HNS MAIN FEED
Discovery and fuzzing for SQL injections with Web 2.0 applications
Wednesday, 3 September 2008, 7:29 PM CET
This paper describes some techniques and approaches to perform effective assessment on Web 2.0 applications on the basis of our recent experience and cases which were analyzed on the field.
Rootkit evolution
Monday, 1 September 2008, 11:59 PM CET
Rootkit evolution is following the same path as spyware. First, rootkits were identified as a separate class of malware. Then there was a lot of media hype which led to a large number of anti-rootkit tools and products together with a noticeable reaction from the antivirus industry. Today both rootkits and spyware have merged into the general malware stream and no longer cause any particular excitement. However, the concept of evading system features to hide something is obviously still valid and we are very likely to see new threats implementing stealth.
Deploying enterprise software securely
Wednesday, 27 August 2008, 11:57 PM CET
This laundry list of security requirements is a lot to think about for every application deployment, but vigilance in this area can drastically improve an organization’s security posture. The requirements can be put into a standardized template, and at the end of the process each requirement should have a mark for pass, fail, or perhaps not applicable. Anything marked as a failure should be noted and can be escalated or accepted as a risk.
Most organizations fail to stop interior network threats
Tuesday, 26 August 2008, 9:25 PM CET
A survey by Opine Consulting revealed nearly half of the IT professionals who responded had endpoints connecting to their corporate networks without their knowledge. Yet compared to other security issues, 86 percent of respondents said controlling network access ranked as a high priority.
Security risks for mobile computing on public WLANs
Monday, 25 August 2008, 11:54 PM CET
This article illuminates the effectiveness of VPN security mechanisms, data encryption, strong authentication and personal firewalls and shows how optimal protection can be achieved by dynamically integrating each of these technologies.
Reverse engineering: Smashing the signature
Wednesday, 20 August 2008, 3:35 PM CET
Many antivirus and antispyware solutions identify malicious programs by looking for known unique signatures contained inside them. Those signatures are stored inside a database which is constantly updated. This tutorial guides you through a number of steps to encrypt the executable file code section in order to render antivirus signature checking techniques ineffective against identifying the malicious code.
Internet terrorist: Does such a thing really exist?
Tuesday, 19 August 2008, 5:25 PM CET
In this article, a former CISO discusses the notion of worrying about the potential risk of terrorism against his organization and how it seems to be the lowest priority given the choices at hand. Ironically, terrorism today seems to be an emerging concern in the commercial world and many are actively pursuing methods and technology to help combat the problem. As a result, he began to research this trend to determine its drivers and potential implications to information security as we know it today.
Reputation attacks: A little known Internet threat
Monday, 18 August 2008, 8:06 PM CET
Reputation attacks target both individuals and companies, and their goal is to ruin the victim’s reputation. While attack techniques are varied, the consequences are often the same: a damaged reputation resulting in many cases in financial loss. Attackers can use several methods to ruin a company’s reputation.
Hard Drive Recovery
Wednesday, 3 September 2008, 7:29 PM CET
This paper describes some techniques and approaches to perform effective assessment on Web 2.0 applications on the basis of our recent experience and cases which were analyzed on the field.Rootkit evolution
Monday, 1 September 2008, 11:59 PM CET
Rootkit evolution is following the same path as spyware. First, rootkits were identified as a separate class of malware. Then there was a lot of media hype which led to a large number of anti-rootkit tools and products together with a noticeable reaction from the antivirus industry. Today both rootkits and spyware have merged into the general malware stream and no longer cause any particular excitement. However, the concept of evading system features to hide something is obviously still valid and we are very likely to see new threats implementing stealth.Deploying enterprise software securely
Wednesday, 27 August 2008, 11:57 PM CET
This laundry list of security requirements is a lot to think about for every application deployment, but vigilance in this area can drastically improve an organization’s security posture. The requirements can be put into a standardized template, and at the end of the process each requirement should have a mark for pass, fail, or perhaps not applicable. Anything marked as a failure should be noted and can be escalated or accepted as a risk.Most organizations fail to stop interior network threats
Tuesday, 26 August 2008, 9:25 PM CET
A survey by Opine Consulting revealed nearly half of the IT professionals who responded had endpoints connecting to their corporate networks without their knowledge. Yet compared to other security issues, 86 percent of respondents said controlling network access ranked as a high priority.Security risks for mobile computing on public WLANs
Monday, 25 August 2008, 11:54 PM CET
This article illuminates the effectiveness of VPN security mechanisms, data encryption, strong authentication and personal firewalls and shows how optimal protection can be achieved by dynamically integrating each of these technologies.Reverse engineering: Smashing the signature
Wednesday, 20 August 2008, 3:35 PM CET
Many antivirus and antispyware solutions identify malicious programs by looking for known unique signatures contained inside them. Those signatures are stored inside a database which is constantly updated. This tutorial guides you through a number of steps to encrypt the executable file code section in order to render antivirus signature checking techniques ineffective against identifying the malicious code.Internet terrorist: Does such a thing really exist?
Tuesday, 19 August 2008, 5:25 PM CET
In this article, a former CISO discusses the notion of worrying about the potential risk of terrorism against his organization and how it seems to be the lowest priority given the choices at hand. Ironically, terrorism today seems to be an emerging concern in the commercial world and many are actively pursuing methods and technology to help combat the problem. As a result, he began to research this trend to determine its drivers and potential implications to information security as we know it today.Reputation attacks: A little known Internet threat
Monday, 18 August 2008, 8:06 PM CET
Reputation attacks target both individuals and companies, and their goal is to ruin the victim’s reputation. While attack techniques are varied, the consequences are often the same: a damaged reputation resulting in many cases in financial loss. Attackers can use several methods to ruin a company’s reputation.
