Man it’s hot in Houston…that is all.

Here’s the list:

NIST 800-44 Version 2 – Guidelines on Securing Public Web Servers – Perhaps it’s time to review your current policies on protecting your internet-facing web server?

The newest revision to NIST 800-44 was released on June 1st. While it’s not the complete answer, it’s certainly a useful document in the battle for web-application security.

How To Block Spam Before It Enters The Server (Postfix) – I like my idea of getting a sock full of doorknobs and going door-to-door to explain my hatred of spam…but this is good too…I guess.

The last few weeks have seen a dramatic increase in spam (once again). Estimates say that spam makes now up for 80 – 90% of all emails, and many mail servers have difficulties in managing the additional load caused by the latest spam, and spam filters such as SpamAssassin do not recognize large parts of that spam as they did before. Fortunately, we can block a big amount of that spam at the MTA level, for example by using blacklists, running tests on the sender and recipient domains, etc. An additional benefit of doing this is that it lowers the load on the mail servers because the (resource-hungry) spamfilters have to look at less emails.

Cisco IOS hints and tricks blog – Thanks for the link Mitchell!

I happened across a great blog by author and Cisco CCIE Ivan Pepelnjak covering hints, tips and tricks for Cisco IOS. Ivan is a well published author with books about firewalls, MPLS, VPNs and EIGRP. He also has a blog on AJAX and XLM.

Image Upload XSS – I agree with RSnake. If you’re going to accept uploads make sure you handle them properly.

I’ve talked about this before but I thought I should actually make a tool to make this attack more practical. But one thing I have seen a number of times, is places that upload images, and even check to make sure they are valid but don’t rename them to make sure that the file names themselves aren’t malicious. Well I finally created a tool to help with this type of testing.

The value of 0-day… – I suspect that many governments pay for solutions such as this just like they do for discrete intelligence from foreign operatives. They’d be crazy not to.

Another interesting article regarding the value of 0-day vulnerabilities. Rob Lemos relates the stories of a few researchers who sold their 0-day vulnerability/exploit information for big dollars. The twist here, which is news to some, is who purchased it (the .gov) and for how much (as high as 80k). This is significantly more than vulnerability purchase shops iDefense and ZDI (3COM/Tipping Point) currently offer. The only catch? The big spenders aren’t advertising so you have to have contacts to make such a scale. The scary part? We all know how cheap the U.S. government can be.. so how much are other governments paying?

OWASP Live CD – Burn it…live it…love it!

If you do a lot of application security you may have already heard of the OWASP Live CD. To quote the website, “The OWASP Live CD (LabRat) is a bootable CD akin to knoppix but dedicated to Application Security. It shall serve as a vehicle and distrubition (sic) medium for OWASP tools and guides.” Pretty cool idea, and I’ve used it before, but a few things came to mind as I was re-reading the documentation this morning.

AntiForensics Article – Another great article by Harlan Carvey.

I read an interesting article recently that talks about antiforensics. At first glance, the article is something of an interesting piece, but reading it a second time and thinking about what was actually being said really got me thinking. Not because the article addresses the use of antiforensics, but because it identifies an issue (or issues) that needs to be addressed within the forensics community. Yes, these tools are out there, and we should be thankful that they we made available by someone…otherwise, how could we address the issue? So, what do we need to do to update our methodologies accordingly? Perhaps more importantly, should be be trying to get ahead of the power curve, rather than playing catch up?

PKI Enhancements in Windows Vista and Windows Server 2008 – Good explanation of the 4 “investment pillars” in Windows Server 2008.

The PKI (Public Key Infrastructure) team in Microsoft is responsible for the different technologies related to digital certificates, these technologies and products include the CA (Certificate Authority), the client enrollment API and UI, OCSP (Online Certificate Status Protocol) Responder, SCEP (Simple Certificate Enrollment Protocol) and the smart card subsystem in Windows.

In Windows Vista and Windows Server 2008 the PKI team focused on 4 main investments pillars:

Vista Sudo utility: Run programs as administrator – “sudo”…what a novel idea! 😛

In Windows Vista, you have limited privileges on the machine, although you’re a power user. This means that programs you run have limited permissions, and you must elevate your privileges whenever you want to perform certain administrative-tasks, such as changing system settings or installing programs.

Wow…June already.

Here’s the list:

Cisco IPS Signature Engines – Good writeup on how Cisco IPS signatures work.

A signature engine is a component of the Cisco IPS that is designed to support many signatures in a certain category. An engine is composed of a parser and an inspector. Each engine has a set of parameters that have allowable ranges or sets of values.

A little about my book… – Don’t worry Harlan…you’re not even coming close to the number of “as I said in my book” references that Richard Bejtlich makes 🙂

Many times, in forums (forii??) or email, someone will see me say “…as I mentioned in my book…” or “…as detailed in my book…” and I’ve received comments that some folks have been turned off by that. Okay, I can go with that, as I dislike sales pitches myself. So why do I say something like that?

Sguil – Intuitive GUI for Network Security Monitoring with Snort – The best open tool for dealing with Snort alerts.

Sguil (pronounced sgweel) is probably best described as an aggregation system for network security monitoring tools. It ties your IDS alerts into a database of TCP/IP sessions, full content packet logs and other information. When you’ve identified an alert that needs more investigation, the sguil client provides you with seamless access to the data you need to decide how to handle the situation. In other words, sguil simply ties together the outputs of various security monitoring tools into a single interface, providing you with the most information in the shortest amount of time.

G2000 Logjam Continues To Spur Log Management Says SANS Survey – I’ll have to book some time to watch the webcast.

We teamed up with the SANS Institute again this year to survey the G2000 on the trends driving log management and intelligence. You can dowload a copy of the preliminary findings of the 2007 Log Management Survey or sign up to attend a webcast presentation of the results with SANS on June 6th.