IPv6 is coming! IPv6 is coming!
OK, maybe not as fast as we once thought, but it is coming. IPv6 is the replacement for IPv4, which has been running out of address space for a while now, and which has a mess of secrurity flaws that are the main reasons for such vermin as spam and viruses. IPv6 may not get here before you die, but just in case it does, you're well advised to be up to speed on it. And a great way to get up to speed is this new O'Reilly tome by Niall Murphy and David Malone.... Read the rest of entry >>
Posted @ 03/31/2005 11:46 AM By Mel Beckman
• • •
Enterprise IT administrators have their hands full maintaining control of corporate wireless gear, which may go roaming where it shouldn't, exposing sensitive corporate data to prying WiFi sniffers. Even if you employ the gold standard of WiFi security -- a VPN connection back to the ranch -- it's difficult to prevent users from connecting a corporate laptop at the neighborhood Starbucks, resulting in a potentially disasterous security compromise.
Another bane of WiFi administrators is the... Read the rest of entry >>
Posted @ 03/31/2005 10:47 AM By Mel Beckman
• • •
A new worm is afoot, tentatively called the dust.page.us worm because it downloads and installs spyware on victim computers from the site of the same name. Blocking traffic to the dust.page.us site appears to stop the virus from successfully infecting new systems. The IP addresses associated with this name are subject to change, however, so some cleverness is required to block access to it.... Read the rest of entry >>
Posted @ 03/11/2005 11:06 AM By Mel Beckman
• • •
Many successful network penetrations use attacks against Web-based applications: SQL server injection, HTTP path evasion, embedded argument manipulation, and cross-site scripting - to name just a few. The problem is that ordinary network firewalls don't inspect application-layer data, and so can't protect against these attacks. ModSecurity is a nifty open-source application firewall that anyone can deploy at low cost to help protect Apache-based Web servers against common application... Read the rest of entry >>
Posted @ 03/11/2005 10:08 AM By Mel Beckman
• • •
According to a Denver Post story today, network security developer StillSecure recently conducted a "honeypot" test, in which it put out-of-the-box computers running Linux, Mac OS X, and Windows XP SP1 and SP2 on unprotected Internet connections to see if they could withstand attack. The short results: over the course of seven days, only Windows XP SP1 succumbed (and it fell in 18 minutes). But the excercise glosses over an important issue with Windows SP2.... Read the rest of entry >>
Posted @ 03/01/2005 10:17 AM By Mel Beckman
• • •