There are currently, 82 guest(s) and 1 member(s) that are online.
You are Anonymous user. You can register for free by clicking here
OWASP Long Island Chapter
Posted by boss on Saturday, 14 January 2012 @ 10:43:00 CET (2958 reads)
cdupuis writes "
The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. Our mission is to make application security visible, so that people and organizations can make informed decisions about true application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.
All Long Island chapter meetings are free. Please water our calendar for up coming events.
For more info contact: Helen Gao (firstname.lastname@example.org)
St. Cloud State University wins OWASP AppSec USA 2011 University Challenge
Posted by boss on Wednesday, 19 October 2011 @ 08:20:17 CEST (2164 reads)
cdupuis writes "
Students win prestigious challenge
Monday, October 17, 2011
Seven St. Cloud State students won the Open Web Application Security Project AppSec USA 2011 University Challenge held at the Minneapolis Convention Center Sep. 21-22. The winners are majoring in Network Information Security at the Computer Networking and Applications (IT) program.
"This is another great achievement by students in the CNA (IT) program after winning the Minnesota Cyber Defense competition in March," said Tirthankar Ghosh, associate professor at the Department of Computer Science and Information Technology. "This is a moment of pride for all of us, a moment of pride for SCSU."
The St. Cloud State team not only won the overall competition but also scored the highest on the "attack portion" of this application security university challenge. The competition was divided into two challenges – security penetration and security defense. In the first challenge, the students had to break into a number of websites provided to them, identify their security vulnerabilities and suggest solutions to fix them. In the second challenge, the teams had to set up a virtual store, identify any weaknesses in the code and resolve them by providing new programming changes to the code.
"These challenges gave us a well-rounded experience of a security professional, both with being able to attack as well as to defend web applications," said junior Joshua Platz, St. Cloud.
The other members of the winning team were senior Jake Soenneker, Clear Lake, senior Derek Winter, Champlin, senior Eric Kluthe, Apple Valley, junior Ryan McDougall, Monticello, junior Matthew Sitko, Mahtomedi and junior George Massawe, Mason City, Iowa
DataLossDB Weekly Summary -- Another busy week
Posted by boss on Tuesday, 02 November 2010 @ 07:52:52 CET (1250 reads)
cdupuis writes "
NOTE FROM CLEMENT:
Another busy week for DataLossDB, see below mistakes done by companies that lead them to be facing negative publicity, huge losses, and other colateral damage. It seems the list is not getting any smaller. The threat is real and you must address issues such as internal employees, human errors, and other soft issues that can make you loose a large amount of money. See the lates email sent by DataLossDB below:
Open Security Foundation - DataLossDB Weekly Summary
Week of Sunday, October 24, 2010
10 Incidents Added.
DataLossDB is a research project aimed at documenting known and reported data loss incidents world-wide. The Open Security Foundation asks for contributions of new incidents and new data for existing incidents. For any questions about the project or the data contained within this email or the website (http://www.datalossdb.org), please contact us at"
Reported Date: 2010-10-29
Summary: Students names, grades and Social Security numbers of 40,101 left exposed on a server for nearly a year
Organizations: University of Hawaii
Reported Date: 2010-10-27
Summary: Student list containing names and Social Security numbers posted on the internet
Organizations: University of Connecticut
Reported Date: 2010-10-27
Summary: Telstra sends misaddressed letters to over 200,000 customers
Reported Date: 2010-10-18
Summary: Boxes of employee's personal info including W-2, drivers licenses, Social Security numbers, and tax information found by dumpster
Organizations: Jackson Hewitt
Reported Date: 2010-10-16
Summary: Patient information stolen from a courier service, exposing patient insurance information and partial/full SSN
Organizations: UC Davis Medical Center
Reported Date: 2010-10-14
Summary: A credit union employee stole customers names and credit card details
Organizations: Fairwinds Credit Union, RBC
Reported Date: 2010-10-12
Summary: Employee steals credit card numbers from bank customers, sentenced to pay $1,071,871.33 in restitution
Reported Date: 2010-10-01
Summary: Personal information including names, addresses and Social Security numbers left exposed on a desk by a federal investigator
Organizations: Federal Prison Industries Inc, Lexington Federal Medical Center
Reported Date: 2010-07-26
Summary: Equipment stolen from facility exposes current and former employees name, SSN and fingerprints
Organizations: Trade Center Management Association, LLC
Reported Date: 2008-05-05
Summary: Desktop computer containing 180 patient details including names, dates of birth and clinical information was stolen
Organizations: North West London Hospitals NHS Trust
Malware Contributed To Plane Crash
Posted by boss on Tuesday, 24 August 2010 @ 09:25:03 CEST (1813 reads)
cdupuis writes "
Investigation into Spanair flight 5022 finds that monitoring server had been disabled by Trojan application.
By Mathew J. Schwartz, InformationWeek
--> Aug. 23, 2010
Spanish authorities investigating the crash of Spanair flight 5022 in Madrid have found that malware may have contributed to the accident, which occurred two years ago, killing 154 people on board. Only 18 survived the crash and subsequent fire.
The Spanish agency charged with investigating the accident has listed the official cause as pilot error, because the pilots failed to extend the MD-80 airplane's takeoff flaps and slats, which would have helped the airplane to rise. Instead, the plane stalled just seconds after takeoff.
But the agency also found that a warning alarm meant to ensure that the pilots didn't leave the flaps and slats retracted failed to sound, and that the warning had failed to sound on two previous occasions.
According to Spanish daily El Pais, those failures, which were non-trivial, should each have been immediately logged in a maintenance system, which would have spotted the recurring fault and triggered an alarm at the airline's headquarters in Palma de Mallorca, keeping the plane grounded until the issue was fixed.
But authorities say that the maintenance system had been infected by a Trojan application, rendering the monitor useless. In addition, two engineers currently under investigation for manslaughter apparently failed to log the device faults, even though under company policies they were required to do so immediately. When they did attempt to enter the faults, the plane had already crashed, at which point they found that the monitoring system apparently wasn't working.
The judge, Juan David Perez, has demanded that the airline turn over copies of all entries in the maintenance system from the days before and after the crash.
"I am not a pilot, so I cannot speak with authority on how to fly a passenger airliner, but it seems clear to me that this accident was caused by the failure of a number of controls leading to a disastrous outcome," wrote Rick Wanner of the SANS Internet Storm Center, on his blog. "Clearly the SpanAir diagnostic system (a detective control) designed to detect anomalies in the airliners system failed, possibly due to a Trojan. Also it appears the pilots bypassed part of their pre-takeoff checklist, leaving the flaps and slats in a position not recommended for takeoff."
"This one all boils down to inadequate training and a lack of professional behavior," said a responder to Wanner's post, citing 25 years of jet avionics experience. "They had to have had ample indications that certain systems were not working, they didn't follow the checklists and they didn't abort when they failed to reach certain speeds at certain points during the takeoff roll.""
Fyodor Nmap Network Scanning Book Released!
Posted by boss on Tuesday, 09 December 2008 @ 08:24:46 CET (3317 reads)
NOTE FROM CLEMENT:
Nmap is really the mother of all port scanners. It can help you on the defensive side to identify ports that are currently open, new IP's that have just shown up in your production environment, ports that are either added, deleted, or modified on your hosts. Find what is happening to your servers as soon as changes manifest themselves. This is really a great tool for regular scanning and discovery of port and services that should or should not be on your servers. This book is written by Fyodor the author of Nmap, there is nobody else that knows Nmap better then Fyodor. I highly recommend it to all. See announcement below from Fyodor:
After promising you a book on Nmap for years, I'm delighted to finally announce the release of Nmap Network Scanning! It contains everything I've learned about network scanning from more than a decade of Nmap development, plus some bad jokes and (over Time Warner's written objections) pictures of Trinity hacking the Matrix :) . Here is the abstract:
Nmap Network Scanning is the official guide to the Nmap Security Scanner, a free and open source utility used by millions of people for network discovery, administration, and security auditing. From explaining port scanning basics for novices to detailing low-level packet crafting methods used by advanced hackers, this book by Nmap's original author suits all levels of security and networking professionals. The reference guide documents every Nmap feature and option, while the remainder demonstrates how to apply them to quickly solve real-world tasks. Examples and diagrams show actual communication on the wire. Topics include subverting firewalls and intrusion detection systems, optimizing Nmap performance, and automating common networking tasks with the Nmap Scripting Engine.
The planned release date was January 1, but Amazon beat the deadline and is now shipping in time for Christmas! Imagine your loved one's surprise when she (or he) finds nearly 500 pages of port scanning
bliss in her stocking!
You can find reviews, sample chapters, and a detailed summary at:
Or you can pick the book up at Amazon for $33.71:
Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning
It is available on the International Amazon sites too, as well as other online retailers. Your local book store probably doesn't have it yet, but can likely order it for you.
About half of the content is available free online at http://nmap.org/book/toc.html . Chapters exclusive to the print edition include "Detecting and Subverting Firewalls and Intrusion Detection Systems", "Optimizing Nmap Performance", "Port Scanning Techniques and Algorithms", "Host Discovery (Ping Scanning)", and more.
If you enjoy the book, please help spread the word! While my previous books were published by Addison-Wesley and Syngress, this one was self-published. While that allowed me to post half the book online before it was even released, it also means I lose the marketing budget and clout of a major publisher. So if you like the book, please post a review to your blog/site/Amazon or tell your friends about it!
Apparently there was some pent-up demand for the book, as it is currently the 11th best-selling computer book on Amazon. Maybe it will be even higher by the time you read this:
I'd like to thank the many people who helped make this book possible by reviewing drafts, contributing stories, brainstorming ideas, etc. In particular, I'd like to thank David Fifield, Raven Alder, Matt Baxter, Saurabh Bhasin, Mark Brewis, Ellen Colombo, Patrick Donnelly, Brandon Enright, Brian Hatch, Loren Heal, Lee "MadHat" Heath, Dan Henage, Tor Houghton, Doug Hoyte, Marius Huse Jacobsen, Kris
Katterjohn, Eric Krosnes, Vlad Alexa Mancini, Michael Naef, Bill Pollock, David Pybus, Tyler Reguly, Chuck Sterling, Anders Thulin, Bennett Todd, Diman Todorov, and Catherine Tornabene!
And most importantly, I want to wish you all happy holidays!
Get your copy now:
Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning
Used device bought on Ebay allowed full remote VPN access
Posted by boss on Monday, 29 September 2008 @ 20:01:59 CEST (2470 reads)
NOTE FROM CLEMENT:
We do get trained on remnants left of storage devices and how to sanitize them before reusing them for other purposes, however it seems the training should include sanitizing devices as well. See a great story below from the UK below, I am sure we could do just as well in the states:
A security expert discovered a VPN device bought on Ebay automatically connected to a local council's confidential servers.
Andrew Mason bought the Cisco VPN 3002 Concentrator - a device on which he has written a tutorial book - on Ebay for only 99 pence, with the intention of using it at work.
However, when he plugged it in it automatically connected him directly to Kirklees Council's central servers, circumventing security with the login details which had been carelessly left on the device.
"It instantly connected me, and I had full network access," explains Mason. "I understand the law extremely well and at that point disconnected," adds the intrusion-detection professional.
Despite contacting the council about the matter, no action was taken. "They ignored me at first," says Mason, before explaining that following coverage on the BBC website, access from the device has been shut off.
He admits that there could well be more devices out there, from which access is still possible, and exceedingly simple. "The whole selling point of the device was that it was extremely easy to configure. It's pretty horrific really," says Mason.
The council says it is "deeply concerned" by the news, but is confident that "multiple layers of security have prevented access to systems and data."
"In the meantime the disposal process has been suspended until an investigation can be carried out and appropriate action taken," says a council spokesman.
National Vulnerabilties Database and Hardening Checklists
Posted by boss on Saturday, 19 January 2008 @ 13:36:09 CET (2962 reads)
cdupuis writes "
The National Checklist Repository (NCP) now contains the SCAP checklists previously listed at http://nvd.nist.gov/scapchecklists.cfm. The SCAP checklists are grouped by product category; Each product category has checklist bundles associated with it. Each bundle contains multiple checklists, with each checklist representing different SCAP content (e.g. Configuration Content, Oval Patches, Prose Guide).
- The NCP SCAP Checklist page is located at http://nvd.nist.gov/ncp.cfm?scap.
- The NCP FDCC Checklist page is located at: http://nvd.nist.gov/ncp.cfm?fdcc_chklst.
The legacy page (http://nvd.nist.gov/scapchecklists.cfm ) is still available, however future updates to SCAP content will be made to the NCP pages.
BELOW YOU WILL FIND MORE INFORMATION AND LINKS FROM THE WEBSITE:
National Vulnerability Database Version 2.0 NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. NVD includes databases of security checklists, security related software flaws, misconfigurations, product names, and impact metrics. NVD supports the Information Security Automation Program (ISAP).
Federal Desktop Core Configuration settings (FDCC)
NVD contains content (and pointers to tools) for performing configuration checking of systems implementing the FDCC using the Security Content Automation Protocol (SCAP).
FDCC Checklists are available here (to be used with SCAP FDCC capable tools).
SCAP FDCC Capable Tools are available here.
NVD Primary Resources
Do you backup ALL of you data? It could cost you Billions if you don't
Posted by boss on Thursday, 29 March 2007 @ 11:41:41 CEST (2481 reads)
cdupuis writes "Alaskan orphaned server responsible for $38B data loss
March 28, 2007 (Computerworld) Anyone remotely associated with IT has by now read at least one account of the data loss suffered by the state of Alaska relating to their Permanent Fund Dividend. As more details emerge (see "Oil revenue gets baked in Alaska "), I am beginning to feel a bit like Bill Murray in "Ground Hog Day". Or, to quote this Red Sox fan's favorite Yankee, Yogi Berra, "it's déjà vu all over again."
This story, or a similar variant, has been repeated numerous times in organizations of all shapes and sizes, albeit usually without the number $38 billion linked to it. I just feel sorry for the poor guys involved - most of the time this type of screw-up isn't covered by Fox News, CNN, and the Associated Press. Giga-dollars aside, identical exposures exist today within many data centers.
One particular facet of the story caught my eye. Initial reports suggested that after the primary and secondary disk information was lost, attempts to recover from tape were unsuccessful because the "backup tapes were unreadable." Here we go again - blame tape! If only they had backed up to disk. Wrong. It turns out that the backup tapes were NOT unreadable because there were NO backup tapes. It seems that due to a process glitch, this particular data set was not being backed up.
With today's backup reporting tools, there is no excuse for repeated failed backups being undetected. However, there still remains a major gap in many data protection strategies: unknown or orphan systems. For a backup to "fail," it has to at least have been scheduled to run. If a system is brought online and never entered into the backup pool, or additional volumes are allocated to a system, but never added to the backup "include" list, there is technically no failure from the backup application's perspective. As appears to have been the case here, and we have seen elsewhere, this omission went undetected until it was too late.
Accounting for orphan systems is an arduous task. Some reporting applications attempt to provide information through activities such as network probing (often to the chagrin of the network security folks as this looks like an intrusion), but even this requires significant effort to filter out "noise" (i.e. printers and other non-server devices, multiple NIC cards in a given device) and then to manually reconcile what is and isn't being backed up and why. Finding orphan volumes is even harder, which is why, at a minimum, we typically recommend configuring backup applications to include all local volumes.
A colleague of mine likes to talk of strategic use of policy and tactical use of technology. All too often organizations, try to make the strategy about the technology. Once again, we see that it is no substitute for well thought out policy and process. Jim Damoulakis is chief technology officer of GlassHouse Technologies Inc., a leading provider of independent storage services. He can be reached at email@example.com
Original article at:
DOD bars use of HTML e-mail, Outlook Web Access
Posted by boss on Wednesday, 27 December 2006 @ 11:03:42 CET (3222 reads)
Anonymous writes "Original Article at: http://www.fcw.com/article97178-12-22-06-Web
Due to an increased network threat condition, the Defense Department is blocking all HTML-based e-mail messages and has banned the use of Outlook Web Access e-mail applications, according to a spokesman for the Joint Task Force for Global Network Operations.
An internal message available on the Internet from the Defense Security Service (DSS) states that JTF-GNO raised the network threat condition from Information Condition 5, which indicates normal operating conditions, to Infocon 4 “in the face of continuing and sophisticated threats” against Defense Department networks.
Infocon 4 usually indicates heightened vigilance in preparation for operations or exercises or increased monitoring of networks due to increased risk of attack.
The JTF-GNO mandated use of plain text e-mail because HTML messages pose a threat to DOD because HTML text can be infected with spyware and, in some
cases, executable code that could enable intruders to gain access to DOD networks, the JTF-GNO spokesman said.
In an e-mail to Federal Computer Week, a Navy user said that any HTML messages sent to his account are automatically converted to plain text.
The JTF-GNO spokesman declined to say why the command raised the threat level except to say that Infocon levels are adjusted to reflect worldwide social and political events and activities. He said the current threat level does not bar the use of attachments, including Power Point slides used for briefings.
He also declined to tell FCW what other restrictions on e-mail that JTF-GNO has imposed. But a December 2006 newsletter of the Colorado National Guard said that under Infocon 4, Guard members receiving e-mails from any unknown source, including “mail received from unrecognized Department of Defense accounts,” should be viewed as potentially harmful.
The Colorado Guard newsletter also alerted personnel to be vigilant against e-mail “phishing” attempts to gain personal information.
The ban on use of Outlook Web mail will hit thousands of users at Robins Air Force Base, Ga., according to an internal message available on the Internet. The ban on the use of Outlook Web Access “will significantly impact the way we presently conduct business,” due to the fact that that Web mail is the primary means of e-mail access for 4,500 employees at the base, according to the message.
Robins has developed a work-around for these users to access Outlook directly by logging on to government computers with their common access cards, the internal message said.
JTF-GNO raised the DOD network threat level to Infocon 4 in mid-November after an attack on the networks at the Naval War College (NWC) required NWC to take its systems offline. The JTF-GNO spokesman said at the time that the increase in threat conditions had no relation to the attack against NWC"
Interesting tool to fight bugs such as the WMF bug
Posted by boss on Wednesday, 04 January 2006 @ 12:02:24 CET (2401 reads)
Anonymous writes "For those interested, Core FORCE its a free endpoint security software currently in Beta stage. With it users can configure access control permissions to file system objects independently of the operating System's ACLs and security policy enforcement mechanisms.
The default security profiles of IE and FireFox included the package distribution prevented exploitation of the WMF bug through those vectors. Simply because they denied execution of rundll32.exe from within IE or Firefox. The same applies to the MSN Messenger profile submitted to the profiles repository site.
Furthermore you can explicitly configure permissions to deny & log read/exec access to shimgvw.dll system wide or on per application basis.
This is functionally equivalent to Microsoft's suggested workaround of unregistering the DLL but the advantage is that it does not matter if some program registers it back or if somehow a program tries to load and execute the DLL in anyway.
Core Force is available at http://force.coresecurity.com
As I said, it is still beta make sure you read the software compatibility and known issues list and the docs.
NIST SP 800-68 Guidance for Securing Microsoft Windows XP Systems
Posted by boss on Monday, 07 November 2005 @ 13:08:54 CET (3502 reads)
Anonymous writes "
A NIST Security Configuration Checklist has just been released.
NIST is pleased to announce the release of Special Publication 800-68, Guidance for Securing Microsoft Windows XP Systems for IT Professionals: A NIST Security Configuration Checklist. The guide has been created to assist IT professionals, in particular Windows XP system administrators and information security personnel, in effectively securing Windows XP Professional SP2 systems.
For a description see: http://csrc.nist.gov/itsec/guidance_WinXP.html
IDC paper on Penetration Testing
Posted by cdupuis on Friday, 15 July 2005 @ 08:59:40 CEST (3269 reads)
Learn the five worst security practices in organizations
Posted by cdupuis on Tuesday, 05 April 2005 @ 08:04:53 CEST (2289 reads)
A great article was published at TechRepublic (http://techrepublic.com.com/5100-10595-5649211.html?tag=nl.e119).? See a synopsys below:
Regardless of an organization's size, they all face the same security?challenges?keeping intruders away from their private information. However, most companies have a tendency to make the same mistakes. John McCormick details the five worst security practices found in businesses both large and small.
An individual using a single workstation, a small business with two or three PCs connected to the Net through a high-speed cable modem, the team responsible for the security of an enterprise network: Regardless of an organization's size, they all face the same security challenges?keeping intruders away from their private information.
Unfortunately, people tasked with security keep making the same basic mistakes. Since it's once again been a relatively quiet week in the security world, I'm taking this opportunity to list the five worst security practices found in businesses both large and small.
1. Failing to enforce policies
2. Ignoring new vulnerabilities
3. Relying too much on technology
4. Failing to thoroughly investigate job candidates
Click on Read More... below to get the full article
Common Vulnerabilities an Exposure White Paper
Posted by cdupuis on Wednesday, 02 February 2005 @ 21:00:32 CET (2114 reads)
NOTE FROM CLEMENT:
Once in a while I come across a product that really get me going and gets me excited again about security.? Lately I ran into such a profuct called PredatorWatch,? it is a great tool to validate your compliance, monitor activities, and become compliant with the CVE.? What is even more interesting is the fact that the CEO is one of the students that I had on one of my CISSP class.? Here is some neat white paper that Gary from PredatorWatch has shared with cccure.org:
A. Proactive Network Security # Do you speak CVE
A nice presentation discussing? what CVE's are all about.??
The most important information security question you need to answer is ?Do You Speak CVE?? If you do not, then no matter how much you spend on INFOSEC countermeasures, you?ll never fully understand why you are experiencing downtime and successful hacker attacks. Not to mention the regulatory compliance risk you face.
The Common Vulnerabilities and Exposures (CVE) is a list or dictionary that provides common names for publicly known information security vulnerabilities and exposures. Using a common name makes it easier to share data across separate databases and tools that until now were not easily integrated. This makes CVE the key to information sharing. If a report from one of your security tools incorporates CVE names, you may then quickly and accurately access fix information in one or more separate CVE-compatible databases to remediate the problem.? The CVE is an industry standard funded by the department of Homeland Security and operated by MITRE.
Read it at:http://www.cccure.org/Documents/predatorwatch/Do-You-Speak-CVE-WhitePaper.pdf
also look at:http://www.cccure.org/Documents/predatorwatch/Proactive-Network-Security-Do-You-Speak-CVE.pptB. How to achieve true proactive network security
This paper present a view of todays security complexity and where the real threats are.?? A nice overview.
Read it at: http://www.cccure.org/Documents/predatorwatch/HowToAchieveTrueProactiveNetSecurity.pdf
You can visit the?PredatorWatch web site at:? ?http://www.predatorwatch.com/
? Do take a look at their appliance, they are really amazing and also offered at a price that is affordable for all.??
If you have questions, contact?Gary (firstname.lastname@example.org
)?and he will be very happy to get you the information that you need.
Computer Misuse # Threats and Countermeasures
Posted by cdupuis on Wednesday, 07 July 2004 @ 10:48:04 CEST (2114 reads)
In today?s world, use of information systems has become mandatory for businesses to perform the day to day functions efficiently. Use of Desktop PC?s, Laptops, network connectivity including Internet, email is as essential as telephone at workplace. The employees and networked information systems are most valuable assets for any organization.
The misuse of Information Systems by employees however poses serious challenges to?organizations including loss of productivity, loss of revenue, legal liabilities and other workplace issues. Organizations need effective countermeasures to enforce its appropriate usage policies and minimize its losses & increase productivity. This paper discusses some of the issues related to Information System misuse, resulting threats and countermeasures.? Click on the link below to read this great document.
Don't have an account yet? You can create one. As a registered user you have some advantages like theme manager, comments configuration and post comments with your name.
Today's Big Story
There isn't a Biggest Story for Today, yet.
|Friday, June 25|
|·|| Another IIS zero day vulnerability |
|Monday, October 21|
|·|| The biggest threat |
|Sunday, September 22|
|·|| The ICAT Vulnerability database from NIST |
|Wednesday, August 28|
|·|| P2P Security |
|Monday, March 11|
|·|| Distributed Reflection Denial of Service (DRDoS) |
|Thursday, February 07|
|·|| Standards for Penetration Testing |
|Wednesday, October 24|
|·|| Very sad day for the **FREE** security web site. |
|Wednesday, October 03|
|·|| Top 20 vulnerabilities document |
|Thursday, August 23|
|·|| The Center for IT Security |
|Wednesday, May 30|
|·|| CERT Hacking Information |
|Thursday, May 10|
|·|| Kerberos Denial of service |
|Friday, April 27|
|·|| Firethru - A tool to bypass your security |
|Tuesday, April 10|
|·|| Globbing Vulnerabilitites in multiple FTP Deamons |
|Monday, February 26|
|·|| Outlook VCARD vulnerability |