ComputerDefenseComputerDefenseComputerDefense.org is an IT Security website, with a mix of python,hardware,reviews and anything else I feel like talking about... previously it hosted a daily link list.. (which may make a comeback)... 
Articles
Hackers for Charity: Interview with Johnny Long
2007-12-10 17:51:00 In a previous post, I had reviewed a SecTor presentation done by Johnny Long. I had also mentioned on Hackers for Charity , a charity started by Johnny to link up hackers with charities that require IT/IS assistance. I see this as an incredible contribution and was looking forward to getting involved myself, but at ... More About: News , Security , Interview
Random Links
2007-12-08 17:15:00 I haven’t done a Daily Link List in a while, but there are a few things I wanted to share. Via Thoughts of a Technocrat, we’ve got the best Microsoft KB Article every, Computer Random ly Plays Classical Music. From the Secunia Blog, we’ve got an interesting chain of letters between Secunia and Autonomy in which Autonomy repeatedly ... More About: Links
Random Links
2007-12-08 17:15:00 I haven’t done a Daily Link List in a while, but there are a few things I wanted to share. Via Thoughts of a Technocrat, we’ve got the best Microsoft KB Article every, Computer Random ly Plays Classical Music. From the Secunia Blog, we’ve got an interesting chain of letters between Secunia and Autonomy in which Autonomy repeatedly ... More About: Links
Has SANS Top 20 Lost All Meaning?
2007-11-28 22:14:00 I’m not going to give an answer to that… but I want everyone to think about it. As most people have read by now, the SANS Top-20 2007 list has been published. The list this year contains the following: C1. Web Browsers C2. Office Software C3. Email Clients C4. Media Players S1. Web Applications S2. Windows ... More About: Security , Lost , Vulnerabilities , Meaning
Has SANS Top 20 Lost All Meaning?
2007-11-28 22:14:00 I’m not going to give an answer to that… but I want everyone to think about it. As most people have read by now, the SANS Top-20 2007 list has been published. The list this year contains the following: C1. Web Browsers C2. Office Software C3. Email Clients C4. Media Players S1. Web Applications S2. Windows ... More About: Security , Lost , Vulnerabilities , Meaning
Quicktime RSTP Response Vulnerability
2007-11-27 23:13:00 Yet another one of these exploits… I find this one to be somewhat humourous… if for no reason other than I see it as a massive Apple failing… Apple has failed miserably. How did they fail? In two ways. 1. Quicktime was not compiled to take advantage of ASLR on Vista. This is simple enough, you pass ... More About: Security , Vulnerabilities , Vulnerability , Response
Quicktime RSTP Response Vulnerability
2007-11-27 23:13:00 Yet another one of these exploits… I find this one to be somewhat humourous… if for no reason other than I see it as a massive Apple failing… Apple has failed miserably. How did they fail? In two ways. 1. Quicktime was not compiled to take advantage of ASLR on Vista. This is simple enough, you pass ... More About: Security , Vulnerabilities , Vulnerability , Response
Google + Tor
2007-11-27 17:11:00 It seems to me that Google isn’t the biggest fan of Tor… Do a search for ‘what’s my IP’ and you get a number of results, whatsmyip.org being the first one. Now do that same search with Tor running… I got a 403 page from Google: We’re sorry… … but your query looks similar to automated requests from ...
Google + Tor
2007-11-27 17:11:00 It seems to me that Google isn’t the biggest fan of Tor… Do a search for ‘what’s my IP’ and you get a number of results, whatsmyip.org being the first one. Now do that same search with Tor running… I got a 403 page from Google: We’re sorry… … but your query looks similar to automated requests from ...
CSRF Hacking Database
2007-11-25 21:23:00 I’m not sure how I didn’t stumble across this before but at least I did eventually find it. From the about page: In the style of Johnny Longs googledorks, I bring you the CSRF Hacking Database . This database will contain urls that exploit CSRF vulnerabilities in websites. This is not intended to assist malicious hacking, rather it is ... More About: Security
CSRF Hacking Database
2007-11-25 21:23:00 I’m not sure how I didn’t stumble across this before but at least I did eventually find it. From the about page: In the style of Johnny Longs googledorks, I bring you the CSRF Hacking Database . This database will contain urls that exploit CSRF vulnerabilities in websites. This is not intended to assist malicious hacking, rather it is ... More About: Security
Lax Web Application Security
2007-11-25 02:10:00 I know it shouldn’t surprise me anymore… but it still does. Every time I visit a site and see a massive, gapping hole in their webapp security. I can get missing an XSS or some other input validation… it’s not good, but it happens… what I don’t get is shopping cart apps that allow the ... More About: Security , Application Security , Vulnerabilities , Application , Web Application
Lax Web Application Security
2007-11-25 02:10:00 I know it shouldn’t surprise me anymore… but it still does. Every time I visit a site and see a massive, gapping hole in their webapp security. I can get missing an XSS or some other input validation… it’s not good, but it happens… what I don’t get is shopping cart apps that allow the ... More About: Security , Application Security , Vulnerabilities , Application , Web Application
[SecTor Review] Modern Trends in Network Fingerprinting
2007-11-24 05:27:00 SecTor Day #2 Speakers: Ryan Poppa and Jay Graver This was the final talk that I attended prior to the wrap up. I already knew what to expect for the most part, since Ryan and Jay are colleagues at nCircle. The hour long presentation started with 30 minutes of background presented by Jay. The discussion itself focused around ... More About: Reviews , Trends , Review , Network , Modern
[SecTor Review] Modern Trends in Network Fingerprinting
2007-11-24 05:27:00 SecTor Day #2 Speakers: Ryan Poppa and Jay Graver Presentation (pdf) Download Audio (with Slide Deck) (wmv) This was the final talk that I attended prior to the wrap up. I already knew what to expect for the most part, since Ryan and Jay are colleagues at nCircle. The hour long presentation started with 30 minutes of background presented by ... More About: Reviews , Trends , Review , Network , Modern
[SecTor Review] Hacking Hollywood
2007-11-24 03:53:00 SecTor Day #2 Speaker: Johnny Long This was my first time seeing Johnny talk and he definitely lived up to the stories I’ve heard. This wasn’t a technical talk by any means, but it was highly entertaining and hilarious. Before Johnny started his talk, he took advantage of his the platform to fill in the attendees on IHackCharities.org. ... More About: Hollywood , Reviews , Review , Olly
[SecTor Review] Hacking Hollywood
2007-11-24 03:53:00 SecTor Day #2 Speaker: Johnny Long Download Audio (wmv) This was my first time seeing Johnny talk and he definitely lived up to the stories I’ve heard. This wasn’t a technical talk by any means, but it was highly entertaining and hilarious. Before Johnny started his talk, he took advantage of his the platform to fill in the attendees ... More About: Hollywood , Reviews , Review , Olly
[SecTor Review] Black Ops 2007: DNS Rebinding Attacks
2007-11-23 17:55:00 SecTor Day #2 Speaker: Dan Kaminsky Presentation (ppt) Audio (wmv) This was the first talk I attended on day 2. Dan demonstrated DNS Rebinding attacks and how they can be dangerous to internal networks. The talk was filled with technical data and live demos. While the demo had been setup in advance it was nice to see how quickly ... More About: Reviews , Review , Black , Attacks , Atta
[SecTor Review] Black Ops 2007: DNS Rebinding Attacks
2007-11-23 17:55:00 SecTor Day #2 Speaker: Dan Kaminsky This was the first talk I attended on day 2. Dan demonstrated DNS Rebinding attacks and how they can be dangerous to internal networks. The talk was filled with technical data and live demos. While the demo had been setup in advance it was nice to see how quickly and efficiently the ... More About: Reviews , Review , Black , Attacks , Atta
[SecTor Review] Black Ops 2007: DNS Rebinding Attacks
2007-11-23 17:55:00 SecTor Day #2 Speaker: Dan Kaminsky This was the first talk I attended on day 2. Dan demonstrated DNS Rebinding attacks and how they can be dangerous to internal networks. The talk was filled with technical data and live demos. While the demo had been setup in advance it was nice to see how quickly and efficiently the ... More About: Reviews , Review , Black , Attacks , Atta
[SecTor Review] Defending Layer 8
2007-11-23 16:11:00 SecTor Keynote Speaker: Steve Riley Presentation (ppt) Full Title: Defending Layer 8: How to Recognize and Combat Social Engineering This talk was interesting, funny and informative… a great way to start the second day. Steve took the 7 layer OSI model and turned it into a 9 layer model. He added layer 0 to the bottom, physical… but not ... More About: Reviews , Review
[SecTor Review] Defending Layer 8
2007-11-23 16:11:00 SecTor Keynote Speaker: Steve Riley Full Title: Defending Layer 8: How to Recognize and Combat Social Engineering This talk was interesting, funny and informative… a great way to start the second day. Steve took the 7 layer OSI model and turned it into a 9 layer model. He added layer 0 to the bottom, physical… but not physical like ... More About: Reviews , Review
[SecTor Review] Defending Layer 8
2007-11-23 16:11:00 SecTor Keynote Speaker: Steve Riley Full Title: Defending Layer 8: How to Recognize and Combat Social Engineering This talk was interesting, funny and informative… a great way to start the second day. Steve took the 7 layer OSI model and turned it into a 9 layer model. He added layer 0 to the bottom, physical… but not physical like ... More About: Reviews , Review
[SecTor Review] Exploit-Me Series
2007-11-23 05:21:00 Sector Day #1 Speakers: Rohit Sethi and Nish Bhalla Full Title: Exploit -Me Series — Free Firefox Application Penetration Testing Suite Launch I was really curious to see this one, although I heard the other talks were interesting. My main reason was that I wanted to see how this plugin was different from others, such as my favourite ... More About: Security , Reviews , Review
[SecTor Review] Exploit-Me Series
2007-11-23 05:21:00 Sector Day #1 Speakers: Rohit Sethi and Nish Bhalla Presentation (pdf) Audio (wmv) Tool Website Full Title: Exploit -Me Series — Free Firefox Application Penetration Testing Suite Launch I was really curious to see this one, although I heard the other talks were interesting. My main reason was that I wanted to see how this plugin was different from others, ... More About: Security , Reviews , Review
[SecTor Review] Exploit-Me Series
2007-11-23 05:21:00 Sector Day #1 Speakers: Rohit Sethi and Nish Bhalla Full Title: Exploit -Me Series — Free Firefox Application Penetration Testing Suite Launch I was really curious to see this one, although I heard the other talks were interesting. My main reason was that I wanted to see how this plugin was different from others, such as my favourite ... More About: Security , Reviews , Review
[SecTor Review] Web Application Worms: The Future of Browser Insecurity
2007-11-23 04:56:00 SecTor Day #1 Speaker: Mike Shema Webapp worms and browser insecurity… exactly what I wanted to hear about. It was actually quite a tough call because at the same time as this talk, Joanna Rutkowska was speaking on ‘Security Challenges in Virtualized Environments’. In the end, my interest in web security won out over my interest in ... More About: Reviews , Future , Review , Worms , The Future
[SecTor Review] Web Application Worms: The Future of Browser Insecurity
2007-11-23 04:56:00 SecTor Day #1 Speaker: Mike Shema Webapp worms and browser insecurity… exactly what I wanted to hear about. It was actually quite a tough call because at the same time as this talk, Joanna Rutkowska was speaking on ‘Security Challenges in Virtualized Environments’. In the end, my interest in web security won out over my interest in ... More About: Reviews , Future , Review , Worms , The Future
[SecTor Review] Zen and the Art of Cybersecurity
2007-11-23 04:33:00 SecTor Keynote Speaker: Ira Winkler It’s lunch time, the food is great and the first day is on it’s way to being half over. Although I’ve never seen him talk before, I’ve heard the hype about Ira Winkler… a great speaker with an interesting background, I was really looking forward to this keynote… and it didn’t disappoint. Ira ... More About: Reviews , Review
[SecTor Review] Zen and the Art of Cybersecurity
More articles from this author:2007-11-23 04:33:00 SecTor Keynote Speaker: Ira Winkler It’s lunch time, the food is great and the first day is on it’s way to being half over. Although I’ve never seen him talk before, I’ve heard the hype about Ira Winkler… a great speaker with an interesting background, I was really looking forward to this keynote… and it didn’t disappoint. Ira ... More About: Reviews , Review 1, 2, 3, 4, 5, 6, 7 |
|
 |
|
 |
