Editorials

TCP Split Handshake Issue

Image via WikipediaTCP Split Handshake Issue those days I’ve read on the news a lot of noise about an NSS test that were reporting a TCP handshake security hole (TCP Split Handshake Issue) in several commercial firewalls. The question is interesting from several points of view: are IPS and firewall really secure? is a vulnerability really a security issue? how does this vulnerability affect me? http://portadiferro.blogspot.com/2011/04/tcp-split-handshake-issue.html Related articles Other Considerations On TCP Split Handshake (paulsparrows.wordpress.com) TCP Split Handshake: Why Cisco ASA is not susceptible (paulsparrows.wordpress.com) TCP Split Handshake: The (Never)ending Story… (paulsparrows.wordpress.com) TCP Split Handshake Attack Explained (paulsparrows.wordpress.com) Hacker ‘handshake’…

Atti di fede razionale (Update)

Rileggo un vecchio post e lo trovo stranamente attuale nonostante l’età (del post, non la mia, maleducati ) il tema della veridicità delle fonti diviene sempre piu pressante nel mondo moderno dove i centri di approvvigionamento delle informazioni sono molteplici. La questione mi è ritornata in mente  diverse volte nel recente passato. A cominciare dall’affaire wikileaks per poi passare alle nostrane vicende politiche con ruby e papy ed infine alla recente tragedia giapponese. Wikileaks mostracome le informazioni che spesso vengono presentate la pubblico non siano veritiere, esiste una dfferenza sotanziale, a leggere I cable segreti ripubblicati, tra cio che si…

What Does a Spamhaus Attack Feel Like? – Black Hat Forum Black Hat SEO

What Does a Spamhaus Attack Feel Like? – Black Hat Forum Black Hat SEOBy BlackBeautyI am writing a manual on how to do this as I have been struggling with a targeted attack and have defeated them each and every time they attempted to shut me down. I have one more migration and I am done. …Black Hat Forum Black Hat SEO – http://www.blackhatworld.com/blackhat-seo/ Related articles Spamhaus: Spamhaus forged (again) in malware phish attack (boxofmeat.net) Did Anonymous attack the Spamhaus project? (nakedsecurity.sophos.com) Spamhaus DDoS blamed on shady Russian hosts, not Anonymous (go.theregister.com) Appeals judges berate spammer for “ridiculous,” “incompetent” litigation…

SECURITY: Web Browsing infection and protection basics

As the 2010 ended we learned that it was the most prolific years in terms of malware, new malware and botnets. And also we found out that internet browsing has been the most used vehicle to spread infection and attack.Actually seems not to be an astonishing news, ou contraire, but it is interesting to notice that the focus has shifted from OS related threats to application and browsing vulnerability. this allowed malware to attack new surfaces, virtually any operating systems with internet browsing capabilities is subject and can be target of an attack or an infection: pc, smarthphone, tablet, consoles…

The Firesheep firestorm

Image via Wikipedia The Firesheep firestormNetworkWorld.comIan Paul notes an emerging security specification, from the IETF, called HTTP Strict Transport Security (STS). Essentially, it’s a policy mechanism that Web … Related articles Is It Ethical For Mozilla To Refuse To Block Firesheep Add-in? (lockergnome.com) How To Protect Against Firesheep Attacks (yro.slashdot.org) Firesheep, a day later (codebutler.com) Liar, Liar, Sheep on Fire (boingboing.net) Managing HSTS Data (sidstamm.com) Unencrypted Wireless: In Like a Lion, Out Like a Lamb (eset.com) Firesheep Exposes the Soft Underbelly of Website Security (tjantunen.com) Related posts: (ISC)2 SecureRome Conference 2013 Introduction To Network Security – Part 1 I’m 48…So…

End of life for CSA? That’s okay!

This is an intersting aticle from network world! http://www.networkworld.com/community/node/62568 End of life for CSA? That’s okay! New Cisco endpoint security strategy is a better fit for the cloud and the company By joltsik on Wed, 06/16/10 – 1:20pm.   Earlier this week, Cisco announced its intentions to end-of-life the Cisco Security Agent (CSA) at the…

End of life for CSA? That’s okay! was originally published on The Puchi Herald Magazine

Politicando… politica ed informazione

Stavo parlando, qualche giorno fa, con un amico e si commentava come le fonti ufficiali di informazione (giornali e telegiornali in primis) hanno presentato la diatriba tra Fini e Berlusconi. Effettivamente abbiamo entrambi osservato come si sia presentata una questione squisitamente politica in termini di mera gestione del potere. Nulla si è detto sul valore politico delle posizioni di Fini che rappresentano una legittima espressione di una visione di stato e intervento sulla cosa pubblica (mi si conceda, nel senso più alto di fare politica) che può essere condivisibile o meno, ma sicuramente rispettabile. Si è invece presentata la questione…

Security for Dummies 002: l’ecosistema criminale

Se nel precedente post abbiamo descritto come sia cambiato il mondo delle reti informatiche negli ultimi anni, qui vedremo come sia cambiato di conseguenza l’ecosistema criminale, introducendo, di qua e di la, alcuni concetti cari alla security di oggi. Perché lo fai Innanzitutto capiamoci: il motivo per cui un criminale compie le sue azioni è per ottenere denaro. le azioni che il criminale compie sono orientate a: consentirgli il reperimento diretto del denaro consentirgli di creare l’ambiente adatto che poi gli permetterà di agire come al punto 2.1 per ottenere denaro i veicoli disponibili sono fondamentalmente: truffa, o assimilabile, con…

An Amazing New World Wide Green Awareness Campaign

The Puchi Herald and The World Wide Wasting Time Foundation proudly present a new worldwide campaign to leverage a green environmental awareness to all internet users. After the Well known campaign “Think before you Print” we realized that the main reason people print emails is just that emails are written. No matter how you tell people to not print, there will always be the moron that needs to print everything just because…. So here the idea: how we save the environment and time? Most of the emails you send around are useless, dangerous, or, even worse, boring. “Think before you…

Security in a Virtual World

Virtualization of the data center is provoking fundamental questions about the proper place for network security services. Will they simply disappear into the One True Cloud, dutifully following applications as they vMotion about the computing ether? Will they remain as a set of modular appliances physically separate from the server computing blob? Should everything be virtualized because it can be? By Throop Wilder Thu, June 04, 2009 — Network World — Virtualization of the data center is provoking fundamental questions about the proper place for network security services. Will they simply disappear into the One True Cloud, dutifully following applications…

Posts navigation