For some reason I think I often end up the middle on some of these vulnerability issues; trying to bring reasonable advice to both technical and less-technical users on hyped security issues.
There’s a new bug, which can reveal your password to any other page on the same domain. Even if you have a master password set, you should clear out all your Firefox stored passwords until this is fixed. There are a lot of ways to take advantage of this, especially on Web 2.14.168.42 sites.
Jim at DCS has this post on scanning SCADA networks.
Here’s the thing. If you’re so scared you’ll break your stuff by running a simple Nessus scan with safe settings, you have a serious problem. Just imagine how screwed you’ll be the first time an attacker decides to scan your systems for you.
Today is the last day some of you will be in front of your computers before the horror of Black Friday. Thus, we are reposting our safe holiday shopping advice.
I’m about to tread, yet again, on religious ground.
John Gruber, attacking an eWeek article, incited a response by Tom Ptacek over at Matasano. I suggest you read those articles, especially the Matasano response, because they highlight very clearly some of the technical differences between OS X and Windows Vista.
Author’s Note: This was originally posted last year, but nothing ever changes:
Backup
Backup
Backup
Did I say backup yet?
The Month of Kernel Bugs has released their latest vulnerability.
There’s also a Metasploit exploit module.
I’m not going to post every time one of these pops up, but hopefully this puts some of the wireless flaw debates to bed. *[Email:]: Email *[Twitter:]: Twitter *[Phone:]: Phone
To follow up on metrics, Amrit pointed out in the comments that we can’t use totally imaginary numbers.
There’s some myth out there that assumes risk models can track directly to ROI models. I’ll save the full rant for later, but here’s a little math.
My work day had a bit of an unplanned interruption today. I shut down my computer to head from the home office to a nice quiet coffee shop for a change of scenery and a little time off the Internet to get some research done.
Guidance Software sells one of the best computer forensics tools on the market. Their largest client base is law enforcement and other types who perform investigations.