Diaries by Keyword: Ruby on Rails

DateAuthorTitle

RUBY ON RAILS

2013-06-27Tony CarothersRuby Update for SSL Vulnerability
2013-01-09Rob VandenBrinkSQL Injection Flaw in Ruby on Rails

RUBY

2013-06-27Tony CarothersRuby Update for SSL Vulnerability
2013-01-09Rob VandenBrinkSQL Injection Flaw in Ruby on Rails

ON

2014-04-14Kevin ShorttINFOCon Green: Heartbleed - on the mend
2014-04-11Guy BruneauHeartbleed Fix Available for Download for Cisco Products
2014-04-04Rob VandenBrinkDealing with Disaster - A Short Malware Incident Response
2014-03-25Johannes UllrichA few updates on "The Moon" worm
2014-03-13Daniel WesemannIdentification and authentication are hard ... finding out intention is even harder
2014-03-06Mark BaggettPort 5000 traffic and snort signature
2014-03-04Daniel WesemannTriple Handshake Cookie Cutter
2014-02-26Russ McReeOngoing NTP Amplification Attacks
2014-02-18Johannes UllrichMore Details About "TheMoon" Linksys Worm
2014-02-10Rob VandenBrinkA Tale of Two Admins (and no Change Control)
2014-02-09Basil Alawi S.TaherMandiant Highlighter 2
2014-01-23Chris MohanLearning from the breaches that happens to others Part 2
2014-01-22Chris MohanLearning from the breaches that happens to others
2014-01-17Russ McReeMassive RFI scans likely a free web app vuln scanner rather than bots
2014-01-11Guy Bruneautcpflow 1.4.4 and some of its most Interesting Features
2014-01-01Russ McReeHappy New Year from the Syrian Electronic Army - Skype’s Social Media Accounts Hacked
2013-12-29Russ McReeOpenSSL suffers apparent defacement
2013-12-20Daniel Wesemannauthorized key lime pie
2013-12-16Tom WebbThe case of Minerd
2013-12-01Richard PorterBPF, PCAP, Binary, hex, why they matter?
2013-11-22Rick WannerPort 0 DDOS
2013-11-10Rick WannerMicrosoft and Facebook announce bug bounty
2013-10-22Richard PorterGreenbone and OpenVAS Scanner
2013-10-21Johannes UllrichNew tricks that may bring DNS spoofing back or: "Why you should enable DNSSEC even if it is a pain to do"
2013-10-19Johannes UllrichYet Another WHMCS SQL Injection Exploit
2013-10-05Richard PorterAdobe Breach Notification, Notifications?
2013-10-04Johannes UllrichThe Adobe Breach FAQ
2013-10-01Adrien de BeaupreCSAM! Send us your logs!
2013-09-24Tom WebbIDS, NSM, and Log Management with Security Onion 12.04.3
2013-09-18Rob VandenBrinkCisco DCNM Update Released
2013-09-09Johannes UllrichSSL is broken. So what?
2013-09-02Guy BruneauMultiple Cisco Security Notice
2013-08-21Rob VandenBrinkFibre Channel Reconnaissance - Reloaded
2013-08-19Johannes UllrichRunning Snort on ESXi using the Distributed Switch
2013-08-14Johannes UllrichImaging LUKS Encrypted Drives
2013-07-27Scott FendleyDefending Against Web Server Denial of Service Attacks
2013-07-25Johannes UllrichA Couple of SSH Brute Force Compromises
2013-07-23Bojan ZdrnjaSessions with(out) cookies
2013-07-21Guy BruneauWhy use Regular Expressions?
2013-07-17Johannes UllrichNetwork Solutions Outage
2013-07-16Johannes UllrichWhy don't we see more examples of web app attacks via POST?
2013-07-13Lenny ZeltserDecoy Personas for Safeguarding Online Identity Using Deception
2013-07-06Guy BruneauIs Metadata the Magic in Modern Network Security?
2013-07-04Russ McReeCelebrating 4th of July With a Malware PCAP Visualization
2013-06-27Tony CarothersRuby Update for SSL Vulnerability
2013-06-18Russ McReeEMET 4.0 is now available for download
2013-05-22Adrien de BeauprePrivilege escalation, why should I care?
2013-05-09John BambenekAdobe Releases 0-day Security Advisory for Coldfusion, Exploit Code Available. Advisory here: http://www.adobe.com/support/security/advisories/apsa13-03.html
2013-05-01Daniel WesemannThe cost of cleaning up
2013-04-25Adam SwangerGuest Diary: Dylan Johnson - A week in the life of some Perimeter Firewalls
2013-04-17John BambenekUPDATEDx1: Boston-Related Malware Campaigns Have Begun - Now with Waco Plant Explosion Fun
2013-04-16John BambenekFake Boston Marathon Scams Update
2013-04-15John BambenekPlease send any spam (full headers), URLs or other suspicious content scamming off Boston Marathon explosions to handlers@sans.org
2013-04-04Johannes UllrichMicrosoft April Patch Tuesday Advance Notification
2013-03-29Chris MohanDoes your breach email notification look like a phish?
2013-03-27Adam SwangerIPv6 Focus Month: Guest Diary: Stephen Groat - IPv6 moving target defense
2013-03-25Johannes UllrichIPv6 Focus Month: IPv6 over IPv4 Preference
2013-03-23Guy BruneauApple ID Two-step Verification Now Available in some Countries
2013-03-19Johannes UllrichIPv6 Focus Month: The warm and fuzzy side of IPv6
2013-03-18Johannes UllrichIPv6 Focus Month: What is changing with DHCP
2013-03-18Kevin ShorttCisco IOS Type 4 Password Issue: http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20130318-type4
2013-03-13Mark BaggettWipe the drive! Stealthy Malware Persistence Mechanism - Part 1
2013-03-11Richard PorterIPv6 Focus Month: Traffic Testing, Firewalls, ACLs, pt 1
2013-03-09Guy BruneauIPv6 Focus Month: IPv6 Encapsulation - Protocol 41
2013-03-08Johannes UllrichIPv6 Focus Month: Filtering ICMPv6 at the Border
2013-03-06Adam SwangerIPv6 Focus Month: Guest Diary: Stephen Groat - Geolocation Using IPv6 Addresses
2013-03-05Mark HofmanIPv6 Focus Month: Device Defaults
2013-03-04Johannes UllrichIPv6 Focus Month: Addresses
2013-03-02Scott FendleyEvernote Security Issue
2013-02-25Johannes UllrichPunkspider enumerates web application vulnerabilities
2013-02-17Guy BruneauHP ArcSight Connector Appliance and Logger Vulnerabilities
2013-02-16Lorna HutchesonFedora RedHat Vulnerabilty Released
2013-02-14Adam SwangerISC Monthly Threat Update - February 2013 http://isc.sans.edu/podcastdetail.html?id=3121
2013-02-08Kevin ShorttIs it Spam or Is it Malware?
2013-02-04Adam SwangerSAN Securing The Human Monthly Awareness Video - Advanced Persistent Threat (APT) http://www.securingthehuman.org/resources/ncsam
2013-01-25Johannes UllrichVulnerability Scans via Search Engines (Request for Logs)
2013-01-10Rob VandenBrinkWhat Else runs Telnets? Or, Pentesters Love Video Conferencing Units Too!
2013-01-10Adam SwangerISC Monthly Threat Update New Format
2013-01-09Rob VandenBrinkSQL Injection Flaw in Ruby on Rails
2013-01-09Johannes UllrichNew Format for Monthly Threat Update
2013-01-09Rob VandenBrinkSecurity Update - Cisco 7900 Phones - cisco-sa-20130109-uipphone privilege escallation issue - advisory at: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130109-uipphone
2013-01-05Guy BruneauAdobe ColdFusion Security Advisory
2013-01-03Bojan ZdrnjaMemory acquisition traps
2012-12-31Manuel Humberto Santander PelaezHow to determine which NAC solutions fits best to your needs
2012-12-27John BambenekIt's 3pm 2 days after Christmas, do you know where your unmanaged SSH keys are?
2012-12-18Dan GoldbergMitigating the impact of organizational change: a risk assessment
2012-12-04Johannes UllrichWhere do your backup tapes go to die?
2012-12-03John BambenekJohn McAfee Exposes His Location in Photo About His Being on Run
2012-11-26John BambenekOnline Shopping for the Holidays? Tips, News and a Fair Warning
2012-11-23Rob VandenBrinkWhat's in Your Change Control Form?
2012-11-16Guy BruneauVMware security updates for vSphere API and ESX Service Console - http://www.vmware.com/security/advisories/VMSA-2012-0016.html
2012-11-16Manuel Humberto Santander PelaezInformation Security Incidents are now a concern for colombian government
2012-11-08Daniel WesemannGet a 40% discount on your hotel room!
2012-11-06Johannes UllrichWhat to watch out For on Election Day
2012-10-30Mark HofmanCyber Security Awareness Month - Day 30 - DSD 35 mitigating controls
2012-10-29Kevin ShorttCyber Security Awareness Month - Day 29 - Clear Desk: The Unacquainted Standard
2012-10-26Russ McReeCyber Security Awareness Month - Day 26 - Attackers use trusted domain to propagate Citadel Zeus variant
2012-10-25Richard PorterCyber Security Awareness Month - Day 25 - Pro Audio & Video Packets on the Wire
2012-10-24Russ McReeCyber Security Awareness Month - Day 24 - A Standard for Information Security Incident Management - ISO 27035
2012-10-23Rob VandenBrinkCyber Security Awareness Month - Day 23: Character Encoding Standards - ASCII and Successors
2012-10-21Johannes UllrichCyber Security Awareness Month - Day 22: Connectors
2012-10-19Johannes UllrichCyber Security Awareness Month - Day 19: Standard log formats and CEE.
2012-10-18Rob VandenBrinkCyber Security Awareness Month - Day 18 - Vendor Standards: The vSphere Hardening Guide
2012-10-17Rob VandenBrinkCyber Security Awareness Month - Day 17 - A Standard for Risk Management - ISO 27005
2012-10-16Richard PorterCyberAwareness Month - Day 15, Standards Body Soup (pt2), Same Soup Different Cook.
2012-10-16Johannes UllrichCyber Security Awareness Month - Day 16: W3C and HTML
2012-10-14Pedro BuenoCyber Security Awareness Month - Day 14 - Poor Man's File Analysis System - Part 1
2012-10-13Guy BruneauNew Poll - Cyber Security Awareness Month Activities 2012 - https://isc.sans.edu/poll.html
2012-10-12Mark HofmanCyber Security Awareness Month - Day 12 PCI DSS
2012-10-11Rob VandenBrinkCyber Security Awareness Month - Day 11 - Vendor Agnostic Standards (Center for Internet Security)
2012-10-10Kevin ShorttCyber Security Awareness Month - Day 10 - Standard Sudo - Part Two
2012-10-09Johannes UllrichCyber Security Awreness Month - Day 9 - Request for Comment (RFC)
2012-10-08Mark HofmanCyber Security Awareness Month - Day 8 ISO 27001
2012-10-07Tony CarothersCyber Security Awareness Month - Day 7 - Rollup Review of CSAM Week 1
2012-10-06Manuel Humberto Santander PelaezCyber Security Awareness Month - Day 6 - NERC: The standard that enforces security on power SCADA
2012-10-05Johannes UllrichCyber Security Awareness Month - Day 5: Standards Body Soup, So many Flavors in the bowl.
2012-10-05Richard PorterReports of a Distributed Injection Scan
2012-10-04Johannes UllrichCyber Security Awareness Month - Day 4: Crypto Standards
2012-10-03Kevin ShorttFake Support Calls Reported
2012-10-03Kevin ShorttCyber Security Awareness Month - Day 3 - Standard Sudo - Part One
2012-10-02Russ McReeCyber Security Awareness Month - Day 2 - PCI Security Standard: Mobile Payment Acceptance Security Guidelines
2012-10-01Johannes UllrichCyber Security Awareness Month
2012-09-08Guy BruneauWebmin Input Validation Vulnerabilities
2012-09-02Lorna HutchesonDemonstrating the value of your Intrusion Detection Program and Analysts
2012-08-30Bojan ZdrnjaAnalyzing outgoing network traffic (part 2)
2012-08-23Bojan ZdrnjaAnalyzing outgoing network traffic
2012-08-16Johannes UllrichA Poor Man's DNS Anomaly Detection Script
2012-07-31Daniel WesemannSQL injection, lilupophilupop-style
2012-07-25Johannes UllrichApple OS X 10.8 (Mountain Lion) released
2012-07-18Rob VandenBrinkVote NO to Weak Encryption!
2012-07-14Tony CarothersUser Awareness and Education
2012-07-05Adrien de BeaupreMicrosoft advanced notification for July 2012 patch Tuesday
2012-07-02Dan GoldbergStorms of June 29th 2012 in Mid Atlantic region of the USA
2012-06-25Rick WannerTargeted Malware for Industrial Espionage?
2012-06-20Raul SilesCVE-2012-0217 (from MS12-042) applies to other environments too
2012-06-14Johannes UllrichSpot the Phish: Verizon Wireless
2012-06-12Swa FrantzenAdobe June 2012 Black Tuesday patches
2012-05-22Johannes Ullrichnmap 6 released
2012-05-07Guy BruneauiOS 5.1.1 Software Update for iPod, iPhone, iPad
2012-04-26Richard PorterDefine Irony: A medical device with a Virus?
2012-04-23Russ McReeEmergency Operations Centers & Security Incident Management: A Correlation
2012-04-21Guy BruneauWordPress Release Security Update
2012-03-16Swa FrantzenINFOCON Yellow - Microsoft RDP - MS12-020
2012-03-16Russ McReeMS12-020 RDP vulnerabilities: Patch, Mitigate, Detect
2012-03-11Johannes UllrichAn Analysis of Jester's QR Code Attack. (Guest Diary)
2012-03-03Jim ClausingNew automated sandbox for Android malware
2012-02-23donald smithDNS-Changer "clean DNS" extension requested
2012-02-22Johannes UllrichHow to test OS X Mountain Lion's Gatekeeper in Lion
2012-01-27Mark HofmanCISCO Ironport C & M Series telnet vulnerability
2012-01-22Johannes UllrichJavascript DDoS Tool Analysis
2012-01-13Guy BruneauSysinternals Updates - http://blogs.technet.com/b/sysinternals/archive/2012/01/13/updates-autoruns-v11-21-coreinfo-v3-03-portmon-v-3-03-process-explorer-v15-12-mark-s-blog-and-mark-at-rsa-2012.aspx
2012-01-03Bojan ZdrnjaThe tale of obfuscated JavaScript continues
2011-12-13Johannes UllrichDecember 2011 Adobe Black Tuesday
2011-12-08Adrien de BeaupreMicrosoft Security Bulletin Advance Notification for December 2011
2011-12-07Lenny ZeltserV8 as an Alternative to SpiderMonkey for JavaScript Deobfuscation
2011-12-01Mark HofmanSQL Injection Attack happening ATM
2011-11-03Richard PorterAn Apple, Inc. Sandbox to play in.
2011-11-01Russ McReeSecure languages & frameworks
2011-11-01Russ McReeHoneynet Project: Android Reverse Engineering (A.R.E.) Virtual Machine released
2011-10-29Richard PorterThe Sub Critical Control? Evidence Collection
2011-10-28Russ McReeCritical Control 19: Data Recovery Capability
2011-10-28Daniel WesemannCritical Control 20: Security Skills Assessment and Training to fill Gaps
2011-10-27Mark BaggettCritical Control 18: Incident Response Capabilities
2011-10-26Rick WannerCritical Control 17:Penetration Tests and Red Team Exercises
2011-10-26Rob VandenBrinkThe Theoretical "SSL Renegotiation" Issue gets a Whole Lot More Real !
2011-10-17Rob VandenBrinkCritical Control 11: Account Monitoring and Control
2011-10-13Guy BruneauCritical Control 10: Continuous Vulnerability Assessment and Remediation
2011-10-12Kevin ShorttCritical Control 8 - Controlled Use of Administrative Privileges
2011-10-11Swa FrantzenCritical Control 7 - Application Software Security
2011-10-10Jim ClausingCritical Control 6 - Maintenance, Monitoring, and Analysis of Security Audit Logs
2011-10-07Mark HofmanCritical Control 5 - Boundary Defence
2011-10-04Rob VandenBrinkCritical Control 2 - Inventory of Authorized and Unauthorized Software
2011-10-04Johannes UllrichCritical Control 3 - Secure Configurations for Hardware and Software on Laptops, Workstations and Servers
2011-10-03Tom ListonSecurity 101 : Security Basics in 140 Characters Or Less
2011-10-03Mark HofmanCritical Control 1 - Inventory of Authorized and Unauthorized Devices
2011-10-03Mark BaggettWhat are the 20 Critical Controls?
2011-10-02Mark HofmanCyber Security Awareness Month Day 1/2 - Schedule
2011-10-02Mark HofmanCyber Security Awareness Month Day 1/2 - Introduction to the controls
2011-10-01Mark HofmanHot on the heels fo FF, Thunderbird v 7.0.1 and SeaMonkey v 2.4.1 have been updated.
2011-09-28Richard PorterAll Along the ARP Tower!
2011-09-21Mark HofmanOctober 2011 Cyber Security Awareness Month
2011-09-05Bojan Zdrnja
2011-08-26Johannes UllrichSANS Virginia Beach Conference Canceled. Details: http://www.sans.org/virginia-beach-2011/
2011-08-26Johannes UllrichSome Hurricane Technology Tips
2011-08-17Rob VandenBrinkPutting all of Your Eggs in One Basket - or How NOT to do Layoffs
2011-08-16Johannes UllrichWhat are the most dangerous web applications and how to secure them?
2011-08-14Guy BruneauFireCAT 2.0 Released
2011-08-13Rick WannerMoonSols Dumpit released...for free!
2011-08-11Guy BruneauBlackBerry Enterprise Server Critical Update
2011-07-30Deborah HaleData Encryption Ban? Really?
2011-07-29Richard PorterApple Lion talking on TCP 5223
2011-07-28Johannes UllrichAnnouncing: The "404 Project"
2011-07-27Johannes UllrichInternet Storm Center iPhone App now available. Feedback/Feature Requests welcome. Search App Store for "ISC Reader"
2011-07-25Chris MohanMonday morning incident handler practice
2011-07-21Mark HofmanLion Released
2011-07-21Johannes UllrichLion: What is new in Security
2011-07-19Richard PorterSMS Phishing at the SANSFire 2011 Handler Dinner
2011-07-11John BambenekAnother Defense Contractor Hacked in AntiSec Hacktivism Spree
2011-07-09Chris MohanSafer Windows Incident Response
2011-07-05Raul SilesHelping Developers Understand Security - Spot the Vuln
2011-07-03Deborah HaleBusiness Continuation in the Face of Disaster
2011-06-22Guy BruneauHow Good is your Employee Termination Policy?
2011-06-21Chris MohanStartSSL, a web authentication authority, suspend services after a security breach
2011-06-17Richard PorterWhen do you stop owning Technology?
2011-06-12Mark HofmanCloud thoughts
2011-06-09Richard PorterOne Browser to Rule them All?
2011-06-06Johannes UllrichThe Havij SQL Injection Tool
2011-06-04Rick WannerDo you have a personal disaster recovery plan?
2011-05-18Bojan ZdrnjaAndroid, HTTP and authentication tokens
2011-04-29Guy BruneauFirefox, Thunderbird and SeaMonkey Security Updates
2011-04-28Chris MohanDSL Reports advise 9,000 accounts were compromised
2011-04-26John BambenekIs the Insider Threat Really Over?
2011-04-25Rob VandenBrinkSony PlayStation Network Outage - Day 5
2011-04-22Manuel Humberto Santander PelaezIn-house developed applications: The constant headache for the information security officer
2011-04-22Manuel Humberto Santander PelaeziPhoneMap: iPhoneTracker port to Linux
2011-04-20Daniel WesemannData Breach Investigations Report published by Verizon
2011-04-20Johannes UllrichiPhone GPS Data Storage
2011-04-19Bojan Zdrnja
2011-04-05Mark HofmanSony DDOS
2011-04-04Mark HofmanWhen your service provider has a breach
2011-04-03Richard PorterExtreme Disclosure? Not yet but a great trend!
2011-04-01John BambenekLizaMoon Mass SQL-Injection Attack Infected at least 500k Websites
2011-03-25Kevin ListonAPT Tabletop Exercise
2011-03-11Guy BruneauSnort IDS Sensor with Sguil Framework ISO
2011-03-09Chris MohanPossible Issue with Forefront Update KB2508823
2011-03-07Lorna HutchesonCall for Packets - Unassigned TCP Options
2011-03-04Mark HofmanA new version of Seamonkey is available, includes security fixes. More details here http://www.seamonkey-project.org/news#2011-03-02
2011-02-21Adrien de Beaupre
2011-02-14Lorna HutchesonNetwork Visualization
2011-02-09Mark HofmanAdobe Patches (shockwave, Flash, Reader & Coldfusion)
2011-02-07Richard PorterCrime is still Crime! Pt 2
2011-02-05Guy BruneauOpenSSH Legacy Certificate Information Disclosure Vulnerability
2011-01-12Richard PorterHow Many Loyalty Cards do you Carry?
2011-01-12Richard PorterYet Another Data Broker? AOL Lifestream.
2011-01-03Johannes UllrichWhat Will Matter in 2011
2010-12-26Manuel Humberto Santander PelaezISC infocon monitor app for OS X
2010-12-25Manuel Humberto Santander PelaezAn interesting vulnerability playground to learn application vulnerabilities
2010-12-12Raul SilesNew trend regarding web application vulnerabilities?
2010-12-02Kevin JohnsonSQL Injection: Wordpress 3.0.2 released
2010-11-29Stephen HalliPhone phishing - What you see, isn't what you get
2010-11-24Bojan ZdrnjaPrivilege escalation 0-day in almost all Windows versions
2010-11-17Guy BruneauConficker B++ Activated on Nov 15
2010-11-17Guy BruneauCisco Unified Videoconferencing Affected by Multiple Vulnerabilities
2010-11-05Adrien de BeaupreBot honeypot
2010-11-02Johannes UllrichLimited Malicious Search Engine Poisoning for Election
2010-10-31Marcus SachsCyber Security Awareness Month - Day 31 - Tying it all together
2010-10-30Guy BruneauCyber Security Awareness Month - Day 30 - Role of the network team
2010-10-29Manuel Humberto Santander PelaezCyber Security Awareness Month - Day 29- Role of the office geek
2010-10-28Rick WannerCyber Security Awareness Month - Day 27 - Social Media use in the office
2010-10-28Tony CarothersCyber Security Awareness Month - Day 28 - Role of the employee
2010-10-26Pedro BuenoCyber Security Awareness Month - Day 26 - Sharing Office Files
2010-10-25Kevin ShorttCyber Security Awareness Month - Day 25 - Using Home Computers for Work
2010-10-24Swa FrantzenCyber Security Awarenes Month - Day 24 - Using work computers at home
2010-10-23Mark HofmanCyber Security Awareness Month - Day 23 - The Importance of compliance
2010-10-22Manuel Humberto Santander PelaezIntypedia project
2010-10-22Daniel WesemannCyber Security Awareness Month - Day 22 - Security of removable media
2010-10-21Chris CarboniCyber Security Awareness Month - Day 21 - Impossible Requests from the Boss
2010-10-20Jim ClausingCyber Security Awareness Month - Day 20 - Securing Mobile Devices
2010-10-19Rob VandenBrinkCyber Security Awareness Month - Day 19 - Remote Access Tools
2010-10-19Rob VandenBrinkCyber Security Awareness Month - Day 19 - Remote User VPN Tunnels - to Split or not to Split?
2010-10-19Rob VandenBrink
2010-10-19Rob VandenBrink
2010-10-19Rob VandenBrinkCyber Security Awareness Month - Day 19 - VPN and Remote Access Tools
2010-10-18Manuel Humberto Santander PelaezCyber Security Awareness Month - Day 18 - What you should tell your boss when there's a crisis
2010-10-17Stephen HallCyber Security Awareness Month - Day 17 - What a boss should and should not have access to
2010-10-15Marcus SachsCyber Security Awareness Month - Day 15 - What Teachers Need to Know About Their Students
2010-10-15Guy BruneauCyber Security Awareness Month - Day 16 - Securing a donated computer
2010-10-14Johannes UllrichCyber Security Awareness Month - Day 14 - Securing a public computer
2010-10-13Deborah HaleCyber Security Awareness Month - Day 13 - Online Bullying
2010-10-12Scott FendleyCyber Security Awareness Month - Day 12 - Protecting and Managing Your Digital Identity On Social Media Sites
2010-10-11Rick WannerCyber Security Awareness Month - Day 11 - Safe Browsing for Teens
2010-10-10Kevin ListonCyber Security Awareness Month - Day 10 - Safe browsing for pre-teens
2010-10-09Kevin ShorttCyber Security Awareness Month - Day 9 - Disposal of an Old Computer
2010-10-08Rick WannerCyber Security Awareness Month - Day 8 - Patch Management and System Updates
2010-10-06Rob VandenBrinkCyber Security Awareness Month - Day 7 - Remote Access and Monitoring Tools
2010-10-06Marcus SachsCyber Security Awareness Month - Day 6 - Computer Monitoring Tools
2010-10-05Rick WannerCyber Security Awareness Month - Day 5 - Sites you should stay away from
2010-10-04Daniel WesemannCyber Security Awareness Month - Day 4 - Managing EMail
2010-10-04Mark HofmanOnline Voting
2010-10-03Adrien de Beaupre Cyber Security Awareness Month - Day 3 - Recognizing phishing and online scams
2010-10-02Mark HofmanCyber Security Awareness Month - Day 2 - Securing the Family Network
2010-10-01Marcus SachsCyber Security Awareness Month - 2010
2010-10-01Marcus SachsCyber Security Awareness Month - Day 1 - Securing the Family PC
2010-09-26Daniel WesemannEgosurfing, the corporate way
2010-09-25Rick WannerGuest Diary: Andrew Hunt - Visualizing the Hosting Patterns of Modern Cybercriminals
2010-09-21Johannes UllrichImplementing two Factor Authentication on the Cheap
2010-09-04Kevin ListonInvestigating Malicious Website Reports
2010-08-23Manuel Humberto Santander PelaezFirefox plugins to perform penetration testing activities
2010-08-22Rick WannerFailure of controls...Spanair crash caused by a Trojan
2010-08-19Rob VandenBrinkChange is Good. Change is Bad. Change is Life.
2010-08-16Raul SilesBlind Elephant: A New Web Application Fingerprinting Tool
2010-08-15Manuel Humberto Santander PelaezObfuscated SQL Injection attacks
2010-08-15Manuel Humberto Santander PelaezPython to test web application security
2010-08-08Marcus SachsThinking about Cyber Security Awareness Month in October
2010-08-06Rob VandenBrinkFOXIT PDF Reader update to resolve iPhone/iPad Jailbreak issue ==> http://www.foxitsoftware.com/announcements/2010861227.html
2010-08-05Manuel Humberto Santander PelaezAdobe Acrobat Font Parsing Integer Overflow Vulnerability
2010-08-05Rob VandenBrinkAccess Controls for Network Infrastructure
2010-08-03Johannes UllrichWhen Lightning Strikes
2010-08-01Manuel Humberto Santander PelaezEvation because IPS fails to validate TCP checksums?
2010-07-29Rob VandenBrinkThe 2010 Verizon Data Breach Report is Out
2010-07-24Manuel Humberto Santander PelaezTransmiting logon information unsecured in the network
2010-07-20Manuel Humberto Santander PelaezLowering infocon back to green
2010-07-18Manuel Humberto Santander PelaezSAGAN: An open-source event correlation system - Part 1: Installation
2010-07-13Jim ClausingVMware Studio Security Update
2010-06-29Johannes UllrichHow to be a better spy: Cyber security lessons from the recent russian spy arrests
2010-06-23Johannes UllrichIPv6 Support in iOS 4
2010-06-15Manuel Humberto Santander PelaezTCP evasions for IDS/IPS
2010-06-15Manuel Humberto Santander PelaeziPhone 4 Order Security Breach Exposes Private Information
2010-06-14Manuel Humberto Santander PelaezAnother way to get protection for application-level attacks
2010-06-14Manuel Humberto Santander PelaezPython on a microcontroller?
2010-06-14Manuel Humberto Santander PelaezRogue facebook application acting like a worm
2010-06-09Deborah HaleMass Infection of IIS/ASP Sites
2010-06-07Manuel Humberto Santander PelaezSoftware Restriction Policy to keep malware away
2010-06-06Manuel Humberto Santander PelaezNice OS X exploit tutorial
2010-06-04Rick WannerNew Honeynet Project Forensic Challenge
2010-06-02Mark HofmanOpenSSL version 1.0.0a released. This fixes a number of security issues. Don't forget a number of commercial appliances will be using this, so look for vendor updates soon.
2010-06-02Rob VandenBrinkNew Mac malware - OSX/Onionspy
2010-05-22Rick WannerSANS 2010 Digital Forensics Summit - APT Based Forensic Challenge
2010-05-15Deborah HalePhony Phone Scam
2010-05-12Rob VandenBrinkAdobe Shockwave Update
2010-04-22John BambenekData Redaction: You're Doing it Wrong
2010-04-21Guy BruneauGoogle Chrome Security Update v4.1.249.1059 Released: http://googlechromereleases.blogspot.com/2010/04/stable-update-security-fixes.html
2010-04-20Raul SilesAre You Ready for a Transportation Collapse...?
2010-04-18Guy BruneauSome NetSol hosted sites breached
2010-04-13Adrien de BeaupreWeb App Testing Tools
2010-04-12Adrien de BeaupreGet yer bogons out!
2010-04-08Bojan ZdrnjaJavaScript obfuscation in PDF: Sky is the limit
2010-04-06Daniel WesemannApplication Logs
2010-04-04Mari NicholsFinancial Management of Cyber Risk
2010-04-02Guy BruneauFirefox 3.6.3 fix for CVE-2010-1121 http://www.mozilla.org/security/announce/2010/mfsa2010-25.html
2010-04-02Guy BruneauSecurity Advisory for ESX Service Console
2010-03-30Marcus SachsZigbee Analysis Tools
2010-03-28Rick WannerHoneynet Project: 2010 Forensic Challenge #3
2010-03-27Guy BruneauHP-UX Running NFS/ONCplus, Inadvertently Enabled NFS
2010-03-25Kevin ListonResponding to "Copyright Lawsuit filed against you"
2010-03-21Scott FendleySkipfish - Web Application Security Tool
2010-03-21Chris CarboniResponding To The Unexpected
2010-03-10Rob VandenBrinkMicrosoft Security Advisory 981374 - Remote Code Execution Vulnerability for IE6 and IE7
2010-03-10Rob VandenBrinkMicrosoft re-release of KB973811 - attacks on Extended Protection for Authentication
2010-03-08Raul SilesSamurai WTF 0.8
2010-03-07Mari NicholsDHS issues Cybersecurity challenge
2010-03-06Tony CarothersIntegration and the Security of New Technologies
2010-03-05Kyle HaugsnessJavascript obfuscators used in the wild
2010-03-03Johannes UllrichReports about large number of fake Amazon order confirmations
2010-02-22Rob VandenBrinkNew Risks in Penetration Testing
2010-02-21Patrick Nolan Looking for "more useful" malware information? Help develop the format.
2010-02-20Mari NicholsIs "Green IT" Defeating Security?
2010-02-17Rob VandenBrinkDefining Clouds - " A Cloud by any Other Name Would be a Lot Less Confusing"
2010-02-17Rob VandenBrinkMultiple Security Updates for ESX 3.x and ESXi 3.x
2010-02-15Johannes UllrichVarious Olympics Related Dangerous Google Searches
2010-02-06Guy BruneauLANDesk Management Gateway Vulnerability
2010-02-03Rob VandenBrinkAPPLE-SA-2010-02-02-1 iPhone OS 3.1.3 and iPhone OS 3.1.3 for iPod touch
2010-02-02Guy BruneauAdobe ColdFusion Information Disclosure
2010-01-29Adrien de BeaupreNeo-legacy applications
2010-01-27Raul SilesEuropean Union Security Challenge (Campus Party 2010)
2010-01-24Pedro BuenoOutdated client applications
2010-01-22Mari NicholsPass-down for a Successful Incident Response
2010-01-17Mark HofmanWhy not Yellow?
2010-01-08Rob VandenBrinkMicrosoft OfficeOnline, Searching for Trust and Malware
2009-12-21Marcus SachsiPhone Botnet Analysis
2009-12-19Deborah HaleEducationing Our Communities
2009-12-16Rob VandenBrinkSeamonkey Update to 2.0.1, find the release notes here ==> http://www.seamonkey-project.org/releases/seamonkey2.0.1
2009-12-07Rob VandenBrink
2009-12-02Rob VandenBrinkSPAM and Malware taking advantage of H1N1 concerns
2009-11-29Patrick Nolan A Cloudy Weekend
2009-11-25Jim ClausingUpdates to my GREM Gold scripts and a new script
2009-11-24John BambenekBIND Security Advisory (DNSSEC only)
2009-11-13Adrien de BeaupreTLS & SSLv3 renegotiation vulnerability explained
2009-11-13Adrien de BeaupreConficker patch via email?
2009-11-11Rob VandenBrinkLayer 2 Network Protections against Man in the Middle Attacks
2009-11-09Chris Carboni80's Flashback on Jailbroken iPhones
2009-11-08Bojan ZdrnjaiPhone worm in the wild
2009-11-02Rob VandenBrinkMicrosoft releases v1.02 of Enhanced Mitigation Evaluation Toolkit (EMET)
2009-10-30Rob VandenBrinkNew version of NIST 800-41, Firewalls and Firewall Policy Guidelines
2009-10-29Kyle HaugsnessCyber Security Awareness Month - Day 29 - dns port 53
2009-10-28Johannes UllrichCyber Security Awareness Month - Day 28 - ntp (123/udp)
2009-10-27Rob VandenBrinkNew VMware Desktop Products Released (Workstation, Fusion, ACE)
2009-10-26Johannes UllrichWeb honeypot Update
2009-10-25Lorna HutchesonCyber Security Awareness Month - Day 25 - Port 80 and 443
2009-10-22Adrien de BeaupreCyber Security Awareness Month - Day 22 port 502 TCP - Modbus
2009-10-20Raul SilesWASC 2008 Statistics
2009-10-19Daniel WesemannCyber Security Awareness Month - Day 19 - ICMP
2009-10-18Mari NicholsComputer Security Awareness Month - Day 18 - Telnet an oldie but a goodie
2009-10-17Rick WannerUnusual traffic from Loopback to Unused ARIN address
2009-10-16Adrien de BeaupreCyber Security Awareness Month - Day 16 - Port 1521 - Oracle TNS Listener
2009-10-15Deborah HaleYet another round of Viral Spam
2009-10-11Mark HofmanCyber Security Awareness Month - Day 12 Ports 161/162 Simple Network Management Protocol (SNMP)
2009-10-09Rob VandenBrinkCyber Security Awareness Month - Day 9 - Port 3389/tcp (RDP)
2009-10-09Rob VandenBrinkAT&T Cell Phone Phish
2009-10-06Adrien de BeaupreCyber Security Awareness Month - Day 6 ports 67&68 udp - bootp and dhcp
2009-10-05Adrien de BeaupreCyber Security Awareness Month - Day 5 port 31337
2009-10-04Guy BruneauSamba Security Information Disclosure and DoS
2009-10-02Stephen HallCyber Security Awareness Month - Day 2 - Port 0
2009-10-02Stephen HallVMware Fusion updates to fixes a couple of bugs
2009-10-02Stephen HallVerizon New York area issues
2009-09-26Kyle HaugsnessConficker detection hints
2009-09-25Deborah HaleConficker Continues to Impact Networks
2009-09-23Marcus SachsAddendum to SRI's Conficker C Analysis Published
2009-09-19Rick WannerSysinternals Tools Updates
2009-09-18Jason LamResults from Webhoneypot project
2009-09-16Raul SilesReview the security controls of your Web Applications... all them!
2009-09-12Jim ClausingApple Updates
2009-09-07Lorna HutchesonEncrypting Data
2009-09-04Adrien de BeaupreSeaMonkey Security Update
2009-08-29Guy BruneauImmunet Protect - Cloud and Community Malware Protection
2009-08-28Adrien de BeaupreWPA with TKIP done
2009-08-13Jim ClausingTools for extracting files from pcaps
2009-08-08Guy BruneauXML Libraries Data Parsing Vulnerabilities
2009-08-01Deborah HaleWebsite Warnings
2009-07-31Deborah HaleDon't forget to tell your SysAdmin Thanks
2009-07-31Deborah HaleThe iPhone patch is out
2009-07-30Deborah HaleiPhone Hijack
2009-07-28Adrien de BeaupreYYAMCCBA
2009-07-27Raul SilesNew Hacker Challenge: Prison Break - Breaking, Entering & Decoding
2009-07-23John BambenekMissouri Passes Breach Notification Law: Gap Still Exists for Banking Account Information
2009-07-18Patrick NolanChrome update contains Security fixes
2009-07-16Bojan ZdrnjaOWC exploits used in SQL injection attacks
2009-07-13Adrien de Beaupre* Infocon raised to yellow for Excel Web Components ActiveX vulnerability
2009-07-10Guy BruneauWordPress Fixes Multiple vulnerabilities
2009-07-07Marcus Sachs* INFOCON Status - staying green
2009-07-05Bojan ZdrnjaMore on ColdFusion hacks
2009-07-03Adrien de BeaupreFCKEditor advisory
2009-07-02Bojan ZdrnjaCold Fusion web sites getting compromised
2009-06-30Chris CarboniObfuscated Code
2009-06-30Chris CarboniDe-Obfuscation Submissions
2009-06-27Tony CarothersNew NIAP Strategy on the Horizon
2009-06-21Bojan ZdrnjaApache HTTP DoS tool mitigation
2009-06-16John BambenekIran Internet Blackout: Using Twitter for Operational Intelligence
2009-06-11Rick WannerMIR-ROR Motile Incident Response - Respond Objectively Remediate
2009-06-11Rick WannerWHO Declares Flu A(H1N1) a Pandemic
2009-06-11Jason LamDshield Web Honeypot going beta
2009-05-29Lorna HutchesonVMWare Patches Released
2009-05-26Jason LamA new Web application security blog
2009-05-25Jim ClausingMore tools for (US) Memorial Day
2009-05-20Tom ListonWeb Toolz
2009-05-19Bojan ZdrnjaAdvanced blind SQL injection (with Oracle examples)
2009-05-15Daniel WesemannWarranty void if seal shredded?
2009-05-09Patrick NolanShared SQL Injection Lessons Learned blog item
2009-05-01Adrien de BeaupreIncident Management
2009-04-24John BambenekData Leak Prevention: Proactive Security Requirements of Breach Notification Laws
2009-04-21Bojan ZdrnjaWeb application vulnerabilities
2009-04-20Jason LamDigital Content on TV
2009-04-16Adrien de BeaupreIncident Response vs. Incident Handling
2009-04-16Adrien de BeaupreSome conficker lessons learned
2009-04-10Stephen HallFirefox 3 updates now in Seamonkey
2009-04-09Johannes UllrichConficker update with payload
2009-04-09Jim ClausingConficker Working Group site down
2009-04-07Bojan ZdrnjaAdvanced JavaScript obfuscation (or why signature scanning is a failure)
2009-04-05Marcus SachsOpen Source Conficker-C Scanner/Detector Released
2009-04-02Handlers A view from the CWG Trenches
2009-03-30Daniel WesemannLocate Conficker infected hosts with a network scan!
2009-03-29Chris CarboniApril 1st - What Will Really Happen?
2009-03-26Mark HofmanWebhoneypot fun
2009-03-26Mark HofmanSanitising media
2009-03-20Stephen HallMaking the most of your runbooks
2009-03-10Swa Frantzenconspiracy fodder: pifts.exe
2009-03-08Marcus SachsBehind the Estonia Cyber Attacks
2009-03-02Swa FrantzenObama's leaked chopper blueprints: anything we can learn?
2009-02-25Andre LudwigPreview/Iphone/Linux pdf issues
2009-02-25Swa FrantzenTargeted link diversion attempts
2009-02-17Jason LamDShield Web Honeypot - Alpha Preview Release
2009-02-13Andre LudwigThird party information on conficker
2009-02-12Mark HofmanAustralian Bushfires
2009-02-11Robert DanfordProFTPd SQL Authentication Vulnerability exploit activity
2009-02-10Bojan ZdrnjaMore tricks from Conficker and VM detection
2009-02-09Bojan ZdrnjaSome tricks from Conficker's bag
2009-01-25Rick WannerTwam?? Twammers?
2009-01-20Adrien de BeaupreObamamania
2009-01-16G. N. WhiteConficker.B/Downadup.B/Kido: F-Secure publishes details pertaining to their counting methodology of compromised machines
2009-01-15Bojan ZdrnjaConficker's autorun and social engineering
2009-01-12William SaluskyDownadup / Conficker - MS08-067 exploit and Windows domain account lockout
2009-01-12William SaluskyWeb Application Firewalls (WAF) - Have you deployed WAF technology?
2009-01-07William SaluskyBIND 9.x security patch - resolves potentially new DNS poisoning vector
2008-12-12Johannes UllrichMSIE 0-day Spreading Via SQL Injection
2008-12-09Swa FrantzenContacting us might be hard today
2008-12-02Deborah HaleSonicwall License Manager Failure
2008-12-01Jason LamCall for volunteers - Web Honeypot Project
2008-12-01Jason LamInput filtering and escaping in SQL injection mitigation
2008-11-25Andre LudwigThe beginnings of a collaborative approach to IDS
2008-11-20Jason LamLarge quantity SQL Injection mitigation
2008-11-17Jim ClausingA new cheat sheet and a contest
2008-11-16Maarten Van HorenbeeckDetection of Trojan control channels
2008-11-02Mari NicholsDay 33 - Working with Management to Improve Processes
2008-10-17Rick WannerDay 18 - Containing Other Incidents
2008-10-15Rick WannerDay 15 - Containing the Damage From a Lost or Stolen Laptop
2008-10-12Mari NicholsDay 12 Containment: Gathering Evidence That Can be Used in Court
2008-09-29Daniel WesemannASPROX mutant
2008-09-22Maarten Van HorenbeeckData exfiltration and the use of anonymity providers
2008-09-22Jim ClausingLessons learned from the Palin (and other) account hijacks
2008-09-21Mari NicholsYou still have time!
2008-09-20Rick WannerNew (to me) nmap Features
2008-09-11David GoldsmithCookieMonster is coming to Pown (err, Town)
2008-09-10Adrien de BeaupreApple updates iPod Touch + Bonjour for Windows
2008-09-09Swa FrantzenEvil side economy: $1 for breaking 1000 CAPTCHAs
2008-09-07Daniel WesemannStaying current, but not too current
2008-09-03Daniel WesemannStatic analysis of Shellcode - Part 2
2008-09-03donald smithNew bgp hijack isn't very new.
2008-09-01John BambenekThe Number of Machines Controlled by Botnets Has Jumped 4x in Last 3 Months
2008-08-23Mark HofmanSQL injections - an update
2008-08-12Johannes UllrichUpcoming Infocon Test and new Color
2008-08-10Stephen HallFrom lolly pops to afterglow
2008-08-08Mark HofmanMore SQL Injections - very active right now
2008-08-03Deborah HaleSecuring A Network - Lessons Learned
2008-07-24Bojan ZdrnjaWhat's brewing in Danmec's pot?
2008-07-17Mari NicholsAdobe Reader 9 Released
2008-07-14Daniel WesemannObfuscated JavaScript Redux
2008-07-11Jim ClausingHandling the load
2008-06-30Marcus SachsMore SQL Injection with Fast Flux hosting
2008-06-25Deborah HaleReport of Coreflood.dr Infection
2008-06-24Jason LamSQL Injection mitigation in ASP
2008-06-24Jason LamMicrosoft SQL Injection Prevention Strategy
2008-06-23donald smithPreventing SQL injection
2008-06-13Johannes UllrichSQL Injection: More of the same
2008-06-13Johannes UllrichFloods: More of the same (2)
2008-06-07Jim ClausingFollowup to 'How do you monitor your website?'
2008-05-26Marcus SachsPredictable Response
2008-05-20Raul SilesList of malicious domains inserted through SQL injection
2008-05-17Jim ClausingDisaster donation scams continue
2008-04-24donald smithHundreds of thousands of SQL injections
2008-04-16Bojan ZdrnjaThe 10.000 web sites infection mystery solved
2008-04-07John BambenekHP USB Keys Shipped with Malware for your Proliant Server
2008-04-07John BambenekNetwork Solutions Technical Difficulties? Enom too
2008-04-06Daniel WesemannAdvanced obfuscated JavaScript analysis
2008-04-03Bojan ZdrnjaMixed (VBScript and JavaScript) obfuscation
2008-03-30Mark HofmanMail Anyone?
2008-03-14Kevin Liston2117966.net-- mass iframe injection
2008-01-09Bojan ZdrnjaMass exploits with SQL Injection
2007-02-24Jason LamPrepared Statements and SQL injections
2006-10-02Jim ClausingBack to green, but the exploits are still running wild
2006-09-30Swa FrantzenYellow: WebViewFolderIcon setslice exploit spreading

RAILS

2013-06-27Tony CarothersRuby Update for SSL Vulnerability
2013-01-09Rob VandenBrinkSQL Injection Flaw in Ruby on Rails