Archive | Countermeasures


12 March 2008 | 4,637 views

Cyber Storm II – US, UK & 3 Others Involved in Mock Cyberwar

This is pretty interesting – US, UK, Canada, Australia and New Zealand are taking part in a fictitious cyberwar as an exercise to prepare and plan for sustained cyber attacks including some of which have actually caused power outages. I personally think it’s a great idea, I must have missed Cyber Storm I as this […]

Continue Reading

29 February 2008 | 5,455 views

SCARE – Source Code Analysis Risk Evaluation Tool

The Source Code Analysis Risk Evaluation project is a study to create a security complexity metric that will analyze source code and provide a realistic and factual representation of the potential of that source code to create a problematic binary. This metric will not say that the binary will be exploited nor does it do […]

Continue Reading

22 February 2008 | 8,786 views

laptop and data theft protection

A UK firm Virtuity has created data protection software called BackStopp which comes with ’self-destruct’ technology based on Wi-Fi and RFID tags that starts to run as and when a laptop is moved from its designated space. So in layman’s terms, if the laptop is moved from its permitted zone (which is set by the […]

Continue Reading

15 February 2008 | 117,492 views

Password Hasher Firefox Extension

Well seen as though we were talking about breaking passwords, here’s a tool for Firefox to help you manage your more secure passwords. Better security without bursting your brain Password Hasher is a Firefox security extension for generating site-specific strong passwords from one (or a few) master key(s). What good security practice demands: Strong passwords […]

Continue Reading

12 February 2008 | 7,372 views

PHPIDS – Security Layer & Intrusion Detection for PHP Based Web Applications

Another protection for those building website and web applications, as it’s the the most common attack vector nowadays I think it’s important to be extra safe on this front. PHPIDS (PHP-Intrusion Detection System) is a simple to use, well structured, fast and state-of-the-art security layer for your PHP based web application. The IDS neither strips, […]

Continue Reading

25 January 2008 | 18,877 views

argus – Auditing Network Activity – Performance & Status Monitoring

Another tool for the security side, good for forensics, monitoring and auditing. Argus is a fixed-model Real Time Flow Monitor designed to track and report on the status and performance of all network transactions seen in a data network traffic stream. Argus provides a common data format for reporting flow metrics such as connectivity, capacity, […]

Continue Reading

23 January 2008 | 17,852 views

mod_anti_tamper – Anti Tamper Module for Apache 2.x

What Is Mod AntiTamper (AT) AntiTamper is an Apache 2.x module that could be used to prevent some sort of url and cookie tampering. Specifically, AT could stop a lot of those malicious bots that take advantage from search engines. Moreover, attack techniques like HTTP Response Splitting and session hijacking/fixation will be mitigated. Is important […]

Continue Reading

03 January 2008 | 6,905 views

gotroot modsecurity Rules for Apache – Anti-spam and Security

To follow on from Whitetrash which I posted about previously, here is another tool to secure your web site or web application. Essentially it’s a very comprehensive set of rules for mod_security. ModSecurity is an open source intrusion detection and prevention engine for web applications (or a web application firewall). Operating as an Apache Web […]

Continue Reading

27 December 2007 | 5,393 views

Whitetrash – Dynamic Web White-listing for Squid

This is a pretty neat tool for those using Squid Cache and looking for a pro-active tool for securing web acccess in their company (or house if you have a devious sibling). The goal of Whitetrash is to provide a user-friendly and sysadmin-friendly proxy that makes it significantly harder for malware to use HTTP and […]

Continue Reading

05 November 2007 | 3,377 views

GFI End of Year Offer – Up to 50% Off

Just a quick note as I know many of you guys are in corporate security positions and might be looking for some of the solutions GFI offers. They are having a Q4 promotion with up to 50% off on some of their products/services. GFI MailEssentials – 25% GFI MailEssentials & GFI MailSecurity Suite – 25% […]

Continue Reading