Security musings (reflectorium)
Security musings (reflectorium)
Sunday, September 19, 2004
Bassajew and costs of terror attacks(0) comments
I heard on the car radio the other day that Bassajew gave numbers on how much the recent terror attacks in Russia and Beslan did cost him. I remember something like 9,600 USD for the Beslan terror attack (in which terrorists took pupils, teachers and parents hostage) and something like 7,000 USD and 4,000 USD for the suicide bombing in Moscow and the bombings of two Russian passenger planes.
Here are some links:
Nur allzuwahr.. IT-Sicherheitsbeauftragter im c't Kartoon..(0) comments
in German ;-) http://www.heise.de/ct/schlagseite/04/20/
Saturday, September 18, 2004
M$ Windows XP Professional Bugging Device?(2) comments
Cccure has a list of 47 spots in Microsoft XP Professional that the anonymous author of that document thinks are cases of possible concern. (PARANOIA! on/off) - or maybe I'd say are "paranoia entry points"?
- While I think that most of them are quite irrelevant, it's probably not bad to adjust/verify personal paranoia levels on a Sunday morning..
(in Germany:) The legal obligations and the responsibilities in case(0) comments
Friday, September 17, 2004
A visual history of spam (and virus) email(0) comments
..from the blog of Raymond Chen (who has kept every single piece of spam and virus email since mid-1997).
Thursday, September 16, 2004
German IT agency sets record straight on IE(0) comments
There has been some noise after the German Information Security Agency (BSI) apparently hinted that using a non-Microsoft web browser might give you less security headaches. NetworkFusion is covering the current state (and some clarifications by the BSI) in an article called "German IT agency sets record straight on IE".
- As you could expect, the BSI is choosing some less harsh language.
The most interesting quote from it is: "Microsoft has responded to the developments by offering discounts to the country's vast public sector and agreeing to provide special assistance with software security."
Now - if I were the IT security agency chief of any country, wouldn't I just copy&paste the original BSI statements?? (and gain a hefty discount plus MS security consultancy package for my people??)
Minimization of network services on Windows systems(0) comments
Very interesting reading. - I found it at the TAO security blog , that also has a nice summary.
The CISSP secret hand shake(0) comments
For all who have wondered - there is indeed a secret handshake to recognize fellow CISSPs.
From a post by Mark Lachniet to cissp-forum (a high profile, highly professional closed list):
"It's just like the gangster handshake
- fist (above),
Then you say "wondertwin powers activate - shape of a risk assessment methodology" and "shape of a properly configured and managed IDS system"
From personal experience, you are supposed to order beers right after saying this...
Wednesday, September 15, 2004
for what it's worth. I haven't checked the allegations made at the link above, so take them with a grain of salt.
Also, http://www.gmx.de/ has largely increased it's free webmail quota to 1 GB, see here.
- Gmail is Google's mail service.
Monday, September 13, 2004
TAMU 1999 Bonfire Disaster - a management tale on why proactive risk management matters(0) comments
Texas A&M - or "Aggieland" - is a rather well-known US university with a (military-style pre-) "school of cadets". It's home of the George Bush Presidential Library, very close to the Bush's family ranch and a somewhat peculiar place. I spent quite some time in and around campus in '93-'96.
Texas A&M is well-known for its football team, its inherent despise for the Univerity of Texas (at Austin) and the "team spirit" of its students and honored traditions.
Up to 1999 one of the key traditions was the annual Bonfire - which developed into a major three-story construction. - I always had the feeling that more wood was burned in that fire, than was used as paper at that place.
In 1999, the bonfire collapsed killing several people. The university was pressured to launch an in-depth investigation, which came up with quite shocking findings.
I think this is a really good story that demonstrates just how important a pro-active risk management is.
Some quotes from the final report:
Lack of a written Bonfire design or construction methodology is in the Commission’s view both an important barrier failure and very relevant to the collapse. This deficiency has resulted in multiple design changes year-to-year, no established process for design reviews, and no documentation of critical design factors. This was clearly evidenced in interviews with University officials and students. On numerous occasions, interviewees described a world in which design decisions were made with no written guidance, no formal reviews, and no knowledge of critical design factors.
Saturday, September 11, 2004
Breach! Breach! - http://www.ratemynetworkdiagram.com(0) comments
This is a strange site: http://www.ratemynetworkdiagram.com/
I wonder just who's putting stuff up there - and what is it for?
- A honeypot for the dim-witted?
Or some dating site for nerds? =)))
RSS Feed now atom.xml!
Essential Security Web-Sites
Recently added Detections from CAI
Standalone Virus Cleaner
Trendmicro Sysclean and Signature, Symantec Removal tools, Stinger from McAfee, F-Secure removal tools, Bitdefender free removal tools
ARCHIVES11/01/2003 - 12/01/2003
/ 12/01/2003 - 01/01/2004
/ 01/01/2004 - 02/01/2004
/ 02/01/2004 - 03/01/2004
/ 03/01/2004 - 04/01/2004
/ 04/01/2004 - 05/01/2004
/ 05/01/2004 - 06/01/2004
/ 06/01/2004 - 07/01/2004
/ 07/01/2004 - 08/01/2004
/ 08/01/2004 - 09/01/2004
/ 09/01/2004 - 10/01/2004
/ 10/01/2004 - 11/01/2004
/ 01/01/2005 - 02/01/2005
/ 02/01/2005 - 03/01/2005
/ 03/01/2005 - 04/01/2005
/ 04/01/2005 - 05/01/2005
/ 05/01/2005 - 06/01/2005
/ 06/01/2005 - 07/01/2005
/ 07/01/2005 - 08/01/2005
/ 01/01/2006 - 02/01/2006
/ 02/01/2006 - 03/01/2006
/ 03/01/2006 - 04/01/2006
/ 06/01/2006 - 07/01/2006
/ 08/01/2006 - 09/01/2006
/ 09/01/2006 - 10/01/2006
/ 12/01/2006 - 01/01/2007
/ 03/01/2007 - 04/01/2007
/ 05/01/2007 - 06/01/2007
/ 07/01/2007 - 08/01/2007
/ 08/01/2007 - 09/01/2007
/ 10/01/2007 - 11/01/2007
/ 11/01/2007 - 12/01/2007
/ 12/01/2007 - 01/01/2008
/ 02/01/2008 - 03/01/2008
/ 09/01/2008 - 10/01/2008
/ 10/01/2008 - 11/01/2008
/ 03/01/2009 - 04/01/2009
/ 09/01/2009 - 10/01/2009
/ 11/01/2009 - 12/01/2009
/ 01/01/2010 - 02/01/2010
/ 02/01/2010 - 03/01/2010
/ 06/01/2010 - 07/01/2010