Welcome to TechNet Blogs Sign in | Join | Help

November 2004 - Posts

How to get around CISCO's Security Agent!

Steve Riley's Blog includes the following post which just shows that even brand new security software can be circumvented. "A vulnerability exists in which a properly timed buffer overflow attack may evade the protections offered by CSA . The system under Read More...
Posted Wednesday, November 24, 2004 7:50 PM by Steve Lamb | (Comments Off)

Securing Wireless LANs with PEAP and Passwords

There's a wealth of excellent prescriptive Guidance from Microsoft Consultants which is available for free download at http://www.microsoft.com/technet/security/guidance The wireless guide explains how to secure both large scale Enterprise networks and Read More...
Posted Tuesday, November 23, 2004 1:23 PM by Steve Lamb | 3 Comments

Apparently Keystroke Logging Isn't Wiretapping

Another interesting article on Slashdot. http://slashdot.org/article.pl?sid=04/11/23/0311227&from=rss Read More...
Posted Tuesday, November 23, 2004 11:32 AM by Steve Lamb | (Comments Off)

Protecting Your Windows Network - paths hackers can use to infiltrate networks

Steve Riley @ Jesper Johansson are writing a book titled "Proecting Your Windows Network" - an interesting except can be found I found here Read More...
Posted Monday, November 22, 2004 3:59 PM by Steve Lamb | 3 Comments

Why isn't the Firefox code signed?

I'm having a look @ Firefox and have noticed that the code is not signed and therefore it's theoretically possible for a trojan to have been inserted in it. Read More...
Posted Monday, November 22, 2004 3:33 PM by Steve Lamb | 11 Comments

Poetic Justic - the Register advocates XP SP2

http://www.theregister.co.uk/2004/11/21/register_adserver_attack/ I'm not saying that it's good that anyone's been hacked, simply that publicity to get people to install XP SP2 is a good thing. Read More...
Posted Monday, November 22, 2004 2:31 PM by Steve Lamb | 6 Comments

Blog SPAM

William Luu's feedback to my last post makes a great deal of sense - "They're just trying to boost their websites' Google Rank. It could very well be one of those bots/scripts doing the rounds" I've looked more closely at the site and can confirm that Read More...
Posted Monday, November 22, 2004 8:05 AM by Steve Lamb | 2 Comments

Blog Spam / Phishing / Harvesting

Many Blogs are receiving feedback with links to the following URL - DO NOT FOLLOW THIS LINK(that's why I've left off the http:// prefix) "cool12xp.s20.xrea.com". Typical entries have the title of "Great article" with text along the following lines: "Great Read More...
Posted Saturday, November 20, 2004 10:37 AM by Steve Lamb | 5 Comments

Hacking Vodka!

I came across the following post on slashdot Hacking Vodka Posted by michael on Saturday November 20, @12:06AM from the everclear dept. enrico_suave writes "A group of geeks aimed to find out whether running cheap vodka through a brita water filter would Read More...
Posted Saturday, November 20, 2004 9:46 AM by Steve Lamb | (Comments Off)

Don't rely upon 802.1X to secure your wired networks!

Steve Riley gave a fasinating session @ IT Forum where he commented that 802.1X for wired networks would not solve as many security problems as people perceive. 802.1X does NOT authenticate each packet (unlike IPSEC ESP-null) and hence WITH PHYSICAL ACCESS Read More...
Posted Saturday, November 20, 2004 12:16 AM by Steve Lamb | 4 Comments

What are the privacy implications of Moblogs?

It's only a matter of time before Moblogs hit the mainstream. Clearly this is something the mobile operators will encourage and so many people have camera phones & love sharing pictures. Moblogs are likely to be seen as requiring less effort than Read More...
Posted Saturday, November 20, 2004 12:05 AM by Steve Lamb | (Comments Off)

How to contain hackers and stop worms viruses and spam

It's great to be back in Copenhagen for ITForum 2004. I'm really looking forward to Steve Riley and Jesper Johansson's pre-conference session tommorrow covering how to deal with the practical challenges of stopping malicious users from stealing your corporate Read More...
Posted Sunday, November 14, 2004 10:56 PM by Steve Lamb | 1 Comments
Filed under: ,

Disclaimer

The information in this weblog is provided "AS IS" with no warranties, and confers no rights. This weblog does not represent the thoughts, intentions, plans or strategies of my employer. It is solely my opinion. Inappropriate comments will be deleted Read More...
Posted Thursday, November 11, 2004 2:59 PM by Steve Lamb | 1 Comments

How to encourage users to take security seriously

Such a huge topic. In my experience getting users to buy into their role in security is imperitive and it's also pretty difficult. We've all seen examples of machines that are left unlocked in open offices. We've seen corporate IT departments that have Read More...
Posted Wednesday, November 10, 2004 1:56 PM by Steve Lamb | 6 Comments

I thoroughly enjoyed debating whether privacy's dead at the IEE Law and Security event

Details of the event can be found here . The panel session debated whether privacy's dead given the ever greater power afforded to government and law enforcement to inspect electronic communications. Clearly this is a contentious topic and there is a Read More...
Posted Tuesday, November 09, 2004 5:28 PM by Steve Lamb | (Comments Off)