-
20 ways to Secure your Apache Configuration
A nice writeup about securing your Apache installation: 20 ways to Secure your Apache Configuration
-
The hidden capabilities of windows firewall
Windows, beginning with XP SP2 contains a decent firewall. It doesn’t have leak prevention or outbound connection filtering. However it does have: inbound connection filtering, ICMP filtering, a default deny policy, GUI and command line interface, configuration using group policy and something I discovered only recently: limiting a certain rule with multiple IP / netmasks…
-
Nmap online
Some brave people have put online a service where you can scan an arbitrary computer with Nmap using their server to do the scanning on your behalf. One can say that this is the grownup version of Shields Up!. I was worried that their service could be abused in an attack-by-proxy (or in this case…
-
What is not AJAX?
Not everything involving browser scripting is AJAX. The following two things are not AJAX: Yellow fading effect on web pages Downloading and running an executable in Internet Explorer if you have your Internet Zone security level set to low.
-
HIPS – just a pretty UI?
Disclaimer: the viewpoints and ideas expressed here an entirely my own and are by no means representative for any institution I am affiliated with. Also I do not want to offend anybody, since I realize that the amount of work it takes to create some of these programs and the wealth of knowledge one must…
-
Two contest you might enjoy
Two contests you might consider checking out if you are a security person: The Hitchhackers Guide to the Galaxy – HTML / scripting oriented The malware analisys quiz 7 from SANS – a challenge oriented more at disassembly, and be aware! this is a real malware sample! Good luck
-
Talking out of your head (as opposed to an other body part)
Recently a hoax / misinformation / hype is making its way around the web (or at least the part of the web I see ;)). I’m talking about the article title Internet Explorer 7 – Still Spyware Writers Heaven. While I’m by no means a MS fan and criticized the IE7 team for not making…
-
Creating random passwords – the easy way
Passwords are used as the main authentication method in almost all of the current websites. They are easy to implement (from the websites owner point of view), however the user must consider several conflicting goals if s/he wants to stay safe: Passwords should be long The user must be able to remember the password It…
-
The IE7 team replies – sort of
As you might remember Martin McKey very generously offered his readers the chance to post questions which he will ask at the IE7 release party. Well, he went he asked and as I’ve predicted he got a canned response. I felt that this was partially he didn’t insist on it – and I can’t blame…