SecurityCurve » Resources

Cool Infosec Resource

Ed — Thu, 18 May 2006 18:22:48 +0000

Throughout the course of my travels, I came across an interesting resource: the Infosecpedia. It is, as the name implies, an information security wiki. Anyway, it’s pretty darn cool – cool enough that I’m thinking about contributing. Maybe one article a week or so. Not that I have a ton of free time, but this seems to me like it could be an awesome resource.

LSO – “Learn Security Online”?

Ed — Thu, 13 Oct 2005 16:58:03 +0000

I stumbled across the LSO or “Learn Security Online site the other day. I happened to be reading the security newswire (sometimes I do this if I feel like I’m too alert early in the day,) and their press release just leapt out at me because it was so different from the other cruft that you see on the wire. Granted, I did think that LSO CEO arguing with Gene Spafford in his own press release was a bit strange, but I just thought “huh” and plowed through:

When asked what he thought of the comment made by Gene Spafford, professor of computer sciences at Purdue University. “Criminal justice programs don’t have students steal cars or commit rape to understand what motivates criminals or how to stop them.” Joe replied,

HoneyMonkeys….

Ed — Tue, 09 Aug 2005 20:57:03 +0000

MS HoneyMonkeys. Cool idea, good execution, valuable results. Maybe I’m wrong on this one, but it seems to me that Microsoft is the only vendor with a plan for catching zero-day vulnerabilities; not to mention the fact that it’s actually paying off.

So… Oracle, Sun, Netscape… What was that mantra again about how MSFT was the bane of information security? I’m not biased, just keeping my eyes open.

Televised Hijinx

Ed — Fri, 24 Jun 2005 21:46:23 +0000

Something tells me that if AT&T really is planning to broadcast an information security news channel, that said channel will be less about streaming security news and more about keeping various hijinkery to a minimum. I mean, really – think about it; if you wanted to, could you think up a bigger target for misguided jouvinile hacker shenanegans than 24hour streaming infosec from AT&T?

“Know Your Enemy”

Diana — Fri, 18 Jul 2003 12:05:21 +0000

The Honeynet Project, http://www.honeynet.org/ has released a short but informative, and moderately entertaining to boot, report on credit card fraudsters and how they operate. The report includes snippets of IRC chats between experienced and newbie fraudsters. For anyone that wants to know how the fraudsters do it, it’s a terrific read. The report can be downloaded from the Honeynet site.

Filtering Dos and Don’ts

Diana — Tue, 15 Jul 2003 13:50:13 +0000

Filtering routers don’t get a lot of attention these days. But they’re still a great first line of defense with the right ACLs (access control list) configured. This recent NWFusion article is a good primer for anyone not aware of what filters on routers can do and a great reminder to anyone who hasn’t checked their router ACLs lately.