Suggested Blog Reading – Wednesday June 6th, 2007

ReadNow that I”m back home I hope that I won’t have to travel to Houston again any time soon. The city is nice but it’s involves quite a bit of time on a plane to get there and back 🙂

Here’s the list:

IBM to Buy Watchfire Security Software Firm – This is an interesting acquisition for IBM to improve their web application security offerings.

BM, the world’s largest technology services company, said on Wednesday it will buy privately held security and compliance testing software company Watchfire Corp. for an undisclosed amount.

The deal is expected to close in the third quarter, International Business Machines Corp. said in a statement.

How to become a “security guru” – I someday hope to become a Gru as well 😛

The most important issue facing you experts is that people aren’t going to listen to you most of the time. It doesn’t matter if you are the summer intern or the CEO: getting people to listen is hard. It’s not your job to “tell” people what the right answer is, but to “sell” your idea. If you get angry and poison your working relationships, you are not going to be an effective salesman. The reason experts get angry or frustrated is because they blame others for not listening to the “truth”, rather than blaming themselves for their inability to sell their ideas.

Additional Image Bypass on Windows – Another example of image bypass on a Windows machine.

Michael Schramm posted about another way to do image filter bypassing using alternate file streams on NTFS file systems. Pretty cool stuff (thinking outside the box of what a file really means on different systems)

Undercover Exploits and Vulnerabilities – This post presents a timeline of undercover exploits going as far back as 1988.

I am trying to keep this updated, but life intervenes. Please let me know if I’ve missed some (browser/office vulns?). Note the animated cursor bug in April ’07 does not fit the definition.

Some Enterprise Traffic Analysis – Wow, what a great resource to practice your traffic analysis skills.

Finally, we got some spare time to analyze a few traces available on the LBL-ICSI project website. We would like to extend a big thank you to these guys for making such a valuable resource publicly available.

First thing to note is that these traces have their payloads stripped, only the first 54 bytes are captured. This precludes some of the advanced features like PDU, Stream, and User Objects, from working. Secondly, we are better off doing “traffic analysis” rather than “protocol analysis” on this huge glob of data.

Survey: Microsoft IIS twice as likely to host malware – I kinda always knew 🙂

Web sites hosted on Microsoft’s Web servers are twice as likely to have embedded malware as those using the open-source Apache software, Google security researchers stated in survey results published on Tuesday.

The importance of vulnerability research – If we stop looking, we stop finding. That is as simple as I can put it.

Testing in-house and vendor-built software for security holes should be an enterprise priority, said a group of vulnerability research experts speaking on a panel at the Gartner IT Security Summit held here this week. But Rich Mogull, the Gartner analyst who hosted the panel, questioned how practical it would be for companies to dedicate the dollars and resources required for this testing.

Scroll to top