Articles
Vulnerability Life Cycle - threat modelling
Web Hacking 2.0
Why Exploit Markets are Bad
Ettercap-NG Workings and Defence
The Zotob Summary
How-To's
Linux SSH Jail with pam_chroot
Firefox Privacy & Security Extensions
Papers
Managing Patching, my MSc Thesis
Risk Analysis of Monthly Patch Schedules
Tools
Automated Vodacom SMS (VodaSMS)
RSS 2 SMS
DShield Hack Detection
Neologisms
Encryption principles
Zoolander's Law
Certificate fingerprints:
SHA1: 61 13 45 4B 4C F9 89 9B B7 87 C8 78 F7 38 12 CB 07 E2 60 BF
MD5 : DA 53 7B 50 E4 3A 2C 6C A1 17 53 C1 A0 5E CB 89
HTTPS version.
You can find an explanation here.
pdp pointed out Joe Walker's slides on the matter. They are clear and beautiful and I've embedded them below. I think this complements the "Web Hacking 2.0" post quite nicely.
Deloitte has gather together some good climate change resources. If you want some white papers, formal research or the like, this has some good links.
Straight from Dominic's jargon generation lair, come the following two encryption related terms:
Encryption should be implemented as high up the application stack as possible.
The underground fortress effect is a description of encryption's ability to enforce access controls/authorisation at the layers of the application stack below the layer at which they are defined.
They're not standard; It changes per country, per card brand and per bank. There's lots more to this in South Africa mail me if you want more info.
I'm definitely making '); DROP TABLE Students -- my son's middle name; ' OR 1==1 -- will be my daughter's.
Following from our win on the risk management consulting front, Forrester just named us the best security consultants. The South African firm contributed one fifth of the client work to this. Gosh, I do like being on top ;)
Deloitte Is A Leader In Security Consulting With Solid Depth And Global Reach
Deloitte has the largest pool of security consultants in the market, and its global reach includes engagements in more than 100 countries. Security, privacy, and information risk management services within the company are integrated into a single enterprise framework, with a mature perspective focused on client value. In our evaluation, Deloitte's current security offering and market presence took the top spot among all other service providers, although its market strategy score slightly trailed its close rival. Its focus on risk management and privacy and its willingness to invest in R&D activities makes it an excellent choice for those looking for technology expertise coupled with sound strategic advice and strong business orientation. Deloitte brings a pragmatic and mature perspective and is best suited for medium- and large-scale, integrated projects requiring information risk management and security services.
I recently ran into this debate at a client, and even though I had a fairly good understanding of this issue, the thoughts only struck me with clarity today. This will be fairly obvious to many people, but unfortunately, not all. Hopefully Google will help broadcast my purported clarity.
SensePost
singe: Awesome breakdown from the reigning Web App Scanner queens NTObjectives on why their scanner kicked the other's asses http://is.gd/9e0GZ
Schneier on Security: Wikibooks Cryptography Textbook