps sets of diffs between files and tries to re-apply them in the proper order. It is not a magic tool which guarantees that you will get the proper result at the end – or that the result is a syntactically correct file for that matter – but it works in 99.9% of the cases).
Bypassing file system security in Windows – this is not a security flaw, since you already have to have permissions to load drivers (from which point on you can do whatever you want :-)), but still an interesting info.
Talking to a Wiimote in Ubuntu 8.10 – very cool, and the small Bluetooth adapter is very cute (at first I thought that the image was truncated, it is so small :-)).
A quick tool to inject DLL's – for cases when you are too lazy to roll your own. Just a word of warning: take the source code, look at it, and compile it yourself. It is not prudent to use binary tools directly, especially these types of tools.
From taint.org: Closing the 'Collapse Gap': the USSR was better prepared for collapse than the US. An interesting perspective, and living in a post-communist country, I can vouch that, at least some of the items, are very true, like repairing stuff vs. getting a new one.
Via Schneier on Security: The Cost of Fearing Strangers. An interesting / related thought is: because of the Internet (blogs, social networks, etc) a lot of people start to know as much (or even more) about other people as their friends / relatives. Does this mean that the probability of being harmed increases as more and more people know about us?
On LinuxWorld we can read an interview with Linus Torvalds. Although it is poorly marked up (for example you can’t really tell visually which paragraphs belong to the reporter and which to Linus), it is an interesting read nevertheless.
From devnet's Bookmarks: Flash OBJECT and EMBED tag attributes (rant: why does a simple information page need javascript turned on to be visible?). The most interesting option to me was:
swliveconnect - Possible values: true, false. Specifies whether the browser should start Java when loading the Flash Player for the first time. The default value is false if this attribute is omitted. If you use JavaScript and Flash on the same page, Java must be running for the FSCommand to work.
What seems dubious to me is the mention of Java. I’m not entirely how this interacts with JavaScript and LiveConnect, but it is good to know for later engagements (probably you can instantiate Java classes from Flash?).
From the SANS blog: How to Use Twitter for Information Mining. I especially liked the visual tools like TwitterStreamGraphs and TwitterVenn.
NiceTranslator – a very nice :-p and quick way to translate text back and forth. Based on Google Translator.
Removing Persistent Malware – it is interesting (nice?) to see that a security company (although not one of the “Big Four”) is recommending using an Ubuntu LiveCD to clean a Windows machine.
The RaDaJo guys posted the answers to the NMAP trivia questions. Very interesting read and probably most of us can find out something new about NMAP (for example, one thing I found interesting is that it can write a packettrace file with the traffic sent/received).
0 comments:
Post a Comment
You can use some HTML tags, such as <b>, <i>, <a>. Comments are moderated, so there will be a delay until the comment appears. However if you comment, I follow.