Suggested Blog Reading – Tuesday May 15th, 2007

ReadFor the first golf round of the season I think I did quite well. I am, however, a little sore after using muscles that haven’t been used all winter.

Here’s the list for today:
SPAM and Anti-Spam – Article from the SANS Information Security Reading Room

Unintended consequences – It doesn’t really hit you until you see the graph.

You know what would be really scary? To have the same “success” with the SPY-ACT as we did we CAN-SPAM. In that event, the only people being helped would be security vendors. In other words, good for me, bad for you.

Here come the “rolling” scanner reviews! – I wish they did these reviews more often (with as little marketing spin as possible).

It’s been too long since the web application security industry had a good in-depth review of the various vulnerability assessment solutions available. And never have any in the past included software-as-service-models like ours from WhiteHat. Network Computing’s Strategic Security: Web Applications Scanners review plans to test products from Acunetix, Cenzic, N-Stalker, SPI Dynamics, Syhunt Technology, Watchfire and WhiteHat Security. Thankfully they have Jordan Weins conducting the reviews rather than someone with extremely limited domain knowledge. For those who recall, Jordan is not there average journalist. I personally got to see him win Security Innovations’s Interactive Testing Challenge web hacking competition. This should be really interesting to watch unfold!

Implementing SOA Patterns: The Service Firewall – Brought to you by the letters ‘S’, ‘O’, and ‘A’ (I hate that acronym!). Good article though 🙂

The Service Firewall becomes, then, more difficult to implement because there are several ways in which it can implemented, using several different technologies. You could use BIG-IP Application Security Manager (ASM) as a centralized WAF to implement the pattern, placing ASM at the edge of the network as a transparent or inline proxy-service that bi-directionally scans messages for potential threats. This has the advantage of providing protection for all services and reduces complexity through centralization. You could also use iRules to implement any number of centralized, reusable threat-based protections, particularly those launched via content and connections, such as an xDoS attack. This has the benefit of customization to the environment, but may not offer advanced features included in WAF products such as signature scanning and policy-based security. Neither address logic-based exploits, which are typically cited as the primary driver for custom-code based security solutions in a SOA environment.

Weird IE7 Event Log – Good article as well as a link to a new forensic oriented blog here: http://breach-inv.blogspot.com/

Too me this looks like a failed attempt to install a new event log. I tried to “repair” the log on my test system by adding the usual configuration like file name, file size, retention time and a primary module. So far the log file is still empty. So I ask: Has anybody encountered a properly configured and non-empty IE7 event log?

Scroll to top