Search:

I'm speaking at SecTor (www.sector.ca) in Toronto next week and I'm trying to collect some data on perceptions of SSL from various target groups.

I figured I'd post an additional survey here --...

UDP is a different sort of beast because it is Connectionless. You don't have the S, SA, A of TCP to confirm if a port is open, instead you have to rely on ICMP error messages, which are often...

Awwww, you mentioned my name :) Although I like it better when they mention my last name as well.

Windows 7 RTM isn't actually affected, only Windows 7 RC is affected.

Also it looks like it's...

The number of "in production" W2K servers would probably astound most people. I actually think this is a big issue and one that I find slightly concerning. As for blocking 139/445, since this is in...

That second post was definitely unnecessarily snappy.

There are problems with your code, but they could also be problems on the use side

Issues:

1) No ':' at the end of your if statement...

There's been page-long articles on my concerns over client-side DoS and DoS in general? Damn... where, all I've seen are my blog posts.

Whether or not the issue is widespread is not the case......

The problem is they don't close the door in this case if the horse has bolted... they only close the door if the horse is already there... Meaning the other horse could bolt as well (to beat an...

Hey All,

I heard back from MSFT and this was the intended functionality of the patch.



It sounds like functionality beat security here... and that sounds like an issue to me.

In my...

I'm glad you managed to track down the problem... if you have any problems going forward, please let me know.

Hey All,

Just wanted to share that the MS09-008 patch isn't as cut and dry as it seems. There's an issue where if someone has already exploited CVE-2009-0093, the issue will not be properly...

Have you contacted nCircle Technical Support? You can also email me ( tyler [at] ncircle [dot] com ) and I can make sure your issue gets to the right people.

Hey,

You simply need to craft your query properly.

1) Is the form method POST or GET? This will change how the query is crafted. Your example makes use of a GET (no body, simply URL...

Hey,

That's a fairly generic question... so here's a fairly generic answer :)

It is indeed possible to change the reported version for many of your services. This will confuse software that...

Hey All,

I'm gonna be at CanSecWest this year, so I figured I'd see who was going to be there to meet up for a beer. (http://cansecwest.com/)

Tyler.

Whether or not he can access his email externally in dependent on a number on things.

Let's start with, How does he access his email at work?

Is it in a client (Outlook, Thunderbird, Eudora)...

I'd recommend that you give Ubuntu Server a try... let it install and see where you end up


As for a GUI, you should definitely be able to get something up and running I used to run GUIs on my...

There are quite a few places you can look...

While this may not help with infecting your VM, there's some interesting stuff at the virus source code database (http://vscdb.totallygeek.com/).
...

Using metasploit is about 25 pages out of the overall total of the book, and it's not for everyone... or people that already know a thing or two but it's a great learning resource (one of the reasons...

Hey,

Most of the time, I find certs are useless... Sure as CSR mentioned, certs are useful when you don't have hands on experience... other than that the only time I'd advocate for them is if you...

Spec: I highly suggest you check out Gray Hat Hacking... it changed my opinion on books with the word Hacking in them :) it's got a decent group of authors. Chris Eagle (who released the IDA Pro book...

metguru has some good options... I have Reversing - The Secrets of Reverse Engineering sitting on my bookshelf. Hacking - The Art of Exploitation... I wouldn't pay for it... but I'd read it.

I'd...

Sites can definitely NOT "borrow" cookie information... that would be the opposite of all the security models that they attempt to put in place...

As Spec mentioned, generally those ads are based...

macnux: Do some reading on the Same Origin Policy (http://en.wikipedia.org/wiki/Same_origin_policy). Essentially a website would have to violate the Same Origin Policy in order to access your...

I don't know how you installed it.. but if you installed and configured everything yourself might I suggest walking away and finding an easier way?

I'm a huge fan of XAMPP -...

I think you're confusing a home network and a "real network"... I mean those devices aren't even really routers... They are poorly named NAT devices. If they were real routers you could layer them...