[ad] Flint examines firewalls, quickly computes the effect of all the configuration rules, and then spots problems so you can: CLEAN UP RUSTY CONFIGURATIONS that are crudded up with rules that can’t match traffic. ERADICATE LATENT SECURITY PROBLEMS lurking in overly-permissive rules SANITY CHECK CHANGES to see if new rules create problems. Flint is absolutely […]
Archives for 2010
Website Auto-complete Leaks Data Even Over Encrypted Link
I’m always fascinated by side-channel attacks where the attack is focused on the underlying architecture of the cryptosystem and the data echos it creates rather than the algorithm or implementation itself. Similar somewhat to the recent breaking of OpenSSL using power fluctuations. This time some researcher type fellas focused on the digital noise autocomplete webforms […]
skipfish – Automated Web Application Security Reconnaissance Tool
[ad] The safety of the Internet is of paramount importance to Google, and helping web developers build secure, reliable web applications is an important part of the equation. To advance this goal, Google has released projects such as ratproxy, a passive security assessment tool. The latest is they have announced a new tool called skipfish […]
Vodafone Spain Distributing Mariposa Malware
[ad] Just a week after supplying an infected Android phone to a worker at Panda Security, Vodafone Spain has once again managed to pass out a malware infected HTC Magic phone to a researcher at S21Sec. The write-up on the Panda Research Blog, including technical analysis of the infector can be found here: Vodafone distributes […]
OWASP CodeCrawler – Static Code Review Tool
[ad] CodeCrawler is a tool aimed at assisting code review practitioners. It is a static code review tool which searches for key topics within .NET and J2EE/JAVA code. It’s a Microsoft .NET 3.5 Windows Form application which supports the OWASP Code Review Project. It provides automatic STRIDE classification a very simple DREAD calculator and few […]