Home page logo
pauldotcom logo
PaulDotCom Mailing List

General discussion of security news, research, vulnerabilities, and the PaulDotCom Security Weekly podcast.

List Archives


Latest Posts

Re: [Security Weekly] Source Code Analysis Tools Jerome Athias (Jul 23)
I guess you already have all ones from the Gartner Magic Quadrant for
Application Security Testing (AST)?
Are you including both DAST and SAST?

2014-07-17 0:34 GMT+02:00 John Strand <john () blackhillsinfosec com>:

[Security Weekly] Source Code Analysis Tools John Strand (Jul 18)
Hello all,

I am currently doing some research for SANS 504, and I wanted to expand the
commercial source code analysis tools section.

So, would it be possible to provide your opinions and the cost of the tools
you have used?



[Security Weekly] iPhone Podcast app and the Security Weekly pocast James Costello (Jul 16)
Was wondering if anyone else is seeing multiple copies of the Security
Weekly podcast on their iPhone - as in
Security Weekly - 8
Security Weekly - 8
Security Weekly - 8
Security Weekly - 8

You get the point.
New folders appear just about every day

[Security Weekly] Ruxcon 2014 Final Call For Presentations cfp (Jul 16)
Ruxcon 2014 Call For Presentations
Melbourne, Australia, October 11th-12th
CQ Function Centre


The Ruxcon team is pleased to announce the Final Call For Presentations for Ruxcon 2014.

This year the conference will take place over the weekend of the 11th and 12th of October at the CQ Function Centre,
Melbourne, Australia.

The deadline for submissions is the 15th of September, 2014.

.[x]. About Ruxcon .[x].

Ruxcon is...

Re: [Security Weekly] Windows networking training Robin Wood (Jul 16)
The only things I'm finding in my local area are the official MS
courses so might have to go further afield. I'd rather do something
generic and standard, like the CCNA is to networking, as that is
likely to be the type of things that the majority of admins are doing
and so will reflect better what is there in the workplace.


Re: [Security Weekly] Windows networking training Robin Wood (Jul 16)
I'm looking to understand how it all operates rather than how to
secure it, I'd rather get a good idea of how the basics work first.
When I do do a course on how to secure it it works well to compare it
to what was taught as that gives an idea of what people learning today
are missing when they do courses so that I can exploit it later.


[Security Weekly] (no subject) bteegen19 (Jul 09)
securityweekly mailing list
securityweekly () mail securityweekly com
Main Web Site: http://pauldotcom.com

Re: [Security Weekly] Unix Wildcards gone wild c1b3rh4ck (Jul 09)
Hi , actually with some coreutils doesn't work as it is mentioned in your
blog you need to check Linux Secure Packaging Policy by Dmitry Levin.

Best Regards ,
Hector J.

2014-06-25 19:22 GMT-05:00 Jamil Ben Alluch <jamil () autronix com>:

Re: [Security Weekly] Windows networking training Sherwyn (Jul 09)
Hi Robin,

I would say stay away from 2008, and focus on 2012 or 2012 r2 courses. I
would also recommend looking at pluralsight.com to get an idea of the type
of coruse and content you are looking for then you can find a classroom
base local class in your area.

Hope this helps!

Re: [Security Weekly] [advisory-board-open] Pen Testing and the Canadian anti-spam law Adrien de Beaupre (Jul 09)

wouldn't it all come down to permission, i.e. consent of the organization
receiving the email?


On Tue, Jul 1, 2014 at 11:36 AM, Jamil Ben Alluch <jamil () autronix com>

Re: [Security Weekly] Windows networking training Ty Purcell (Jul 09)

I had done some basic AD stuff way back in 2003/2004. I took the SANS Windows Security Administrator course and found
it really covered how to do things correctly - AD, Accounts, Delegation, PKI, etc., etc.. You might take a look at it.
I even sat through the Windows Server 2008/W7 version again a couple of years ago. It was still great content.

Jason Fossen is the author and instructor and he does a great job.

- Ty Purcell

Re: [Security Weekly] [GPWN-list] Pen Testing and the Canadian anti-spam law Ty Purcell (Jul 02)

Is there the possibility of properly crafting the Statement of Work and Rules of Engagement to comply with the law
while also meeting your pentest operational needs?


From: gpwn-list on behalf of Jamil Ben Alluch
Sent: Tuesday, July 01, 2014 10:36:16 AM
To: advisory-board-open () lists sans org; gpwn-list () lists sans org; Security Weekly Mailing List
Subject: [GPWN-list] Pen Testing and the Canadian...

Re: [Security Weekly] [advisory-board-open] [GPWN-list] Pen Testing and the Canadian anti-spam law Aaron Moss (Jul 02)
It seems like if you have a written statement specifically addressing what
methods you will be testing with (including the phishing emails) from the
business that you're performing the test against, then this would be
considered an Opt-In from the business itself. It would need to come from
someone who has the authority to allow it, but that seems like it would

Naturally, check with your legal counsel on this, and good luck!


Re: [Security Weekly] [GPWN-list] Pen Testing and the Canadian anti-spam law Jamil Ben Alluch (Jul 02)
That's what I am wondering.
I've read the CASL in its entirety and it gives very little room to do
anything without an opt-in.
Then again fake opt-ins could be crafted, but since you are sending to
individual employees user's addresses, I am not quite sure how it would
fall into the legislation, because, from my understanding, it would still
qualify as commercial communication.

*Jamil Ben Alluch, ing. jr, GCIH*

[Security Weekly] Pen Testing and the Canadian anti-spam law Jamil Ben Alluch (Jul 02)

I wanted to get some points of view in regards to the newly implemented
anti-spam law that entered into effect today in Canada.

There are cases where during pen-testing projects, we are in a way required
to send emails in order to test out phishing attempts, malware downloads

These would have to be crafted in a way that is appealing to the targeted
end-user and often will have some kind of appealing sales connotation or

More Lists

Dozens of other network security lists are archived at SecLists.Org.

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]