-
-
[转帖]Hackin9 Magazine June 2011
-
发表于: 2011-6-11 10:55 1161
-
Hackin9 Magazine June 2011
* Latest News From the IT Security World
by Armando Romeo, eLearnSecurity ID Theft Protect
* A Hole in Your Access Control!
by Ali Al-Shemery
A couple of days ago I was called out to a do a security audit on a company’s internal network security and its access control. The audit was asked to be done on a specific day that the company chose.The reason behind that was to ensure I get no interference from their Network/System Administrator. I will not go through the audit process itself but will show and prove to you how even a well-secured network could be brought (hacked) down by a single mistake, and why implementing access controls then auditing them is an important factor to ensure their effectiveness.
* PSN Hack Where Risk Management and Reality Collide
by Simon Walker and Javvad Malik
There have been many column inches dedicated to the PlayStation Network, which was taken offline following a breach. It has been a high-profile incident and has left Sony management red-faced with many questions thrown at them – not all of which have been answered convincingly. It is simply not possible to protect against all possible security flaws in a product – but proper risk assessment at least indicates what these might be and allows an informed decision. This is important for both companies and for you, the consumer.
* Obscuring the Truth
by Israel Torres
Veiled in a world of pseudo-randomized padded nulls lies the answer in plain sight, laughing at you mockingly. It’s really only a matter of connecting the dots… Or is it? Can the answer be shielded better by simply adding more dots to connect? Does this help or hinder, and whom? Encryption is a double-edged sword and it is caked in blood and rust.Super-encipherment has been historically used to doubly throw off attackers (cryptanalysts) from finding the answer speedily (or at all). Once you think you’ve unlocked something you have a brand new puzzle staring at you silently.
* Attacking, Authentication, and Access Control
by Rich Hoggan
As part of a growing trend where people utilize more services on-line, we rely more and more on entering our data into what we trust as being secure web-forms. Has it ever crossed our minds while we enter our information into web forms that our trust would ever be compromised? We assume that no one besides the service provider and ourselves will ever have access to such information. Like in the Wild West, there can’t be any room for complacency on the internet. It’s just because of this complacency that authentication and access control measures play an increasingly important role in safeguarding the privacy of our data.
* Access Control: Lock-down Your Network
by Gary S. Milefsky
If most of the threats are coming from the inside, what are you doing about it? According to US-CERT (United States Computer Emergency Readiness Team), 95% of downtime and IT related compliance issues are a direct result of an exploit against a Common Vulnerability and Exposure. A firewall, IDS, IPS, anti-virus software and other countermeasures don’t look for or show how to remove CVEs. So most companies are really only 5% secure.
* Flexible Access Online: ASP.NET’s Access Control for the Web
by Tim Kulp
The web was not built to remember users between trips to the server. In fact, the stateless nature of the HTTP forgets anything outside of the immediate Request traveling to the Server or Response going to the Browser. All memory must be handled by features in the Application Server or by the Browser. All memory must be handled by features in the Application Server (such as IIS, Apache, etc…) or by the Browser. This provides a challenge to a core concept in security, Access Control.
* VoIP Access Control
by Ric Messier
Access control is a means by which we determine whether an agent is allowed to gain entry to a particular resource. In the case of physical security or even traditional network security, this may seem straightforward. For example, if you trust someone to gain access to a room where critical resources are kept, you provide that person a key or add them to a badge access list. Similarly, if you want to provide someone access to files you are sharing on a network, you would add their user id to an access control list so they would be able to get to the files they need or want.
* Wireless ad hoc Network and its Vulnerabilities
by Aleksandre Lobzhanidze
A mobile ad-hoc network (MANET) is a self configuring infrastructure-less network, consisting of mobile devices, connected via wireless links. Each device in MANET can move independently from others in any direction, and therefore change its links very frequently. Each device on MANET must forward data unrelated to its own use and therefore serve not just as consumer of the data, but also as a router. The main challenge of MANET is to maintain the information required to properly route the traffic. Such networks may operate themselves, or be connected to the global network – Internet.
* Msona mBox 2000 Features & Functionality Report
by Steve Broadhead
In some ways it can be seen as the Holy Grail of IT procurement – finding the all-in-one office solution that does it all, without complicated installation and management; just fire up and off you go. Of course, in reality – as an absolute – this is largely a pipe dream. But for the Small to Medium Business (SMB) especially, the benefits of an easily installed, lowmaintenance solution to their communications requirements – Internet, data and voice, secure and flexible enough to support their specific needs (dependent on their ISP, TelCo, Hosting company etc) – cannot be overvalued.
* Why are there So Many Command and Control Channesl
by Matthew Jonkman
Command and control channels are an often unappreciated bit of art. Yes art. Most folks don’t pay that much attention to them, professionally or personally. But as a person that spends most of my day finding and picking them apart I can tell you there are some very interesting things going on behind your favorite malware or fake AV warning on the desktop. So let’s explore some of the recent stuff and reminisce about the past, from an IDS point of view. Not thinking like an antivirus engineer looking at registry keys, APIs and system calls. I can’t imagine the difficulties in that life.
* The Asylum
by Jim Gilbert
My paintings are non-figurative, but I realized some years ago that I was interested in how I could combine words and graphics – as a result I started to draw cartoons. Specifically I am excited about The Asylum because of its minimal nature, minimal drawing, minimal words, minimal characters… maximum content.
http://www.filesonic.com/file/1186011034/Hakin9-June-2011.pdf
Программное обеспечение выпуска и Windows Crack Обучение
Нам-Dabei Guanyin Бодхисаттва Нам без митабха
[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入!
赞赏
他的文章
- [转帖]IDM.Computer.Solutions.UltraEdit.Enterprise.v2024.1.0.36.x64.Incl.Keyfilemaker-BTCR 1937
- [转帖]IDM.Computer.Solutions.UEStudio.Enterprise.v2024.1.0.36.x64.Incl.Keyfilemaker-BTCR 1948
- [转帖]IDM.Computer.Solutions.UltraFinder.Enterprise.v2023.0.0.17.x64.Incl.Keyfilemaker-BTCR 1813
- [转帖]JEB Decompiler 5.20.0.202411121942 mod by CXV 1862
- [转帖]Tenorshare.4uKey.for.Android.v2.1.1-AMPED 987
看原图
赞赏
雪币:
留言: