"A researcher has reopened the subject of beneficial worms, arguing that the capabilities of self-spreading code could perform better penetration testing inside networks, turning vulnerable systems into distributed scanners. The worms, dubbed nematodes after the parasitic worm used to kill pests in gardens, could give security administrators the ability to scan machines...
UPDATED: 1/30/06 Response from Author "Just to inform you that the malicious code mentioned to you was actually partly research for the paper. If you take a look at the latest version (with lynx if you like), I now refer to the clipboard issue in issue 3 (this was introduced in 1.2.0...
Amit Klein has written a new article entitled "XST Strikes Back (or perhaps "Return from the Proxy"...)". Whatever the final title may be it outlines how XST vulnerabilities can still exist when a proxy server is in front of the server that an attacker is wishing to launch the attack against. "About...
The Web Application Security Consortium is pleased to announce v1.0 of The Web Application Firewall Evaluation Criteria. WAFEC is a result of a collaboration between web application firewall vendors and independent security professionals to create a comprehensive, vendor-neutral, web application firewall evaluation criteria.
I've decided that with the recent buzz of RSS security news stories, and mailing list posts that it needs its own section. If there is a story or article that you feel I've missed please let me know. RSS Security Section: RSS Security
"The fast growing popularity of RSS (really simple syndication) means that the technology will pose increasingly significant problems for IT security professionals this year, new research has warned. ScanSafe's latest web security report notes an explosive growth in the use of RSS feeds to pull updated content via HTTP and XML rather...
"Now that the WS-Security spec is "ready for prime time" and many security products are supporting it, organizations should start to develop a Web services security strategy, according to Anne Thomas Manes, a vice president and research director at Burton Group in Midvale, Utah. However, in her recent report, Web Services Security:...
Dancho Danchev has written an article outlining a few malware trend predictions that is worth checking out. If you're into that sort of thing I wrote an article on web Application Worms that you may also wish to check out. Article Link: http://www.astalavista.com/media/archive1/files/malwaretrends.pdf
"An 18 year-old boy was recently arrested in Ohio for telling fellow students to refresh the schools web page in order to slow down the server. He is being charged with a felony and is currently being held in jail. According to Canton City Prosecutor Frank Forchione 'This new technology has created...
"We are seeing people discover vulnerabilities in software with tiny distribution and low installed base--free guestbooks that are written left and right, available by the thousands. And we are seeing that it takes no skill to find vulnerabilities in these applications. " - Securityfocus http://www.securityfocus.com/news/11367
A online zine called 'uninformed' has just released issue #3. I gotta say it's worth checking out. Below is the list of the table of contents. * Bypassing PatchGuard on Windows x64 * Windows Kernel-mode Payload Fundamentals * Analyzing Common Binary Parser Mistakes * Attacking NTLM with Precomputed Hashtables * Linux Improvised...
The time has come and I really need a new logo/banner for this website! I am offering website advertising (On every page) for a minimum of one month to a person who can provide me with a new 259x68px, and 120x60px logo. If you've got what it takes to design us a...
