Home page logo
/
basics logo
Security Basics Mailing List

A high-volume list which permits people to ask "stupid questions" without being derided as "n00bs". I recommend this list to network security newbies, but be sure to read Bugtraq and other lists as well.

List Archives

JanFebMarAprMayJunJulAugSepOctNovDec
201413371064030
20136228356163668204
2012139169721302022191581043079319
201120321413710314811115211120890122145
20101211111941661021032031083093949116
200925222629012828718722618618715513248
2008522537455348390290345229236376224217
2007411387275446632291260380432330326382
2006552406466410352339413354385412441415
2005454369525485319357433555461697531370
2004538454805439342371451313453606637466
200344660945559652293942210971118673712579
2002480734597

Latest Posts

Re: Windows Active Directory Domains Kurt Buff (Jul 22)
I'm actually glad to see this happening - finally...

Kurt

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase,
install and...

Re: Windows Active Directory Domains Tracy Reed (Jul 22)
On Tue, Jul 15, 2014 at 09:07:21AM PDT, Tracy Reed spake thusly:

Another one just made headlines:

http://www.justice.gov/usao/txe/News/2014/edtx-hippler-hipaa-kummerfield%20070314.html

Re: Hashes/encoded for a string input Ned Fleming (Jul 17)
On Wed, 16 Jul 2014 12:57:16 +0530, arjun () openmailbox org
wrote:

md5deep/hashdeep available at:

http://md5deep.sourceforge.net/

A compiled version that runs on Windows is available as part
of cygwin, but may be available elsewhere as a standalone
binary.

Re: Hashes/encoded for a string input !s3grim (Jul 17)
Search for EnDe(.html) on github or the OWASP-Site, it's quite nice, but be aware that it does *not* work with IE.

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how
it benefits your company and how your customers can tell if a site is...

Re: Hashes/encoded for a string input Stephon Thornton (Jul 16)
With a simple google search of "Hash generator" I found
http://www.insidepro.com/hashes.php for an online hash generator.

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how
it benefits your company and how your customers can tell if a...

Re: Hashes/encoded for a string input khaoticdude (Jul 16)
With a simple google search of "Hash generator" I found http://www.insidepro.com/hashes.php for an online hash
generator.

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how
it benefits your company and how your customers can tell if a...

Hashes/encoded for a string input arjun (Jul 16)
Greetings!

Is there any convenient way to compute different hash values / encoded
strings for a string?
Or a bash/python/perl script that could facilitate same?

@

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how
it benefits your company and...

Re: Windows Active Directory Domains Tracy Reed (Jul 15)
On Mon, Jul 14, 2014 at 08:02:35AM PDT, Mikhail A. Utin spake thusly:

UCLA employee:
http://www.amednews.com/article/20100607/business/306079969/6/

A nurse shared data with a spouse and went to jail too but I can't find a
non-registration required link. There are more. So it does happen...

Ruxcon 2014 Final Call For Presentations cfp (Jul 15)
Ruxcon 2014 Call For Presentations
Melbourne, Australia, October 11th-12th
CQ Function Centre

http://www.ruxcon.org.au

The Ruxcon team is pleased to announce the Final Call For Presentations for Ruxcon 2014.

This year the conference will take place over the weekend of the 11th and 12th of October at the CQ Function Centre,
Melbourne, Australia.

The deadline for submissions is the 15th of September, 2014.

.[x]. About Ruxcon .[x].

Ruxcon is...

RE: Windows Active Directory Domains Mikhail A. Utin (Jul 14)
Quote: One might argue that the possibility of jail time because of HIPAA provisions or other laws might provide extra
incentive, but I haven't seen much of those kinds of penalties - yet

Here is well-known example of MGH (Mass General Hospital) case, which paid to feds around $1M after a loss of a memory
stick with a few hundred EPHI records. Monetary, even a small organization can sustain such DATA loss, but the cost of
conflicting...

RE: Windows Active Directory Domains Mikhail A. Utin (Jul 14)
Hello,
Quote: HR data isn't so much more private than other data (IMHO) that it needs that kind of special attention - the
intellectual property and/or financial data and/or business processes require pretty much an equal level of care.

Not really right as HR deals with personal identifiable information. See, for instance US MA 201 CMR 17.00, or similar.
PI, i.e. legally protected personal information, is at least one record having any...

Re: Windows Active Directory Domains Kurt Buff (Jul 14)
Going bankrupt because of regulatory fines (or just paying a big fine)
vs. going bankrupt (or losing lots of money) because of theft of IP or
hacked bank accounts isn't much of a choice. They both are outcomes to
be avoided by exercising due care. One might argue that the
possibility of jail time because of HIPAA provisions or other laws
might provide extra incentive, but I haven't seen much of those kinds
of penalties - yet. And, if...

Re: Windows Active Directory Domains Phil Fagan (Jul 14)
I'll take the pro side for academic reasons....

I can see a benefit for having uniq forests for this function assuming
you also have uniq roles and responsibilities. Generally through
object permissions, network segmentation, and proxy-auth access to
protected resources you can achieve an extra level of security. So if
you have a team maintain the HR firewall, HR AD assets, and HR
services wholly separate from the team that you have...

RE: Windows Active Directory Domains Keith Kooyman (Jul 10)
I've seen this done before by well-intentioned admins. The truth is, in my
opinion, that what looks good in theory is in reality not a good practice.
No real security gain is accomplished and there are numerous reasons to not
do it this way.

They would be much better off investing in layer 3 switches and a core
router and implementing a strong and secure VLAN architecture with ACL's.
As you say, you could also use the firewall to...

RE: Windows Active Directory Domains Ocala Website Designs LLC (Jul 09)
Tell you the truth, if the HR department has HIPPA information, or
information that is very sensitive, they should hire someone that does know
what they are doing. No offense, but a security breach is a bad way to find
out you failed at securing your HR data. I agree, keep it simple, use a
single domain, leverage NTFS permissions and vlans properly.

Thank you,

Tommy Thomas, MCP, Network+, Security+, C|EH, MCSE
Network Systems Administrator...

More Lists

Dozens of other network security lists are archived at SecLists.Org.


[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]