Commentary & Insight From S?nnet Beskerming
Covering news on emerging threats, advice on good security practices, analysis, explanation of technical news items, and brief, accurate, non-biased synopsis of security-focussed technology trends, S?nnet Beskerming commentary is many things.
Whether you call it a blog, online journalism, or commentary on events, this is where you can find and search all relevant articles published by S?nnet Beskerming.
All articles will eventually be made available free of charge, however some content is initially only available to paying subscribers.
Available entries
SQLLite Management Application ripe for Picking?
Posted in: Information Security
SQLLite is probably the world's most wide-deployed SQL database platform, being found in:
*125 million copies of Mozilla Firefox *20 million Mac computers, each of which contains multiple copies of SQLite *20 million websites run PHP which has SQLite built in. *300 million downloads of the Sk....
Posted: 29 March 2008 22:43
The Truth is, Everyone is a Target
Posted in: Information Security
It has been a common refrain of Information Security professionals that security by obscurity is no security at all, and that when a technology or platform becomes popular enough through use it will also come under increased focus of attackers. The underlying premise is that most technology is more....
Posted: 29 March 2008 22:26
Don't Click Here
Posted in: Information Security
A number of media outlets are now covering news of a program run by the FBI that led to the arrest of people for clicking on fake links that the FBI had set up. The rationale for this being appropriate was that the fake links suggested that they led to child pornography.
As at least one noted we....
Posted: 21 March 2008 16:30
When SSL Isn't Going to save you
Posted in: Information Security
After many years of trying from InfoSec and general IT people, users are starting to get a better grasp on the importance of looking for the little lock icon in their browser and https at the start of the URL when they go to enter sensitive personal or financial information online. The more involve....
Posted: 21 March 2008 14:34
How do you do. Please state your problem.
Posted in: Information Security
It was a sad day for AI enthusiasts everywhere when it was reported that the developer of the famed ELIZA software had passed away earlier this month. Even when deep in grief, ELIZA could still provide that old reassuring interaction:
>> Hello.
How do you do. Please state your problem.
>> Did y....
Posted: 16 March 2008 22:15
A Simple Demonstration of CSRF risk
Posted in: Information Security
Noted Web Security expert Jeremiah Grossman has published an interesting article that is a welcome reminder as to how easy it is to sniff out whether a user is logged into a website, from another one (i.e. Cross Site Request Forging).
Using the method Jeremiah describes, a request is made for a r....
Posted: 15 March 2008 15:34
Somebody has to do the Dirty work
Posted in: Information Security
The team at Zone-H is currently questioning the merit of continuing to update and maintain their well known defacement archive service given the negative sentiment directed at them that many people express when they find out that they have been compromised and the discouraging trend of site defacers....
Posted: 14 March 2008 22:33
Microsoft Security Patch Advance Notification March 2008
Posted in: Information Security
At the end of last week, Microsoft provided initial guidance about the patches expected to be released as part of the March 2008 Security Patch Release.
This month, Microsoft are only planning to release four patches, all of them rated as Critical. Based on the information on the TechNet link, a....
Posted: 10 March 2008 18:30
PayPal and Anti-Phishing Recommendations
Posted in: Information Security
Earlier this week there was fairly widespread reporting over a claimed incident where a Mac user was advised against using Safari when connecting to PayPal. It was claimed that since Safari (and many other browsers on OS X) does not alert users that they are visiting sites that may be phishing site....
Posted: 6 March 2008 21:03
Malware Doing its Best not to Meet you
Posted in: Information Security
It might seem somewhat of an obvious article but a recent piece published by The Register is a useful reminder for those who may not have considered that malware authors do their best to ensure their new releases are as undetectable as possible, including testing against known versions of antivirus ....
Posted: 6 March 2008 20:58
Using Bleeding Edge Software can be Harmful
Posted in: Information Security
The title of this article might be considered somewhat of a cliche, but there are companies that still insist on operating with the absolute latest software versions as critical elements of their business operations. A local Linux kernel root exploit was disclosed via 0-day code release around Vale....
Posted: 6 March 2008 20:56
An Interesting Certification Challenge
Posted in: Information Security
In an industry where there are more certification and standardisation options than are really necessary comes a new certification effort which is looking to make web application security at least somewhat standardised.
On first look, this is a good idea and should provide a baseline level of co....
Posted: 4 March 2008 15:45
Posts from November, 2024.