A high-volume list which permits people to ask "stupid questions" without being derided as "n00bs". I recommend this list to network security newbies, but be sure to read Bugtraq and other lists as well.

List Archives

Latest Posts

Security Toolkit for dummies exzactly (Nov 04)
I am currently working on a (free)toolkit to pass down to Tier 3 and Tier 2
to be used in the event of a breach/infection or suspected breach/infection.
In a nutshell I want to give them some tools to use to gain further
information about the system and processes and/or malicious tools running on
it. This toolkit is designed for a Windows desktop and Server environment. I
am looking at building out tools that are fairly easy to use and do...

RE: Assessing risk management and imminent decision making process Murda Mcloud (Nov 04)
Dear Brother Barbod Kiani,
I believe that if you read the book called The Secret then all your dreams,
conscious and unconscious will come true(but only if you buy a copy of it,
not if you borrow it from the library). Also, if you send a check for $300
to the person at the top of this list then you will be repaid in abundant
alpha waves which will unlock the neural pathways to the new singularity
which I now understand you to be part of.

As for...

RE: Assessing risk management and imminent decision making process Murda Mcloud (Nov 04)
Haha. The original post ended up in my spambox for some reason ;-)
Is the emotionally and mentally effete CSO a Texan? I find that hard to
believe.
Also, I refuse to offer patulous support for fatuous requests.

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how...

RE: Re[2]: Testing for SQL injection or Cross Site scripting Stoughton, Brian F. (Nov 04)
Acunetix is pretty good...

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of mojorising
Sent: Tuesday, October 13, 2009 4:50 PM
To: Adam Pal
Cc: Scott Race; security-basics () securityfocus com
Subject: Re: Re[2]: Testing for SQL injection or Cross Site scripting

Hi.

There are a few good tools out there for finding web application
vulnerabilites and it's a good idea run them...

Re: Assessing risk management and imminent decision making process Barbod Kiani (Nov 04)
Yes sir, they do. Because I also have a wireless camera in my head too
and probably never gonna be able to get married as a result. But, thanks
to dear President Obama, at least, my e-mails go thru now!

Respectfully yours,
Bob Kiani

W W wrote:

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.9 (MingW32)

mQENBErRcicBCADRCwBtsSjd9Nv3f4A/B3/9g4NECiKjOB8J3Ls06dNsycJp5235
KeM9ESjdsuPzR8+/3o5Ley97h6i0FFWRVbP6Ogne4kqQML36ZFMZxQQqHu8oGuos...

OpenVMS flags question lgpm (Nov 02)
Hi List,

Could someone please advise regarding these flags in OpenVMS:
1- DISCTLY: should it be set or not? I mean, if this flag is not listed in
the flags list, accounts would be able to prematurely abort the system login
sequence, preventing certain procedures from being executed during login.
And when they do so, does login continue normally (without running the
scripts of course), or does it stop at one point?
2- DEFCLI: having it not set...

Re: Assessing risk management and imminent decision making process Barbod Kiani (Nov 02)
Hello Mr.:

In plain English. I genuinely asked for your help while trying to give
you food for your thoughts in return about a technology in use perhaps
at least 20 years ahead of our time!

Having been thru a horrible "Enhanced Interrogation" after my
bleeding-unconscious body was flown to the area 51, had my memory messed
up, got my executive functions taken away and got more Micro Devices put
in my brain and body. Soon after, sent...

Re: Strange repeating probes to port 80 Gleb Paharenko (Oct 30)
Hi!

IMHO, it might be some botnet command center, which sends UDP probes
to check if your host infected. It is interesting in case you resend
same UDP packet back :)
Here is a clue for UDP managed trojan - it is looking for UDP packets
containing word "DOM":
http://old.honeynet.org/scans/scan21/sol/scan21_turner.txt

2009/10/26 boris mutina <boris.mutina () gmail com>:

Re: WAN optimization security kaneda (Oct 30)
You should also look at the security of the WAN optimisation device
itself:

* How do you administer the device?
* Can you apply ACLs to the admin interface?
* Can it be isolated on a OOB network
* Are firmware updates uploaded via SSL or can it be intercepted?, etc.

Re: Log analisys and siem Simone (carverrace () gmail com) (Oct 29)
I would suggest you also another product that is work fine and it
should be most apropriate for your market.
Look for SecureLog.

have a ncie day.

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how
it benefits your company and how your customers...

Re: Any recommendable Windows Server Vaccine program? John Morrison (Oct 29)
Another option is McAfee AntiVirus and AntiSpyware Enterprise. The pair are
less US$80 together. If you have several servers then using them with a
central management system (ePO) brings operational efficiencies.

2009/10/29 Ken Pryor <kdpryor () gmail com>

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL...

Re: Any recommendable Windows Server Vaccine program? Ken Pryor (Oct 29)
I'll add my own endorsement for Vipre. I've been using it for several
months now and am very happy with it. As was noted, you can't beat
the price either.
KP

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how
it benefits your company and how your...

Re: Log analisys and siem aditya mukadam (Oct 29)
Some good SIEM options to be considered are:

1) LogRhythm
2) Netforensics
3) Arc Sight
4) Juniper STRM

Thanks,
Aditya Govind Mukadam
CISSP,CEH,JNCIA-SSL,JNCIA-UAC,JNSA-Advanced Security, CQS-PIX,CQS-VPN

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL...

Re: Log analisys and siem Albert Gonzalez (Oct 29)
Greetings,

Since you didn't mention the need for correlation, so a SIEM might not
be what you want just to collect logs. Splunk has a free version that
you might want to look at. I know the free version limits your log feeds
indexing to 500MB/day[1], but worth a test run none the less.

Later,

[1] - http://www.splunk.com/view/SP-CAAADFV#difference

-
Albert Gonzalez
http://blog.cerveau.us

Re: Any recommendable Windows Server Vaccine program? Kurt Buff (Oct 29)
If by vaccine you mean antivirus/antimalware, then I can certainly
recommend VIPRE from Sunbeltsoftware. Works well, and is not very
expensive.

Kurt

2009/10/28 MontyRee <chulmin2 () hotmail com>:

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL...

More Lists

Dozens of other network security lists are archived at SecLists.Org.