Rodney Campbell's Blog

2006.11.23 Daily Security Reading

by on Nov.23, 2006, under Security

The Means to an Endpoint Security

As SSL VPN remote access systems – that is, technology used to connect internal company resources and data to people working from home or on the road – becomes more mainstream, and organizations extend their internal infrastructures to users who are not necessarily employees, endpoint security has become an increasing concern.

Security Myths

The IT world is full of myths and legends circulated via email or simply spread by word of mouth. These legends are not the infamous hoaxes or chain letters, but assume that certain things are true, when they usually aren’t. However, they are so difficult to prove that they are accepted as true without any evidence whatsoever.

Common causes of IT security breaches

Historically, the approach to enterprise security has been to make the fortress bigger and stronger – to install more products, and write more policies. Yet despite heightened security awareness and cutting-edge tools, 2006 was the worst year yet on record for corporate security breaches – continuing the year-on-year escalation of security risk.

Microsoft makes claim on Linux code

Microsoft CEO Steve Ballmer has said that every user of the open source Linux system could owe his company money for using its intellectual property. The statement will confirm the worst fears of the open source community.

Mark Rasch: Vista’s EULA Product Activation Worries

Mark Rasch looks at the license agreement for Windows Vista and how its product activation component, which can disable operation of the computer, may be like walking on thin ice.

Spam Bust: The Lessons of Yesmail

Is your company violating spam laws like Yesmail did? Even an unwitting violation can result in a fine.

Top 10 Web 2.0 Attack Vectors [pdf]

Web 2.0 is the novel term coined for new generation Web applications., Google maps, Writely and are a few examples. This technological transformation is bringing in new security concerns and attack vectors into existence.

Attack code targets zero-day Mac OS flaw

A security researcher has published attack code for an unpatched flaw in Mac OS X.

On the Power of Simple Branch Prediction Analysis (pdf)

A spy-process running simultaneously with an RSA-process, is able to collect during one single RSA signing execution almost all of the secret key bits.

Is the hacking community running out of fresh ideas?

According to a new report by Kaspersky Lab, the hacking community has run out of fresh ideas when it comes to creating new malware. Malware Evolution: July – September 2006 states that while the hacking community is developing ‘proof of concept’ code for new platforms, it is unlikely that it will translate in to malware capable of causing substantial and lasting damage.

Hackers use virtual machine detection to foil researchers

Three out of 12 malware specimens recently captured in our honeypot refused to run in VMware.

Loading Facebook Comments ...

2 Comments for this entry

Looking for something?

Use the form below to search the site:

Still not finding what you're looking for? Drop a comment on a post or contact us so we can take care of it!

Copyright © 2015 Rodney Campbell

Images contained on this web site may not be used or reproduced in any way without prior permission.