HNS MAIN FEED
Q&A: Web 2.0 Security
Tuesday, 22 July 2008, 9:27 PM CET
Sam Masiello has more than 18 years of email systems and IT management experience, including nearly 10 years network and security systems management. In this interview he discusses various aspects of Web 2.0 security.
Video: The vulnerability economy
Monday, 21 July 2008, 10:05 PM CET
Jeff Moss, the founder of DEFCON and Black Hat, discusses the unfolding of the vulnerability economy. Nowadays, instead of exposing high profile zero-day vulnerabilities at conferences, many researchers opt for selling their discoveries on a growing market.
Increasing threat of confidential information loss
Friday, 18 July 2008, 11:37 AM CET
A national security and privacy survey sponsored by CA showed that security threats from within an organization now are a bigger problem than attacks from external sources. At the same time, the number of U.S. organizations reporting loss of confidential data and reduced customer satisfaction has increased by 55 percent and 65 percent, respectively, in the past two years.
Book review - Security Power Tools
Wednesday, 16 July 2008, 7:12 PM CET
By reading through security web sites, traversing through software depositories and using Google, you can keep your self updated with the latest tools and attack/defense scenarios based on them. If you want a centralized place on reading this kind of information, "Security Power Tools" is definitely the book you should check out.
Cybercrime organizational structures and modus operandi
Tuesday, 15 July 2008, 10:27 PM CET
This report explores the trend of loosely organized clusters of hackers trading stolen data online being replaced by hierarchical cybercrime organizations. These organizations deploy sophisticated pricing models, crimeware business models refined for optimal operation, crimeware drop zones, and campaigns for optimal distribution of the crimeware.
DNS vulnerability overview and suggested mitigations
Tuesday, 15 July 2008, 7:41 PM CET
On July 9th, 2008 a massive effort was made among software and hardware vendors to release a simultaneous patch to their products. This patch was created to mitigate or minimize the effects of a vulnerability discovered in the basic operation of the Internet Domain Name System or DNS. This subsystem is critical to the operation of the Internet and provides for the translation of human readable names into computer usable IP addresses.
Q&A: Insider threat
Monday, 14 July 2008, 2:04 PM CET
Bob Farber is the CEO of Symark and in this interview he discusses the growing problem of insider threat with thoughts on evolution, the main challenges of controlling access to proprietary systems and more.
The extended HTML form attack revisited
Wednesday, 9 July 2008, 10:34 PM CET
HTML forms are one of the features in HTTP that allows users to send data to HTTP servers. An often overlooked feature is that due to the nature of HTTP, the web browser has no way of identifying between an HTTP server and one that is not an HTTP server. Therefore web browsers may send this data to any open port, regardless of whether the open port belongs to an HTTP server or not.
Hard Drive Recovery
Tuesday, 22 July 2008, 9:27 PM CET
Sam Masiello has more than 18 years of email systems and IT management experience, including nearly 10 years network and security systems management. In this interview he discusses various aspects of Web 2.0 security.Video: The vulnerability economy
Monday, 21 July 2008, 10:05 PM CET
Jeff Moss, the founder of DEFCON and Black Hat, discusses the unfolding of the vulnerability economy. Nowadays, instead of exposing high profile zero-day vulnerabilities at conferences, many researchers opt for selling their discoveries on a growing market.Increasing threat of confidential information loss
Friday, 18 July 2008, 11:37 AM CET
A national security and privacy survey sponsored by CA showed that security threats from within an organization now are a bigger problem than attacks from external sources. At the same time, the number of U.S. organizations reporting loss of confidential data and reduced customer satisfaction has increased by 55 percent and 65 percent, respectively, in the past two years.Book review - Security Power Tools
Wednesday, 16 July 2008, 7:12 PM CET
By reading through security web sites, traversing through software depositories and using Google, you can keep your self updated with the latest tools and attack/defense scenarios based on them. If you want a centralized place on reading this kind of information, "Security Power Tools" is definitely the book you should check out.Cybercrime organizational structures and modus operandi
Tuesday, 15 July 2008, 10:27 PM CET
This report explores the trend of loosely organized clusters of hackers trading stolen data online being replaced by hierarchical cybercrime organizations. These organizations deploy sophisticated pricing models, crimeware business models refined for optimal operation, crimeware drop zones, and campaigns for optimal distribution of the crimeware.DNS vulnerability overview and suggested mitigations
Tuesday, 15 July 2008, 7:41 PM CET
On July 9th, 2008 a massive effort was made among software and hardware vendors to release a simultaneous patch to their products. This patch was created to mitigate or minimize the effects of a vulnerability discovered in the basic operation of the Internet Domain Name System or DNS. This subsystem is critical to the operation of the Internet and provides for the translation of human readable names into computer usable IP addresses.Q&A: Insider threat
Monday, 14 July 2008, 2:04 PM CET
Bob Farber is the CEO of Symark and in this interview he discusses the growing problem of insider threat with thoughts on evolution, the main challenges of controlling access to proprietary systems and more.The extended HTML form attack revisited
Wednesday, 9 July 2008, 10:34 PM CET
HTML forms are one of the features in HTTP that allows users to send data to HTTP servers. An often overlooked feature is that due to the nature of HTTP, the web browser has no way of identifying between an HTTP server and one that is not an HTTP server. Therefore web browsers may send this data to any open port, regardless of whether the open port belongs to an HTTP server or not.
