The Network Security. Org

Today’s Washington Post carries my story about the the Russian Business Network, an entity based in St. Petersburg that provides Web hosting services that cater exclusively to cyber criminals. From the story: "The Russian Business Network sells Web site hosting to people engaged in criminal activity, the security experts say. Groups operating through the company’s [...]

Continue Reading Entry... »

ARP poisoning, SNMP snarfing, and "fuzzing" are common hacks perpetrated on Ethernet switch gear. Cisco networking expert Jimmy Ray Purser explains how to guard against these hacks.The only thing I enjoy more than seeing my mother-in-law head back to Ohio is hacking Ethernet switches. I do a presentation on hacking switch gear that seems to [...]

Continue Reading Entry... »

Everybody’s talking about the need to write more secure applications. But what if the bad guys sabotage the code during the development process? Researchers long have known about the potential for infection or a breach during the software-build process using open-source tools — there were cases in 2002 of hackers infecting OpenSSH, Sendmail, and IRC [...]

Continue Reading Entry... »

Oracle Corp. will release security updates for its products next week fixing 51 vulnerabilities in its products. Included in the Critical Patch Update, set to be released Tuesday, will be critical updates for the company’s flagship Oracle Database. Twenty-seven database bugs will be fixed, but five of the bugs can be "exploited over a network [...]

Continue Reading Entry... »

The flaw could allow an attacker user-level access to execute remote commands on Citrix servers. A security consultancy has identified a vulnerability that could allow an attacker to gain "user access level on integrated remote Citrix servers." GnuCitizen, which identifies itself as a "cutting-edge think tank" and a "creative hacker organization," has posted a warning [...]

Continue Reading Entry... »

The world of computer security can often be a strange and compelling one. Many outsiders, or those with little knowledge of computers, just don’t understand the whole uproar over various issues, such as whether Microsoft Vista is more secure then Linux or Mac. It’s all moot as far as the general population is concerned. But, [...]

Continue Reading Entry... »

In the industry we discuss at great length the legal risks and ethical responsibilities of the person disclosing an issue, but not enough about the same when it comes to the business itself. I’ve had a hard time getting authoritative answers to some seemingly simple questions, so I figured I’d give the blog a try. [...]

Continue Reading Entry... »

ARP Spoofing is a technique that every security consultant will scare their clients with as a means to prove the point that nothing within the network is safe from eavesdropping. So what is it? ARP spoofing, also known as ARP poisoning, is a technique used to attack an Ethernet network. It allows an attacker to [...]

Continue Reading Entry... »

Denial of service attacks come in two types: Denial of Service attacks (DoS) and Distributed Denial of Service attacks (DDoS). A DoS attack is ‘an attack in which a third party purposely floods a network or website with traffic in order to prevent legitimate access (“Denial of Service”, 2007)’. A DDoS ‘occurs when multiple [...]

Continue Reading Entry... »

Wireless networks are becoming increasingly common due to the ease and cost of deployment of the LAN using wireless technologies. Wireless networks provide different challenges than wired networks, especially in securing data in transit between the client and the wireless access point. The common wireless standards, provide mechanisms for securing wireless data, and despite the [...]

Continue Reading Entry... »