I was kinda hoping nobody will get their hands on this shit so I could keep it for myself – well… if you’re like me, you probably won’t have the time to read all this – yet I WILL – so… enjoy knowing this URL:
http://csrc.nist.gov/publications/PubsTC.html
I kept it in my archives for more than a year… it’s time it hits more brains.
As always, these guys never stop – I suggest you sign up for DarkNet’s blog if you want to receive more (or sign up for mine to get the best from … anywhere)
http://www.irongeek.com/i.php?page=videos/steganography-intro
This will help but as mentioned in previous posts, with a VPS you do not have access to your kernal. That is good in some ways, because if you don’t have access to it, neither to hackers or spammers (which limits what they can do). Its bad in ways, because you lose control and if you secure your box as much as possible, you are still at risk because you cannot control your kernal.
At any rate, here are some helpful hints
=========================================
Checking for formmail
=========================================
Form mail is used by hackers to send out spam email, by relay and injection methods. If you are using matts script or a version of it, you may be in jeopardy. (More …)
In my previous CIO articles I tried to focus on several problems simultaneously – clearly there has been a better approach. So I am beginning a series of articles devoted to the consistent, practical side of IT security – or more precisely the things that can be used immediately, or can be included in an Action Plan.
Contrary to popular belief, ITSEC does not begin by protecting the perimeter. Firewalls, security systems – this should be the last concern when building any protection. Our goal is to protect the information, not make the providers of different “solutions” rich, right? (More …)
There is nothing special to it, really.
Would you think I’m going to spend hours in describing costs for different IPS/IDS systems, the cost of monitoring etc? No.
I love simple solutions, and this post will be just as simple.
The cost of the “State of the Art” security is exactly the cost of one cheap computer for each employee, and the cost of a completely separate network, tied to the cheap computers.
I’ll explain now.
How do most security breaches occur? Via browsing, via е-mail attachments, and via social engineering in social networks (today, yesterday it was mostly the phone).
So… in order to protect your company, what did you do until now? Yes, you purchased all these security systems, and your computers/servers/users are still being “owned” by attackers. Why? because you’re doing the silliest thing one can do in a modern dangerous world – you’re exposing your most critical IT resources to the Internet.
Separate them.
Let your users have 1 computer (or it could be virtual if your workstations are good enough) for browsing, reading e-mail, chat, etc. And let them use another computer, for access to company critical IT systems. (I will write a detailed article on this for CIO, so stay tuned for more details).
Does it cost much? No. Basically, it’s just a monitor and a cheap PC – say… 400 USD per seat, including the cost of building the separate netwrok. That is a small cost, compared to what you could lose in a breach. To be honest, I would prefer the virtual solution – but it completely depends on your environment. Just keep in mind that for the virtual one – you will need to add one additional network card in each pc or server, and still need to build the completely separated network – and use that network for the virtual machines.
Recent news have been all bragging about every major country starting “Cyber war” initiatives. USA, UK…
“Elite Military Hacker Squad Would Stop Wars With Bits, Not Bombs
Efforts to drag our military’s cybersecurity into the 21st century are well underway, but John Arquilla, professor at the Naval Postgraduate School, wants more: A preemptive international hacker force, which would cripple enemies before they even become a problem. “ (More …)
admin 7:11 pm on 4 October, 2009 Permalink |
This is from 2001!!!
http://w3.cultdeadcow.com/cms/2001/11/the-cult-of-the.html
admin 5:34 pm on 22 October, 2009 Permalink |
http://taosecurity.blogspot.com/2009/10/report-on-chinese-government-sponsored.html