ComputerDefenseComputerDefenseComputerDefense.org is an IT Security website, with a mix of python,hardware,reviews and anything else I feel like talking about... previously it hosted a daily link list.. (which may make a comeback)... 
Articles
RSA - At the Booth with Mark Wood of nCircle
2009-04-20 17:20:00 Q. What is your role at $vendor? A. VP Product Management at nCircle. My job is to make sure that nCircle continues to build the most effective and most competitive solutions to the most urgent customer security and compliance audit problems. Q. What got you into IT/IS? A. Actually, it was 1982 and I was just starting college. ... More About: Conferences , Wood , Mark
RSA - At the Booth with Mark Wood of nCircle
2009-04-20 17:20:00 Q. What is your role at $vendor? A. VP Product Management at nCircle. My job is to make sure that nCircle continues to build the most effective and most competitive solutions to the most urgent customer security and compliance audit problems. Q. What got you into IT/IS? A. Actually, it was 1982 and I was just starting college. ... More About: Conferences , Wood , Mark
RSA - At the Booth with Martin McKeay of Trustwave
2009-04-17 02:28:00 Q. What is your role at $vendor? A. PCI QSA at TW. or Payment Card Industry Qualified Security Assessor at RSA Q. What got you into IT/IS? A. Innate geekiness. Been playing with computers since the Ti99/4a Q. What do you do outside of IT/IS? A. There's a life outside of IT/IS? When I'm not on the computer, I'm spending ... More About: Conferences , Martin
RSA - At the Booth with Martin McKeay of Trustwave
2009-04-17 02:28:00 Q. What is your role at $vendor? A. PCI QSA at TW. or Payment Card Industry Qualified Security Assessor at RSA Q. What got you into IT/IS? A. Innate geekiness. Been playing with computers since the Ti99/4a Q. What do you do outside of IT/IS? A. There's a life outside of IT/IS? When I'm not on the computer, I'm spending ... More About: Conferences , Martin
RSA - At the Booth with Martin McKeay of Trustwave
2009-04-17 02:28:00 Q. What is your role at $vendor? A. PCI QSA at TW. or Payment Card Industry Qualified Security Assessor at RSA Q. What got you into IT/IS? A. Innate geekiness. Been playing with computers since the Ti99/4a Q. What do you do outside of IT/IS? A. There's a life outside of IT/IS? When I'm not on the computer, I'm spending time with my wife and kids. God help me when the kids get old enough to IM, tweet and play Halo. Q. What are you most looking forward to / what did you most enjoy about RSA this year? A. The Security Bloggers Meetup. I'm hosting it with Rich Mogull; I'd have to say that even if it wasn't true. Q. Was this your first time at RSA? Will you return? A. 4th RSA, and I'll be back as long as they'll let me return. Q. What will you be doing at your both? A. Good question. No one's told me yet. Seriously. Q. Is there any swag available at your booth? A. Another good question. Q. If people wanted to chat with you when could they stop by the booth? A. Tu... More About: Martin
RSA “At the Booth” Series
2009-04-17 02:17:00 So I was trying to think of something different that I could do in my blogging about RSA. After some humming and hawing I decided to do a blog series that I'm calling RSA "At the Booth". This is open to anyone working a booth at RSA. Simply send me an email to rsa [at] <thisdomain>. The questions are: What is your role at $vendor? What got you into IT/IS? What do you do outside of IT/IS? What are you most looking forward to / what did you most enjoy about RSA this year? Was this your first time at RSA? Will you return? What will you be doing at your both? Is there any swag available at your booth? If people wanted to chat with you when could they stop by the booth? Prediction for the future of IT/IS during 2009 and into 2010? Any comments? The post titles will follow the format - "RSA - At the Booth with $name of $vendor". It may be interesting to some people who want to a) talk to a particular person or b) find someone with a similar interest. More About: Series
RSA ?At the Booth? Series
2009-04-17 02:17:00 So I was trying to think of something different that I could do in my blogging about RSA. After some humming and hawing I decided to do a blog series that I'm calling RSA "At the Booth". This is open to anyone working a booth at RSA. Simply send me an email to rsa [at] ... More About: Series , Conferences
RSA ?At the Booth? Series
2009-04-17 02:17:00 So I was trying to think of something different that I could do in my blogging about RSA. After some humming and hawing I decided to do a blog series that I'm calling RSA "At the Booth". This is open to anyone working a booth at RSA. Simply send me an email to rsa [at] ... More About: Series , Conferences
Apache AddType Issue
2009-04-08 05:31:00 A recent SANS ISC diary entry mentions an interesting configuration point that I had been previously unaware of. It seems that AddType doesn't just enable the extension, it enables all files containing that string. Example: AddType application/x-httpd-php .php In the above example, both phpinfo.php and phpinfo.php.bak would be parsed as PHP. I found this to be rather ... More About: Security , Apache , Issue
Apache AddType Issue
2009-04-08 05:31:00 A recent SANS ISC diary entry mentions an interesting configuration point that I had been previously unaware of. It seems that AddType doesn't just enable the extension, it enables all files containing that string. Example: AddType application/x-httpd-php .php In the above example, both phpinfo.php and phpinfo.php.bak would be parsed as PHP. I found this to be rather ... More About: Security , Apache , Issue
Apache AddType Issue
2009-04-08 05:31:00 A recent SANS ISC diary entry mentions an interesting configuration point that I had been previously unaware of. It seems that AddType doesn't just enable the extension, it enables all files containing that string. Example: AddType application/x-httpd-php .php In the above example, both phpinfo.php and phpinfo.php.bak would be parsed as PHP. I found this to be rather ... More About: Security , Apache , Issue
Off to CanSecWest
2009-03-17 17:17:00 In 4 hours I'll be on a plane to Vancouver to enjoy CanSecWest. If you're going to be there ping me and we'll grab a beer. You can find me on twitter (treguly) or email me ht [at] this domain. More About: Personal
Off to CanSecWest
2009-03-17 17:17:00 In 4 hours I'll be on a plane to Vancouver to enjoy CanSecWest. If you're going to be there ping me and we'll grab a beer. You can find me on twitter (treguly) or email me ht [at] this domain. More About: Personal
Successful Exploit Renders Microsoft Patch Ineffective [Link Posted]
2009-03-11 23:15:00 One of the patches released yesterday has a serious flaw, in that an already compromised host will not have the patch properly applied. I provided a full write-up on this yesterday on the nCircle blog and felt that the importance of the issue warranted posting a link here to increase awareness. More About: Microsoft , Exploit , Link , Patch
CDVT Update
2009-03-11 23:02:00 I decided it was time to update CDVT, so the latest version is now checked into SVN. The Metasploit Web-based SVN seems to have stopped passing a revision number, so I removed it from cdvt.xml. At the same time I updated the regexes to scrape the version information from nmap ('stable' was previously in italics and ... More About: Update
Denial of Service the Series: Part 2 - Survey Responses (2/2)
2009-02-18 06:36:00 Yesterday I stopped halfway through and said I'd continue with the responses today. So tonight I'm going to look at the responses to: Does Web 2.0 Make Availability More Important? Are Denial of Service and Availability Interchangeable? A Browser Crash is...? A Firewall Denial of Service is...? A Web Server Crash is...? These are the questions that drew the responses that ... More About: Security , Series , Survey , Part
Denial of Service the Series: Part 2 - Survey Responses (1/2)
2009-02-17 07:50:00 So here we go... I know some people have been waiting to see these numbers so it's about time I share them. In the end 279 people responded to the survey, and I'm fairly happy about the responses... only one of those 279 used the comments inappropriately but I've still counted the drop down boxes ... More About: Security , Series , Survey , Service , Part
Denial of Service the Series: Part 1 - DoS vs DDoS
2009-02-11 21:16:00 Quite a while back I had posted everywhere and contacted everyone I knew regarding a Denial of Service survey that I was conducting. It came out of the frustration of watching people and companies disregard denial of service as a valid security concern. It seemed to be an ongoing debate -- Confidentiality & Integrity vs ... More About: Security , Series , Part
Steve Wozniak to Appear on Dancing With the Stars
2009-02-09 07:42:00 Really... the title says it all... There's a small write-up here which is where I found out. More About: Dancing , Stars , Entertainment , Steve , Dancing with the Stars
Awesome Scam Phone Call
2009-01-30 02:25:00 I just received one of the best scam phone calls every to my cell phone (I seem to be getting more and more of these calls to my cell phone and it pisses me off). The call came from (916) 219-8163 It was an automated recording that said the following: This is the second time we've called to ... More About: Phone , Awesome , Call , Scam , Phone call
TwCuP Take 2
2009-01-28 02:54:00 So previously I'd posted about writing my own curses twitter client, partially to use and partially to start playing with curses. It was quickly pointed out that I had used an older version of twyt (python library to access the twitter API) -- this taught me to think twice before running apt-get install in the ...
Titan Backup Review
2009-01-27 23:31:00 [Update: Added Screenshots] A long time ago I decided that I would never review software that I was asked to look at, and that I probably wouldn't post deals sent my way unless they were truly valuable to my readers. So when I was contacted by Neobyte Solutions with a "special offer" for my readers, I ... More About: Software , Reviews , Backup , Titan , Review
DamnVulnerableLinux 1.5
2009-01-27 18:50:00 DVL 1.5 is out, and I have mirrored it again. There is also a call out for people to create training materials, so if you can, swing by the DVL forums and volunteer to make a video or two. However, I'm unsure of where to find the forums (there's no link on the main page and ...
Blackberry IM Stalking
2009-01-27 08:10:00 So I mentioned some of this to someone the other day and they were surprised by it (and a Blackberry user) so I thought I'd do up a quick post about it... some people may not realize how much information can be determined about you. Note, these are based on my observations. Blackberry IM Status: Active -- ... More About: Stalking
TwCuP
2009-01-19 08:19:00 Those of you that follow me on twitter may have noticed that yesterday I was posting quite a bit more frequently and most of them contained the word 'test'. I was playing around with twyt and decided to build a curses-based Twitter GUI. I've never done any curses programming before, so this was my way ...
Comments Temporarily Gone
2009-01-19 08:11:00 You may have noticed that recent comments have disappeared. It appears that IntenseDebate.com is down, so I've disabled the plugin (otherwise my blog won't even load). This isn't the first issue I've had and I'm finally fed up. I don't get email notifications for all my comments, my site won't load when they are down ... More About: Comments
SSLFail.com
2009-01-13 14:42:00 I wanted to take a minute to mention a new project that Marcin and I have started that we're calling SSLFail.com. One of the primary purposes of the site is a gallery of images of sites with failed SSL due to invalid certs, bad domain names, etc. Browsers can add more and more protection against ...
Google Android
2009-01-11 19:48:00 I got my first smart phone about 2 years ago. It was the UTStarcom 6700, a rebranded HTC Apache. I used it for ~8 months and was a big fan of the phone but it had major battery issues, and even getting a replacement battery didn't seem to help. So I finally got fed up ... More About: Google , Android , Google Android
Gmail SSL Fail in Chrome
2009-01-10 22:58:00 Romain Gaucher mentioned this on twitter and I had to post a screenshot for anyone who hasn't seen it... it's awesome. More About: Gmail , Chrome
Security Implications of Microsoft Tags
More articles from this author:2009-01-10 22:02:00 So, as I said yesterday, I'm a big fan of Microsoft Tags . There have been many times when I've been out and about and I've seen an ad or poster that I've wanted more details on, snapping a picture of a small barcode is much easier than jotting down the details. However, as I played ... More About: Security , Implications 1, 2, 3, 4, 5, 6, 7 |
|
 |
|
 |
