Suggested Blog Reading – Wednesday May 30th, 2007

ReadI’ve got everything booked for my trip to Houston and I’m looking forward to the BBQ I plan on enjoying 😛

Here’s the list:

Soloway: Another spammer bites the dust – Chalk one up for the good guys!

A notorious spammer once sued by Microsoft was arrested in Seattle this morning, a week after a federal grand jury indicted him under seal for allegedly illegal — and prolific — spamming.

NIST readies guidance on IT security assessments – If you’ve got comments you have until July 31st to make them.

The National Institute of Standards and Technology has finished the third and possibly final draft of its revised guidelines for assessing the adequacy of IT security. Special Publication 800-53A, Guide for Assessing the Security Controls in Federal Information Systems, will be released for comment June 4.

Germany declares hacking tools ‘verboten’ – This is terrible because there is no clear indication of what a “hacking tool” is.

Updates to Germany’s computer crime laws banning so-called “hacking tools” have been criticised as ill-considered and counterproductive.
The revamp to the German criminal code is designed to tighten definitions, making denial of service attacks and attempts to sniff data on third-party wireless networks, for example, clearly criminal. Attacks would be punishable by a fine and up to 10 years imprisonment.

A New Vector For Hackers — Firefox Add-Ons – Something to look out for.

Makers of some of the most popular extensions, or “add-ons,” for Mozilla’s Firefox Web browser may have inadvertently introduced security holes that criminals could use to steal sensitive data from millions of users.

By design, each Firefox extension — any of a number of free software applications that can be added to the popular open-source browser — is hard-coded with a unique Internet address that will contact the creator’s update server each time Firefox starts. This feature lets the Firefox browser determine whether a new version of the add-on is available.

IPS app available for free – I look forward to testing this out.

Network managers looking for an inexpensive way to better secure traffic crossing their nets might want to check out a free application from Intoto.

Intoto, a provider of security software for enterprise network equipment and CPE gateways, last week at Interop, introduced a stand-alone intrusion-prevention system (IPS) application that the company says will help small and midsize companies looking for enterprise-scale security tools.

Web application scan-o-meter – Another document to put on your “to-read” list.

The new OWASP Top 10 2007 has recently be made available. Excellent work on behalf of all the contributors. As described on the website, “This document is first and foremost an education piece, not a standard.”, and it’ll do just that. Educate. Last week I provided project team with updated text (unpublished) that more accurately describes the current capabilities of “black box” automated scanners in identifying the various issues on the list. The exercise provided ideas for the remainder of this blog post; estimating how effective scanners are at finding the issues organized by OWASP Top-10.

Scroll to top