Mixed links

A new security Linux distro announced: SUMO Linux

Notes on hardening Apache – some of them is not applicable if you are installing Apache from packages. I liked the idea mailing the admin whenever the server is (re)started.

IWF causing problems for archive.org – interesting. While it wasn’t intentional, it was more an interoperability issue, it highlights the potential problems of deploying in-band filtering.

TSAdminEx beta released – like Process Explorer for Terminal Server. You might want to check it out if you manage TS.

From the absoblogginlutely bookmarks: Using BITS to download large files – this can be also leveraged by malware to download files in a non-suspicious (less-suspicious) way. Also, the Windows Post-Install Wizard. Looks interesting.

A followup on the DDoS of the Metasploit and other security sites: How Metasploit Turned The Tables On Its DDoS Attackers (from The Daily Incite)

building and scaling a startup – some interesting point-counterpoint type of discussion about scaling, especially how it relates to databases.

From Light Blue Touchpaper: Optimised to fail: Card readers for online banking [PDF]. It is somewhat disheartening to see how the implementations are downgraded from a security point of view, and also the fact that there are active attacks out there against these systems.

Via daniel.haxx.se (the author of Curl): Despotify. The soundtrack with their introductory video is awesome!

Preventing Domain Group Policies from Applying – interesting stuff, much in the same vein as the Circumventing Group Policy as a Limited User article.

Embedded System Challenge – the idea was to modify an existing encryption circuit implemented in a FPGA to undermine its safety (leak information, make it non functioning, etc), but still make the basic sanity tests pass. The ideas in the papers are very interesting!